b9b8c850493be6e607e8889371bcb565ac25fada7d27cca10230e50b253b3cd6

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe
Size

933KB
MD5

fc281301d3036bd01fc4ab1a48dc1730
SHA1

9e6b52a0b45ad7bd4d55a98c20b1e15d121a5650
SHA256

1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197
SHA512

fffb60febbca27c3a7a2a6f850bdcb2e6cdc5b170149970e1a9ef00c6f710eb42dc969c6fceda0e0b5e8ad1195a7c217df939cdb398fbfc68d325bc33c058256
SSDEEP

12288:RN1905Lqnnl2Zg0gnW0X7X4sonr1Wqb1bqUXo529tVHP9pwgUVDT33rzzNedKEYl:H8qnnvGRWI0Gnl3UVP3zYG

Score

7^/10

adware defense_evasion discovery spyware stealer trojan upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral7/files/0x000700000001cbd2-1734.dat	acprotect

Executes dropped EXE 6 IoCs

pid	Process
2784	crp9712.exe
3024	Setup.exe
1796	MyBabylonTB.exe
296	BabylonToolbar4ie.exe
1060	BabylonToolbar4ffx.exe
2424	BabylonToolbarsrv.exe

Loads dropped DLL 64 IoCs

pid	Process
3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe
2784	crp9712.exe
2660	rundll32.exe
2660	rundll32.exe
2660	rundll32.exe
2660	rundll32.exe
3024	Setup.exe
2596	rundll32.exe
2596	rundll32.exe
2596	rundll32.exe
2596	rundll32.exe
3024	Setup.exe
3024	Setup.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
296	BabylonToolbar4ie.exe
296	BabylonToolbar4ie.exe
296	BabylonToolbar4ie.exe
1060	BabylonToolbar4ffx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ = "Babylon toolbar helper"	BabylonToolbar4ie.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\NoExplorer = "1"	BabylonToolbar4ie.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral7/files/0x000700000001cbd2-1734.dat	upx

