755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

Resubmissions

10/09/2024, 15:40

240910-s4lvaa1bnl 4

10/09/2024, 15:37

09/09/2024, 19:05

09/09/2024, 17:16

06/09/2024, 17:04

06/09/2024, 16:46

06/09/2024, 15:44

06/09/2024, 15:42

Analysis

max time kernel
48s
max time network
69s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BonziBuddy432.exe
Size

49.9MB
MD5

06d87d4c89c76cb1bcb2f5a5fc4097d1
SHA1

657248f78abfa9015b77c431f2fd8797481478fd
SHA256

f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
SHA512

12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9
SSDEEP

1572864:HVGKQzdb8P3XxxOtGpBXFqRDjSghMDDqRDAtzq9:HVcdeXzOoP1OjfgDOo2

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1892	BonziBuddy432.exe
1892	BonziBuddy432.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\speedup.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvcrt.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\CHORD.WAV	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sites.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd1.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\menu.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2268	2572	chrome.exe	33
PID 2572 wrote to memory of 2268	2572	chrome.exe	33
PID 2572 wrote to memory of 2268	2572	chrome.exe	33
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 760	2572	chrome.exe	35
PID 2572 wrote to memory of 1816	2572	chrome.exe	36
PID 2572 wrote to memory of 1816	2572	chrome.exe	36
PID 2572 wrote to memory of 1816	2572	chrome.exe	36
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37
PID 2572 wrote to memory of 1736	2572	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6509758,0x7fef6509768,0x7fef6509778
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2920 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1096 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1600 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3828 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3736 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1292 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3136 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2116 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2372 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3448 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3824 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3068 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3844 --field-trial-handle=1240,i,7845237323383528727,7877618679306866141,131072 /prefetch:1
  2⤵
  PID:1536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
e7d1e8c7d7ae1e127615891f028f8901

SHA1
faf72c7ce71496668c3ba4de21f5ecbcc1c8402c

SHA256
80a7ff152731a1c7d5b2f293577ef830e799a10a6c85bbbb38db456ee56f7122

SHA512
54ff043f49ed4ab4bf3fe2b2e7016c647d776ac0f34d3c2d86ebca13230599f63407352b754f2c545ecca4cf7258aaa6ed912289777b265b77c3323e98507708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5257e6794c96485008f18d9541cce42e

SHA1
848863e71bb142c23c5cf277c127898d8ab8c5ad

SHA256
297bdb69b56bc0cfd8c29f452fb8458a18af8d7305cf6e8277092ba34ef30169

SHA512
7c31204d5c6e2a8cba187e0753e063b2861e316c33aebf6a60ba0f01ec8a0b0a6004d629df4f4416ee057428f63b741861b62a75b6bab9e21385dafa9c6a6b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
395b501e6491f8ff95e99b794a3c5e6f

SHA1
9676cd7951bbbfe38538b1b1c32892ee23e3d0fb

SHA256
fe81b6c131355449f4957093432bfc4bc05dd03fb0758ab466e0685c29ade68f

SHA512
a62eff54c79855d7475061b2ef1e4ebb3d10b4035ac81fed11c741b8bc9a4a482c57b045ba608230d55a10dfb24a50e6cf63798c2ca9b8f25d106f6de2272324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1182bc613488d88a454a467bcb414b8

SHA1
9349ddfd5e5fdadb4af69c640a9446048c768b75

SHA256
34cc21dc98af2f9f249a8ef49a6f53281faed2a1032092be0bd618835f22e560

SHA512
7bf64fcf798325f4b175f4ddc4c3104ff3c9176221b4b73cdad39e25ba882fcbfc4ca0acf1d0fcdf7dc76d740a3d4c6b0e6d1e6f2a570f003234b9f882df58af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b21a402fc23764f2a2d6516e3495d67

SHA1
6fd49daab5b4ccf032cdeb057785ae981be17248

SHA256
03141cc8be469326b64a279e70852dbb4461fed076a7d5c24cae5d35ed3a08e3

SHA512
b116bd9c3c5ef8b36d386881ca58c9a44c55331886370bc3a657bdc4b8a2e582befa8b3170f2176fe8202fc3d3a62d24a235d5483de205254f8d2c2353dadb12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06227a2a538b34ca4daa7e833798de96