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\escortShld.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\uninstall.exe	BabylonToolbar4ie.exe
File created	C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\babylon.js	Setup.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarApp.dll	BabylonToolbar4ie.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MyBabylonTB.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbar4ie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbar4ffx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	crp9712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IELowutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbarsrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral7/files/0x0005000000012185-832.dat	nsis_installer_1
behavioral7/files/0x0005000000012185-832.dat	nsis_installer_2
behavioral7/files/0x000700000001cbea-1733.dat	nsis_installer_1
behavioral7/files/0x000700000001cbea-1733.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000d0474c60ea32b0d9dda9cc5ed9ce59baceee395af0050572e5832c898c1e1841000000000e80000000020000200000003f36e30e61538419ca169ed6704771e80672d9744e207e40d1d086ae06753bf110000000b6305e859ed831ce2230134f450e494140000000e41c6a912526babcf4948e103f86b818f8d05110438483972ac04c4cdb8af8378c32fd19f628c3372c5b70a1a9c8349fc5cf509c8c357b08004f6ce9b27f2dde	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e0000000002000000000010660000000100002000000066afffde558e099b940cacaf0c94f3953b44055cddcb8a483c59325e6dc1750b000000000e800000000200002000000083fb75b2104ac7aed6a7e8edfad53ed8fc83174aa4a5ae2c42be4171fd6f98a4900000009136486817311a19e0016bbbfcb7f72a0f4523169fc51933c0eae0864f8ad5a5df5c3bc733819a045189661f16a09ee0b76e289468698ccc27bfe34390434c911d03ae7b64ad9249e4dcf23368096b9dfd17fa669120194a4148a9ca309a321e45869c6a6a7fc8cdbe6ce3251aaedf1c6cf51d5a9b8462a33ab49b97f0832daec736d9fca228dff6b3b00da51dd792d740000000709b9656439b53de0f9f698b2d3b9a61cbb50d84383ab1ba3b4d06d764c48cf7dd1e0145fb99525a381376b385172afec81c1ef452b83a55d040957fa3a26cf9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000c6209bf794ede51ed4893b8f87d4b6978dd768d592a2102a72aeb357a6f40c12000000000e80000000020000200000008d9eff0c6766e1071d17e20647079faa2db51aa39471ed98fd14ae5b26b591cd100000008294bcc381a35164fa4f2013537809ff4000000000e258d1285ec7444c6062c2741672b572f999e6313dc191b3f35bb3a3ae479d0cdeb235fbc5eb4d7db485cee6d19b35e6352b382def1b868bc5282d4affa204	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\URL = "http://search.babylon.com/?q={searchTerms}&affID=121441&babsrc=SP_ss&mntrId=a3172b14000000000000ca806d3f5bf8"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000005e52e240d62ff587e2542997618ef225adfce04a0844bb5ea7e460324f518135000000000e8000000002000020000000d3f508d7eb404aa997be12c7594fc223476574d00f34173d11039ffce8a525c510000000a28f9a57b8e44fc4971b8556f29fc11740000000262b525faf02edfe60765bba8c83325c59498810585df7b330ba290099b705c2ff00aa13d883ef66f919ec83cb59e02f2dda3d71e28bb1233c8db104503fd473	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000003b4fb0434fb4e5ad54684557ec8b2d997d4407d38c3e2b7a42191e0bad36c367000000000e80000000020000200000000924b2e05c9d6bf8c1d3bad071d0703ed22c7479b5ac3c58a7aa9515b315cc53100000002e7458b67b8541d59f953d129cfe2cb240000000f2f9825e1db1b1e2c0fe890508782acca31c106637e354c4e1a5fa0ea9a2ed716504c4923d53e92b167db5c9a6cfc9b9ef5e7a8a71ab8fb6892372d7e512685d	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}"	Setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000001915a2159a3fc744ff5a956599f3cd2550cb7962247dca64a72ec5488ccae892000000000e80000000020000200000009135b9c8256ec81d463c04e278874ae8e66ab728fbcdc11e6bf539997f8ec2b5100000005a70ce935d20f752cf94d10e79150c9940000000f385bd92580566f6c7d32b1a488a4282a70cd4cc1bd7455f1cd727cf1de6808d9eb6331d584405d173dc09eec18e88da7fb77b7335b711d4d3fbff839498464c	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\	BabylonToolbar4ie.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000003ff1929336c5fa31a5bcaf4cd3f1bdb280b65980475be94465eef8523e545711000000000e8000000002000020000000acb116e870c336a380d1a196c4ee6afae368eb62ea97a1a0eebbe2fbbf6c621610000000c06689a5e70d4a19c3f4977f3cd3e83b4000000058c959c95b70cf76a009a276ff23ab7feeb034d7c20bf63cf8109c96afb007609f38cd8800e2360f746866a47557f0aa69d9552409bdcdafeb714cbef6220f86	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000003f433bb5d6dd2c76ee72f6fc2e26f6b37e165d0df964db16b8435bd5f1459613000000000e800000000200002000000081edbbd43d9166f47cd907c3cc0ca947f63672a247cfeb7372541d28fefe9a6c10000000c748e4c9de1e33083e3e5e80daf33c8d4000000041b8750c080a81f4e99ea50f1d2350689cfcc420a01ef424e059ab2fa9692386e3061798449f2fe6cd80315f3374d5ece25877bd80d90fa4baaeea1c205387b2	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID="	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB501C51-DFAF-11EF-BA44-CA806D3F5BF8} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000c1eeabe54a80ee25d6630589190237026305119e8716bfffd1c0e905bb0402af000000000e80000000020000200000002e5837f6a464a04d6c29366cab6939cdba713b89d4102be9a72f327db0bcd9de100000009853e894ef5c28ec90481a56699e4eeb400000009bff2a70b504cee16567488f172a965a4e6096ec009a8dd9ed561a36f149df2c0a429b1b5277fc6f0845a8c6bcf593ecf9b02ef031c3d1cbd16e82989e143a32	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444475056"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00ad3b3bc73db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e0000000002000000000010660000000100002000000038b648721c26399366a65869870623637f978cd1f70719873ae0c61a3c54f5fe000000000e8000000002000020000000b70c90a3a8edc9a813b1f55997d78d28869a902e1986a2b3f2e1f6ba035ba90e10000000cee902dbce06e76020fbda7f18f264d0400000007d3e818787eb5b3f47c323609e71ce21e6828f275ac1ab43ef340ad63d628b8c6a7d1c396a3263e06c44c9d33359125c50db06b93cce68c03217f2ea06bd4496	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} = "Babylon Toolbar"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}	BabylonToolbar4ie.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000e90c09bfc68ee0d31a3a6b0005ed894159a3c190a23fc523dd9efdc217c4a8bd000000000e800000000200002000000059a0f5c994e119f874c1536c6024940a5d7ee8976a542cd2bba4fac0be5c9037100000004578b0f56999704444c9a5c9d954c28a40000000548a25db9133a22c4c79033485bfd77a2d2ec2773ab2cd7ed4c8cb983b198c9177844487bc908e3961698d6c3bc6bf08761edd54b29f2e33cca41aa6b9a09428	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\DisplayName = "Search the web (Babylon)"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppPath = "C:\\Program Files (x86)\\BabylonToolbar\\BabylonToolbar\\1.8.11.10"	BabylonToolbar4ie.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e000000000200000000001066000000010000200000006f19e0c5e72d8abb4373f8f3c5d7e42146ccbd7ad5798f134e03574880215049000000000e8000000002000020000000752e118d2c9d1c7f5b499e0d6e74115096282d835709cf271111eb1848f4484210000000aec6378b1bf403f00fca7167cb683ec8400000000c91b52ad5084db9778ea10d7e046bab96c8a438ae4ede8f90fd4e93d4b074a428f0a9e1cb086a4432dedd145dc6b9cbc537ed1bd2be4c2a09c8311ec3d98c18	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e0000000002000000000010660000000100002000000010aa2e2eb4fba0d1c5403b08f0726b04e782593caeb78379df990be43587587f000000000e80000000020000200000002f3bba41f78bc16862c820fde3df48925536286c3c2ea6fc30b2963353dabf5910000000a29c19a421165bf722bdd521033a43d840000000c5d0977ca37d5f9da4bb2866f5feebc4cc2307453e451ef3c9f130f5e5c78973bccf449087e99c8ee7c83080f16ae1a902b644fe23ee4056541e421d388d8405	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID=\|URI="	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000cdbadd436c86382565df25e39e9ebbe2f1242ae07081ca5562255e5a62572ff1000000000e80000000020000200000004efdd031f1ea57f29928ff3188981b09d4df1648241b0432b9aa59e0d813fa7f100000002bdb52180e1a514a7b11a2e7314894e4400000004ba197ded0fbed45a8ed3184c75ad6ecd7f0ea20a73b08aad72ff9898428b3b8606a3780e2613351c3c0128e9618d74150ce59e6cab9bf910842cf7115c8d1fa	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009bcdcfd1830e7044ab0d915cb7a7ee7e00000000020000000000106600000001000020000000ba9b6205e54f22e080afa6120d048dd70bd100804bf265a6ca02d2959e034dc4000000000e80000000020000200000007e009309fbb663a064085f67f8c1b93dcd5cb7f8c30d08aa25cae4e59a7fc690200000007ce87d197477cbae4a54b3f9253753ea0431dc5dc9714bd5919a72d8057f509740000000fcbd6a4e8cb3bfabefbbed011f5d97889a4b95d9eae2ef8a12f92162f1e7efe9410a7fdb0b136081f5c99b578335455ccb234bc73dc9a41f31b249e3a3ddce30	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\Policy = "3"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName = "BabylonToolbarsrv.exe"	BabylonToolbar4ie.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}	Setup.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.babylon.com/?affID=121441&babsrc=HP_ss&mntrId=a3172b14000000000000ca806d3f5bf8"	Setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\TypeLib	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\TypeLib	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\b\CLSID\ = "{B8276A94-891D-453C-9FF3-715C042A2575}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data\dpk = "143169c819acf7a18c1f0bfa67ef89af"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc\ = "escrtSrvc Object"	BabylonToolbarsrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ProgID\ = "bbylntlbr.bbylntlbrHlpr.1"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\VersionIndependentProgID	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\ = "esrv 1.0 Type Library"	BabylonToolbarsrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\VersionIndependentProgID	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\TypeLib	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ProxyStubClsid32	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\escort.DLL\AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data\uninstallAll = "true"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ = "CescrtHlpr Object"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ProgID\ = "bbylnApp.appCore.1"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\TypeLib	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ = "IxpEmphszr"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\TypeLib	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\TypeLib	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ = "IXmlCnfg"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\TypeLib	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32\ThreadingModel = "apartment"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ProxyStubClsid32	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ProxyStubClsid32	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ProxyStubClsid32	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ = "IEscortFctry"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc\CurVer	BabylonToolbarsrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylnApp.appCore\CurVer	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\CurVer\ = "bbylntlbr.bbylntlbrHlpr.1"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ = "CescrtHlpr Object"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\TypeLib	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\b\CurVer	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ = "IwebAtrbts"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\b\ = "escrtAx Object"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\InprocServer32\ = "C:\\Program Files (x86)\\BabylonToolbar\\BabylonToolbar\\1.8.11.10\\BabylonToolbarApp.dll"	BabylonToolbar4ie.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
1796	MyBabylonTB.exe
3024	Setup.exe
3024	Setup.exe
3024	Setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3024	Setup.exe
Token: SeTakeOwnershipPrivilege	3024	Setup.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe
3012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3012	iexplore.exe
3012	iexplore.exe
1612	IEXPLORE.EXE
1612	IEXPLORE.EXE
1612	IEXPLORE.EXE
1612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2784	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	31
PID 3040 wrote to memory of 2784	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	31
PID 3040 wrote to memory of 2784	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	31
PID 3040 wrote to memory of 2784	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	31
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2784 wrote to memory of 3024	2784	crp9712.exe	32
PID 2660 wrote to memory of 2728	2660	rundll32.exe	34
PID 2660 wrote to memory of 2728	2660	rundll32.exe	34
PID 2660 wrote to memory of 2728	2660	rundll32.exe	34
PID 2660 wrote to memory of 2728	2660	rundll32.exe	34
PID 3040 wrote to memory of 3012	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	35
PID 3040 wrote to memory of 3012	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	35
PID 3040 wrote to memory of 3012	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	35
PID 3040 wrote to memory of 3012	3040	1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe	35
PID 3012 wrote to memory of 1612	3012	iexplore.exe	36
PID 3012 wrote to memory of 1612	3012	iexplore.exe	36
PID 3012 wrote to memory of 1612	3012	iexplore.exe	36
PID 3012 wrote to memory of 1612	3012	iexplore.exe	36
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 2596	3024	Setup.exe	40
PID 3024 wrote to memory of 1796	3024	Setup.exe	41
PID 3024 wrote to memory of 1796	3024	Setup.exe	41
PID 3024 wrote to memory of 1796	3024	Setup.exe	41
PID 3024 wrote to memory of 1796	3024	Setup.exe	41
PID 1796 wrote to memory of 296	1796	MyBabylonTB.exe	42
PID 1796 wrote to memory of 296	1796	MyBabylonTB.exe	42
PID 1796 wrote to memory of 296	1796	MyBabylonTB.exe	42
PID 1796 wrote to memory of 296	1796	MyBabylonTB.exe	42
PID 1796 wrote to memory of 1060	1796	MyBabylonTB.exe	43
PID 1796 wrote to memory of 1060	1796	MyBabylonTB.exe	43
PID 1796 wrote to memory of 1060	1796	MyBabylonTB.exe	43
PID 1796 wrote to memory of 1060	1796	MyBabylonTB.exe	43
PID 296 wrote to memory of 2424	296	BabylonToolbar4ie.exe	44
PID 296 wrote to memory of 2424	296	BabylonToolbar4ie.exe	44
PID 296 wrote to memory of 2424	296	BabylonToolbar4ie.exe	44
PID 296 wrote to memory of 2424	296	BabylonToolbar4ie.exe	44