SHA1
b19f2fc6abe80e1bdf8b9881628844ed1703e333

SHA256
47622a05914472a1b9f4f41fa57f3e6892fccc8744bf47019611ea3cfb5b7c58

SHA512
d140a96732620f7622fe17c16cdd675383bb3710eb722a58fdf1e4afcd36f4bbd15e3921fbc67cc8ce87a2a8a6077ec286c191c5e534778b4839a5b2a1f6d957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84bc4b849e7e4d1d4ffc85677a0d1088

SHA1
426c06f7a70c51f70c92c3fc2597d8399bc24be7

SHA256
7e8997bbda7ecd24a373665eabe6360a4257c1a3cf2534df4a662a74a783d9e1

SHA512
50cdf122ba6991f42dcffc718425bf7dd139b4e82dd9948a44d7d098cf19932ab55ed0a590eb768cf327bcf4b69145c05b573e2f2a497cde3b767981123832fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7f986446ad676705adf4727bbfef0ac

SHA1
2b18ee200531f457758473ebb1acc831e0d9d2c4

SHA256
9059a70dba048cc3b76e9f2b27bbee7af72bc1ac9ea0b1dc8295ac92b9ade1e9

SHA512
eac3d300a61c438c17e445f01e89f70917fa0b4baf6ccbe6ff434f024e1ad3c64318759d581b42a6a155d9f17bf8bdb4b4dacd364fa3f7c9c956c956db0ae001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a6b8c32e3f913d8cc9fcb701e8a26bd

SHA1
67e8be64479144e409334f9d74dcdc8d416d0112

SHA256
663bb984ab00e317dbc39391bc3996478db6cff765692079b0fa984f850b105e

SHA512
6776e44077687ce06039be8b0d7a52aa8c5eb8aeac38746122d769d0a814590f8457484bd658e2c171a8bc71229b8f13f38e4d3461d8e9dad77623e109270b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a5b5ce03871c75448d3cd12d2b30f6

SHA1
9e3782712407d7534c7124534552da760b059542

SHA256
cdf4d12e19bc840b9d28e4bf36c8a485022b210437c4e4f44613ae35446aad9a

SHA512
01298e634d59b1721e8029363d3c8cf834cfbadd185fc07a905ce06a511c632dafb1cdb50e247cac7da6f1dee0c5f184d5becafe6772e6cfdf26c56f6f8e6ce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d4598e337ed90cb3bf47cc97d2c551

SHA1
979505d0590a5ba1d9e4f27bb77a3304c3fc3695

SHA256
1d122756a38cd911870a82462172246bf6aa5987fd8d1fad4702fa997471659a

SHA512
ca783c96f878249ed5ebe3defeb1500a005d8708d1213c254eef9a465f52735159dab332bb09bc062696b8f32a19f5dab47000223d01be2b7b6483217ec35eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f372865ccd7bbf8208e7f80f5ab1b98e

SHA1
3c6a563cbaefb1d52c57d68b50611b771986f8d2

SHA256
cde9a50466601e57d8b39de3b7abd89217c2628a19d1aa096f3054aafd5fa27a

SHA512
c8814e9081ebdbe175486f5dee2fa51e79ac31f8441f23eac55be8a1b4944644787d47496a11760e348c10e566f40f0d4d8ce5675bb89d00f3674c32ecfd014f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2953aeb5a3ace674f0704442ccf724

SHA1
2aef376ccce4b71294a9eeab6840434e4622519a

SHA256
1aba437facbac59a6e1b5d3f747ed45b77c34dfb624318d1c05df44e27d79edf

SHA512
ccd69c2e603c50a7c029b79186cb7a81c060115b283cf0b5a55b6839f9723446e663344b36f802af959fd25d5b9c7ce09ee8fc06a5c3fdfd26b804992eb46254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d693039e2461d655fc8fc8e4c9557bf5

SHA1
32e31e50af594abe50baa919736571ba0fc465d8

SHA256
02e2508b38dd9be1367411d71f28210d5afef1538794d3a7fd9a6155eed22efd

SHA512
040cf67b4cc1f62edcd27058dc8886c5a7d20639a15b6fae774374c2e45c0ea0233e2eae0a93c5927a011f628e2ca0b6b5d265146c896b33dd1560eb3055ae37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
161184b24cf0696748035f7795231673