C:\Users\Admin\AppData\Local\Temp\1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe
"C:\Users\Admin\AppData\Local\Temp\1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\crp9712.exe
  /aflt=babsst /babTrack="affID=121441" /srcExt=ss /S /instlRef=sst /mds=7 /mhp=7 /mnt=7 /mtb=7
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=121441" /srcExt=ss /S /instlRef=sst /mds=7 /mhp=7 /mnt=7 /mtb=7
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\08EEB5~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
      4⤵
      Loads dropped DLL
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Program Files (x86)\Internet Explorer\IELowutil.exe
        
        "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\08EEB5~1\IEHelper.dll,RunAccelerator
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\MyBabylonTB.exe
      C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\MyBabylonTB.exe /lng=en /babTrack="affID=121441" /instlRef=sst /aflt=babsst /srcExt=ss
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ie.exe" /lng=en /babTrack="affID=121441" /instlRef=sst /aflt=babsst /srcExt=ss
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Installs/modifies Browser Helper Object
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:296
      - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe
        
        "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe" /RegServer
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ffx.exe
        
        C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ffx.exe /lng=en /babTrack="affID=121441" /instlRef=sst /aflt=babsst /srcExt=ss
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1060
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\08EEB5~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:924
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pdfbooksr.com/Fred%20Astaire%20A%20Bio-Bibliography%20(Bio-Bibliographies%20in%20the%20Perf.zip
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\uninstall.exe

Filesize
195KB

MD5
d5cafd1094c003ed8b5ee0769d40468b

SHA1
36accbcc1114475aae0195d193f9d0a0d978cf6c

SHA256
938703cd98e89398e129ccbea6ae0546d8aa5eb90bbaf96c2ecf18f88852941e

SHA512
0395cf4e48ef1f49793eac95cb25089c4a7c24546af65080d8feecdda7532a461a13596cad928550926a90ca971ed7a9bd1cfb651ee1d1d18133e01912228d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d717fa7d3237764f673525dff37b3ec4

SHA1
2612e338f900d1cffc2ad642eddd8f72892986e0

SHA256
d12f42ec5666df98d4b590266868aa2398d20c220204b292998b799aabe0cd31

SHA512
e0ae788fe1ba26b954035d7012fca1cf6031a2303b424adcaf3541901adf90e307583b7aed15dd060b7c8f8b2d7be6b5021efc02bc75fdcf22519bb141358f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb6a6af92de904fe74329e3d139dc5fe

SHA1
fe52018f4ff3f48df930893a5d136f908187da01

SHA256
7fa009b4c15fc5ab4e466da5f8de368089473ec313d13d6dc96f3d69245b2598

SHA512
8a4492025298f5c1effe2005c846d217230d24522751800190d6a370132e809caeb2d4328062646f222ed117282d6cd4782103e399dba6f6abdc122ab2791962

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22f206bbb758aaf7cf04eadd21422267

SHA1
6fbb7aa6cf7881f8c81a7dff12079118520996c2

SHA256
7cd57ccea7bfe34b6fccb70d225446eb89f3c8339e56f123d9658d9bd132810d

SHA512
650c215ea16ab45ed19e8db9bd22d6ad7fc753581c83dc501fd43d82dbbfa935ad8edff00082da2f16134344e7f08501252377456c1ecdc98eb1b456283f340d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9d3817ec359a9c83afc35940e83000a

SHA1
850ba5c39e04c0e7c175e99eb2f40eb14dc4bdd6

SHA256
0a336bf880846c5f0fbd8f09f1d4c2544ffd698b482922276a1ce89b93cda69c

SHA512
0193fcceb789289e02f83ac7925268caa351c8f5ca4bd6f8be9954fa97386d46f58c1352533976a6a22979a93b297baa95cda83504e3fcdba69fe33b5603dd3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b01a73c05c474699f41db44d7c7a920c

SHA1
8db5a452a06088ab9787db11fe1d14c6c1c7a48b

SHA256
48f5a72dc9226bef54816b3d595930302a2741945a6f2cfafa4d164a65640404

SHA512
c5eb9ab69f226ff801b6e73c6a603bcfa2ec18edac7be59dfa944eaafddd84ae370242e62b83765ca40e5075f697f979f68d6809b203a7c0178fcd6a90c143a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1694bf243fe34c6d76f29bc6ed5dbfe0

SHA1
16b05039e597a0b2730437cacdec32535a3c35ac

SHA256
0957d060ff822591950424b7e301a893cd5618fcc4aebbeb0a0872df70415e71

SHA512
afb4e25eca8c3119ed3e8822a097b5e9744b23850d426e865b18d863a0f00e7e7accc112d6370b4cd96dc016c50610e642a7a2e633edcc527ffaf262131b30aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffd0828cb24c8e606099115ebed2e29f

SHA1
de14fc15c00d79a348b543a08f08ea34fc9f461d

SHA256
89765a6b47f653edab349a028bcd4b9a670f30271d3aee8f6c832cb01419bc6c

SHA512
36727ad6dbca72e5a211fa5c0dc071fd015c8fe9a136e9d53c018e6fc2f1d1f052680aa91bf3e722ef78c3c4b9997c716e0a18df86613428f41dc4c47dd46bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
629ab4d15d15da7c5d91060bc5628a17

SHA1
7a67ed10ed05e2bb5b12bcdc999b03a1c846c390

SHA256
b4427c36e1d8ece1387d007ff4dc51c1d65dcf8e85b9ef762591cbeba69ce144

SHA512
c7c71c62ff60f2ad9ccc3b706a6bda6a2595951095cf3cf386b768eab3509e5bdb505f3db350cbf8d941e11cda9dc25b2d39433747c8dea512e89ce7d21c0ba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbfc29b2e3fbf1f252a51732cc4a6cee

SHA1
94298e04fc5bcfda89b7e6e930270b6d4286f584

SHA256
a4d452a4ca94112fe79c98a786673a3c75c5b13aaf3bafcd04b544050c994eb8

SHA512
4cd3e4a525347b05025bafe5f466a25216708254c382d9fda5cc604eb389f72d4266e37ad6be86b552b0a283cb0560a7f45200e5b55ec219ed1c2c3ab708a310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e73dc013a465582d246aabf9cda1e097

SHA1
b03ca4d108ed6d3ecff95f2814c34bedd4aa7d98

SHA256
48a52ccbfb60745253a9336383d70ebc3a04fcea7505a91a58b4f3a95f4ac955

SHA512
686f7f503280e3ea2c4d79b2453ae7be29029faebbe8ea119c1a629d554b22795814113cb7b3771c63be38eff3eae2be041d0ceb19a392eb0863621cd6c32c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4775eb3463daed68becf31784d2c561

SHA1
7214a438854fb7edef5b765cf8a5520e4a257e53

SHA256
9b6298917a49ad08e0d7131220af55e5c30bb7cbdcbafe95cdb2e53b11c2cb7f

SHA512
dd630b531c17b80c30f2623fb14b10abe41ab85ae34a217e7fc6595d4b7d4b468a7533acd298db2688404b6e05fdf03459aa421d9c44ae2ff394bc97a344e3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dee9e745c0518991d4526d2f3109a47a

SHA1
951c593096c47d1586d5faa3c920a9a9a7f6c869

SHA256
0e23fcde5d2779f785d4c17efb25c1c58fd3221ce65a5411ce58d8750c54084b

SHA512
8a76a28a09d32ab9903f029526686859f140172909197851cfa0482cba200dee7360c5efc04f283a2714229d7fa2698352a1c01bd169305a8e598eabfe42905b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f49f0946117e6e17682da66c7869cb4e