SHA1
168ea164c28cc2effb9490bfe861e51dad94d3b3

SHA256
27913192276f862ced13ace9a234c422e44e1b07dc462aea81be9ac870e175e2

SHA512
0fce0e11ca430214e1d54837560d34d4f6f60ecca4651cc0c2d33ffc2cd7c825a0925904b4398e8f2cc55f38e819903526228dd30966fc7ab5d7a1a3cb19e4cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17f4e15954ba3dc101b1a1ec0acd9893

SHA1
e7db612123feb51e5ba25ac75828840b8ffd0899

SHA256
4190778de9f208de1e3e329a18433adfb201eece03029336aef27beefe90da67

SHA512
195e8cb88de62b141f048a2ebe0bcdecec2d49734fff113f14fca982a612b48eef3f7562cd2eb876332f9ea64fd2f6a5c834180925d8ad16add8fe98a9db5bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04de20918a62213bf71d561a5e069f73

SHA1
100e07a173231775d4ef6eb620777ef29a6f9d20

SHA256
954fc08c2080e713a34395abbd73c3aa1340f6d68ab8f143ba492b4eeb9cd508

SHA512
5992a62e59db9213cda143f7f25cb112e378fdf539698eafc206373a1b97625b1026b3500adeccfe78421310cf2b864072f91a77de42c1bc57d4f0dcde2eea8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6116c725e1a635df2de0d3bb6fc094bb

SHA1
08ac68e82108ebfb2603f59bda9f9cce0efc8fc0

SHA256
e39cd4f955b963840fd85fc490a680a9e85eac03186f4d852a3f0a70a67876e0

SHA512
a9443ec97ee25b15d21cd991ac7c053ebf644a25a05cc17f5a354b9f75afbead33e9f8baaf5e8ee71712072e455869e297064d9df1fc2bd911f203c91d3a5120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e29498e7c219a24a0fb8ce4560523b22

SHA1
4154ea268c430193716a4984fef9fbb81626af68

SHA256
38ac1555e25337062efd39cd722247c1b17ae2ec6dbdde07c671368285c232a4

SHA512
5cda2ca57c1fca12def1c1a9ec7db9c0f9cd78660592b189928fa9674620d95505072c5051925511fa1b7deb12f4465da07816c99ebaf855a95aa67cd76ebcb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87a5cc617347d5ad6ec1a804864a6db6

SHA1
707bbc96c416bb850bb89c4e6b1fbdbf7f9fb89a

SHA256
f267136b0d73180e1e55c1744a49e61573dc2e9e1cec1c5d6b2c363d4ed6afb0

SHA512
ad61153eade19ab2341ee7b0c34f776e7e6a3de78459682b625282c7b6da1395620d4f82e39c42c27d5232dc4707196ae1e5b87be7d48ee47b81948662ca58dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
def4615fa308e7e6767878d560253a29

SHA1
10af675d18c27b5713d0e24b49f12e636f1e5b71

SHA256
c612287725414b3348d1ad44f7981c82c2f700d3bea528fbc7c51e3206e2ded9

SHA512
779a4026e66c07111d4adc56ffb2eec64638bacca35e18367d061c48defcb929715620fb7db4c05c9c633144f53e4538522403bd6cbb1f38fda141564bdb9325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
80b1fc48de2c7316930ffddb3d4aa0f6

SHA1
512b409cb73ec6e769877d518d3e472f68206e97

SHA256
6f232b5ecbfebf44886f67a4f8e410d7d3ee50ee579ce56c212df6edf46e07fa

SHA512
95ba3a1d559857de3b54f7ee5c0aaee9207d72d50ac7894313fdc3c1a17b9f85dad9fa06ad4270b45cdd4c6795e52152d240008f207e4dabcc5b028e19e1a4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4c0bc8c6-b5aa-4cb9-bc38-1462bf1e3237.tmp