SHA1
bddab65f382b461ef920ac29d517a28809c05fb8

SHA256
4aa3fda79756d3f91446545e580c5274c301c4c5b6f120f4daef54a38797b954

SHA512
bedd3f08d0b3ddd5541745c1d559350cfc78bba8ecdf515dd4d617323962140385b132137afd0288e46d86535550733e26887c0f094f8c6ec1bd5596a63f0c08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c188b7e8dd1edd9ec917acba20958b2

SHA1
ec97364616885bafac40861f73ddd3b2d1b41758

SHA256
6710f92946300e3781b5e82a3e9f81bcdf1a7709fe79500c3b6d3daa93fb68ca

SHA512
19fc1ca46fe2c8013546d496a22c6292a3fb7b633db94e7ec385b328d732ffe869e6fbea0c03577b257e5d1e30d3615b2157ee8a8e4381fc5a5f571e66507a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b634da86fab8793f4399f40d3512bb8

SHA1
293c8c8270d946f6a6ceec61422fc51165c656b1

SHA256
deea10b3661f129cf13b06e322f21a604224cb760e415d590787d800352a7cdc

SHA512
46386e278e42733a7a772f4ec622a924d655076aeb2eb7471f71972cf77303d77a23be10e6a7b76fe802189240627f2787d72ae765d5e5bf5d139f042e180642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4be3a9d62efd7cceb21acb96b2bbeeb4

SHA1
658e26e85965d9710f7d4506364b6556b82b0b97

SHA256
c9406f94942cc7048c33c9e2fc94e64e3197874e03f2a72f6cfac26bf20c6120

SHA512
820297d8f20a27e7cfb2d8483d9743f2f522f50956cfa8f5dde01b22f0d29e9fddd6462c5b683a4d789ee56e9bf462cf7cebfd5c4c877999d9324bc358160cce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
650acfa84144ebd2732ced9a329cca49

SHA1
42f378d505819a4fd56027843e2da669564af074

SHA256
6e6bf7abc079b98082779fb07af6800dcbecc27ef0e13ac06fcffba0f738e2e9

SHA512
98fcc580e5c7a8a783bd08a10e2eb0edda9c107b86e392387b3109431443438a3b607d792d007a64eb9f6c6132b6988c582e676db22b52430cd1de6fbfaf0e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d47c425ade5f4c5a1e41523b7f0fd39

SHA1
2fbb5b60fcf69600c17f0140cc3ea3b0239ef7d4

SHA256
85be438d9b0693555e8a44c565297614abaaa1c778204cb769b4fc851e8bc29d

SHA512
342d77437f7c2d41ff22d03318d586a5517f1b8e6436e21fe27337cd2ab95fff9ea5dbb4f18d27333c1550701c94a5eb43340cac497b05197d0182cc28213528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf97f655ca844b2ef438255405d288cc

SHA1
1c56db8ba526137ec4f472ac226e597d6bbe68b9

SHA256
3b3f73190d37e74ffa205f4c00706d870f6231ccb0c437297ce7957efcedcf68

SHA512
9c937a0dc7e6d01f7b537b2012e8c0bd0787934a54d7eb7f385277b7b8341d854a9559f5adaff4a6f7c082c0620749d85616db19de27e776a1acfc447a0713cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2275045959e198208f5fe1fdcf8b162e

SHA1
293a51cfc1bbc7f061156f8d2698799c1e171b29

SHA256
9a6ff0d9158fa485863c9b5d5ce926b20e9c7c7a699672eb243e6368b0e2a4f0

SHA512
b7cb90b863e09633bca78d277b8c4bd457243cbf2b60fd6e0fa60f499a290d7cc9882f3b83cc9e6b896ca5d1d2a22d2a799ccacf74694a7c5d0e30c673cdcdf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f93a1493b5cbfadbe19e299ddc6eac3

SHA1
1a7908a6e7f27e796474803d169316463325d04d

SHA256
b60eb134e910f07069ccbea769da209c51be23b8c8f9459020cf4e958584ba2d

SHA512
f2e1503152f728c3323f74d3048ee597c2669647a93c0ce5e5cf1b354ef26ebd5ea4f21161a847cde6cbf58015eb40112c97cc1ba06098b874d24c5c958c4d88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa3fa66d53383f313d2de5de5a82ca3

SHA1
d6338c74743bec8d971e4d5240c98148b8d38a7c

SHA256
a59f776dc43c55ba95ace5e8ccb4f5c02fa829eaad8b2607db57d5fb66c5627f

SHA512
9399bf55265a58daee0da08e08dfc48176f602605bead5f1c5dcea591b8d0b27a144432b23ffd0c9de4b1791b3bb43d3e0f691a23b672e3b333cf4bc4d0c9958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
394ad44d06496e7c6b06215c9cc23df5

SHA1
7cdfdffdb93b2023651c9ec3c102159d7fff516f

SHA256
ad40baec4f378fcb9228bd4f753725b8c9a17f2579e9d81bfb8438906fc191a4

SHA512
4fd8cddd48f22f738a785efe0910396895df647ad5e83cae3c205309d4f1c11fa3b4f0617a4b8d743e419c9b1f0c2f9b63b3580d786de905333b6f1dba8eba62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c0b7f876e9853b3fe25322590ba4b32

SHA1
387bfc16eb02348a4e0d511ab5713f1951a247fc

SHA256
9a05a3af2937a61730e6f1b96c9eb0c45bd6b7b37ae67c8491e2519199ed72f9

SHA512
72efb083a2be5a23475d4456eea1c7daa4298071af1f4c0e6b6930fa4ea5138840dd70cf58468b85ed6ad810afb2c5df3b7e7c6a65d59a3b6d23983b120a9c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee15ebca7ae320fc530a37cffc95be62

SHA1
f31ecdd7d264b8ac7baa3b9983ab68aaeef019f0

SHA256
ba8cd368e9464ddc061b3808ec044e2c5c4b289e55c538683f4a35dcd4d5a5d3

SHA512
fecb0270386c67c24087469ad2bb04fc9b27dbc43b0f0306b77b044e2f6f54e58a9b567df1238975e7b23fabbc03a0a97a4ea904e14f80b4fe4f90c24f75b8ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ff6e5127e1289b632476cb3f96bb5fd

SHA1
f02a913176a809dd59f6a82ba0a5f3d5c45051dc

SHA256
84004492012cd215bb64844ccc7fe89e8e43b795a946cc7db4dd2468e5795df0

SHA512
9aa93f3e3f5dff930b8179edccd4edf83427fc5c18cb5c9840e009491329d752029221c905a4674a3c56152b44b0519d774b93b1eb6ea7311710ccb740af2c8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75e98b2a2a7cc836cf54428d372ebb3d

SHA1
fdaaff5e19f193a3b2ecbb5b347049800ab8febb

SHA256
1e6cdd29b80cf648913b116015eafc9b314028934e6e46429c73e427b25e2b52

SHA512
f08bed0acce7ea34405b4a9f5439b813cc64405232076f35cd637e91520ff23ba50df7973239a0efa516a3bc9e8fced7a36aac5ee4aa0584c333b1abed504887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
73d0412828a5782f54ef264d695abae1

SHA1
d692930337d05fcc6a82bbb4df727635d349bef3

SHA256
af964bce77fa3710a0765bc6a2352b844d0ab171ed2a879ed18e9e64309af682

SHA512
6e57d2d437c4436717a69a4060b2ddd592862d06f326ad430432161f3b7ba15dd86687906405f2ce427ce0859479798071dcd72f83a42790b0656dbc1c3e9ea4

Download Submit
C:\Users\Admin\AppData\Local\Babylon\Setup\Setup-tbdef.zpb

Filesize
1.4MB

MD5
85499627e8e83a35ba23cb860067b468

SHA1
758d2902f93e28b92c1f422b3d5e16d03835c3cb

SHA256
8b1b99fd1eb29d888fef74a3733d60e3c0b5af2405beea8fe2223fffae79f4d0

SHA512
bd2b00be1b78a37b6b8d6462c358045ddba18d46021c820dbc73c5f62309b0c08d5144d3a65666384a9ba646d6e942791b949b220969a27d307352db08dbc052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\default\Preferences

Filesize
4KB

MD5
7fe5d298cd16d6d65a66cbd194c338d4

SHA1
fdd5a07e3a8367a5a22d03183ee83eef89d16892

SHA256
617cb4cbcef48c0fe386e6b39395b9b6507324be293af339fef42553f9a2ee8e

SHA512
f69486ce6d5cbcd29f2802675f52d2d2f2f2fd5965ed207a34dbfba1082e9773791deeb8ebd1ddceee1101d812b047329395570fdea7151d2669675c33404aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\BUSolForMontiera.inf

Filesize
199B

MD5
bc3e8cc74871863fc921511e2e6cc88a

SHA1
653cab5ba2107004f9525849ff5625d64b83e4c3

SHA256
c9e2a3953cc5ea87716f2a9a16078adb2f9c60318c6f1cfc877885126cc0dd17

SHA512
85f4130758ea38e4ae823e6fbae7448fa780bd295bd177afb4395ddd118c019d1533238e963e5277be453a1cd7681667c4ab06b10004ab8ed890d6e0b9e0529d

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\Babylon.dat

Filesize
12KB

MD5
825e5733974586a0a1229a53361ed13e

SHA1
9ec5b8944c6727fda6fdc3c18856884554cf6b31

SHA256
0a90b96eaf5d92d33b36f73b36b7f9ce3971e5f294da51ed04da3fb43dd71a96

SHA512
ff039e86873a1014b1f8577aec9b4230126b41cc204a6911cd372d224b8c07996d4bb2728a06482c5e98fb21f2d525395491f29d428cdd5796a26e372af5ad4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\SetupStrings.dat