Filesize
335KB

MD5
9740a0c8127af6c328319a19a270de94

SHA1
7ce0bc261fa22cad74e8fc30e7ea2e5bfa35e1f8

SHA256
8c5b30a5ab57d9b9f47a401ad9207d8fc761c75d48c859d0bab819e70c0b9f61

SHA512
0c6f612cfd2cba0c0c34a62d5fe30950403bd9cc728d6160c03293a23802a7940ebff264405f750bb8b9456abe629868805ecde9b790c61b670b9f479fe167d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
69473ad187440827370a1204cfa79458

SHA1
925a1c5d1dc464983e6a8d23af24f959a03a952f

SHA256
b319b0cb5e0ab36fa32799dc3fa0241a1cfe5d7e9e2599a907df0dbb79a08d17

SHA512
ba62d231d2657c29c8580181388a5df1f481ce75b9d59be4bb02bffdb5878f9ca3cfd94e673e4dc128b708622b86ebe587a5fede74179b6e8a42b7df69a53015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
8c4fca5cd02bee4e9896bb1b20b17851

SHA1
bea3b2c97fdcc719631fb29d69808631e7af0932

SHA256
de73555d094e725a43aab914503780756414bfec649e70ab7bb2239766e68be3

SHA512
3e0560d9d9980a2e9fdc57c9cb1f4a47d40545c691e1fec425c4aeac5fe1c5ed6ef70fd0d94aa3ea9fa59bbdf18d4d69f23b570be33ff234f994451fc5cc426d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
25848c025960ae0748a1e0a151559c7d

SHA1
4f2b0d9a6c3ccf152b84f654d621e37208d79a4a

SHA256
dd7b50c30f9cd28bfd5a53dbb05b0f1386e16bd25f77861d86dd73089f4256c9

SHA512
f47eeca3df58a7eae1335de777883b6affb849b9ff123eb507c451d3f59d9745ba8fe84e4c9593d1a7b27495137a9f502ab4dd1b8208b1067c8d54b8d0807c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cacd740ea4d0de4065b45256d2c40c3e

SHA1
02e5125f4c0012ca2aef44c9cb3a9a8be7e84115

SHA256
f46dec5b0b480aff6e8e8c89b1e96926124a0992c239ab667f891af9d45abc87

SHA512
2a0e252b0240afdbc0852376abb66e0c42f75689cacb458bbfaabb69065ccc7f3ecf498569080abba4a2a6971e15e9b4740fe7264644ad3eef9da531ad343b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f7df3f441255ac9debb5e9b5949298c

SHA1
80febcc983c9c00643d80c7caca2df7a602bbf7d

SHA256
35e9c8b264edaa9430345d4fc1ba97f9675c291b6353798363662ba43292889c

SHA512
ec7e8da2d7496066661f160de924cffed55784af66d33380614effb3b3030b32880a501f89f550b3943a2c7517d1d268496ccf91f0c397a0aedcec4e2f153fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
440f91731dbf7f8724e28dbbb55c788f

SHA1
625c8779c66a47f7ef260ea19312bacfb4a49388

SHA256
2108d6ae8184865c21998edd77948dd50604e3e1d319a7b124c09d52d10b8a8f

SHA512
0819e6db23a6fe510309e6562ebdc76a18141b4e308c3a2d60060924c75b2f14ec0117810dd2caea5c9cf451104315acf8eaf13a6ac7cd9d661072d4864c55f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8a549eb79e962afacb6a2c749bf29ac8

SHA1
7eb62de035f57951e6a096d97d3f994d00253265

SHA256
232dc42305412807e6329a254a9f0d60ad3c42d9d48c1a222f5240d5d4219304

SHA512
e137ca85c6057f99097c6ccdae71d0f61b88d6f167147d68e13a90decd9a9d95b8e9ea6fa733501bf3a70d791d1181ab1ffc759c33c8606c041b17bad1c3207a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
335KB

MD5
78424019d7e5e61ba55fc1cb544195e7

SHA1
846aa162f205928f697b9b29fa307452e5916bdf

SHA256
785ad667640a6c42d860a6a5783a2aa75cf8b015270a8ec1f36a0d173f1e4b3e

SHA512
adc9a7849d007acb0e7cde65212d9f6ab305c57366aebab30aaf4ed5b34ecabcd80ed7f19c0dd60fef85f25dd72bc4ca75b1a20748e9e0705b57f5f3bc0ed718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6692.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar677F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
memory/1892-617-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download