Filesize
89KB

MD5
407846797c5ba247abeb5fa7c0c0ba05

SHA1
44386455eed8e74d75e95e9e81e96a19f0b27884

SHA256
0147b5b11b935310752666fcf1e6afc922b76ff03d01a0d1ee2babeac10ca1e3

SHA512
7399a9228f971698db7362aad28d3f9694c0bf453d4529e48bc7869af0960452cfe1a5f0a5754e7d567d81b5aa1e35be05a9e36ec745e5470d20fd44a61d20af

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\TBConfig.inf

Filesize
23B

MD5
e6d6dbe1e36a9ccc040369ab905e0d4a

SHA1
f7b40129e12f9f8ec3dae49d281ea1b8171642c5

SHA256
24d0d8de57d4bb9d88c6079d19b0efb51c18c8006ddb805fcc6cb7c302f94a12

SHA512
caa6c8ba543b92a49e41b736d560a3dd62651885f3c0c30ebb309e57bc77ec0dd1ccc20ebc6d4ff04d17083f112f3b6427356ff585ed40de6d08b51e6771dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\bab033.tbinst.dat

Filesize
205B

MD5
90713ab7a74884cd36a5fb4cfcdece8a

SHA1
7bb56d08fd69a98e543b923bd0a9156f92a9c473

SHA256
bc40813f6d07dbc1a4d4c74363460d1ad6ee76275729de4c4f10ec40d8cc46eb

SHA512
639d68135fb54264f2e21081d6ca9ffe73a94035982f4a2d7133d6d402cdd3ef4a695eeb61ad173dc6d1b8167d1f5df2be61a972c96f07ac357ecec887a0d191

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\bab091.norecovericon.dat

Filesize
174B

MD5
4f6e1fdbef102cdbd379fdac550b9f48

SHA1
5da6ee5b88a4040c80e5269e0cd2b0880b20659c

SHA256
e58ea352c050e6353fb5b4fa32a97800298c1603489d3b47794509af6c89ec4c

SHA512
54efc9bde44f332932a97396e59eca5b6ea1ac72f929ccffa1bdab96dc3ae8d61e126adbd26d12d0bc83141cee03b24ad2bada411230c4708b7a9ae9c60aecbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\bab307.sp_pop0.dat

Filesize
178B

MD5
0b7be9c4b72c2c5166bfd61ca5ebbfed

SHA1
aea0aa4e8226c1b4efce92e909da773744baa6d4

SHA256
673bf972d308bc6108360575608cf72f393413f2d3993489b06da4a6efc749bd

SHA512
4dcd7ea01b05550acb00b71e7e9fdd52a04fe1cc574655030dcae94b87dad86bfb7973adf9185de03bcacb100fff758b1a2f928fcb951e2b31e320860a2226d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\bab327.ff_2.dat

Filesize
179B

MD5
acc576624b76c140ce6e78885d279efe

SHA1
f5816e66ab9da86bdff210f96399078c36a4af54

SHA256
78dc1600b62ca4aac2ce5c94f7b1973800349ac56804aba4b17c410e0fff4c17

SHA512
449cdfa0a93191ae9d109c689f09ed444ccf53a4b087a9e5005527561c1598233d05396d1b118db6fe6d6dc45c6dc9909238200f8fa8d4a4dbf903deca19201b

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\nse89DE.tmp

Filesize
114B

MD5
4221b6382c6cb300ac6aea49eea6b066

SHA1
ed59d159efa4a96efb988ce7478347cf15b60253

SHA256
b760a077039e396d2f49d83eb7b2fc6422c97e10d737640cc00f894c3181a7f8

SHA512
f52d36a7cb705ea0bbfb516bd36dfd614d5e68c73995a958dc15fe405507b7921bae6d8ca84e2cc80cc743aad308b5cb7e84cda216a7468f908085d681e226eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\nsj89AD.tmp

Filesize
364B

MD5
c9050d020c0b459f0eb6ab1b89c6cad4

SHA1
7a1b72e7c784006bed198bc5cd23fe1b21732bdf

SHA256
1af1bb393e689dcbe7e99f135cd41ea441dc7aa0adbf0b1492d31d6f27767e9f

SHA512
5bd05d78e4637b10663797ef8e7c400c85274d4e1aa991438638d2cb2de580cb26632d73e29370d67376f64c2eec225ef9bece082634912b76869559c6433409

Download Submit
C:\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\sqlite3.dll

Filesize
508KB

MD5
0f66e8e2340569fb17e774dac2010e31

SHA1
406bb6854e7384ff77c0b847bf2f24f3315874a3

SHA256
de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f

SHA512
39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nse8BB1.tmp

Filesize
728B

MD5
2ae956785cdd0ccc2c552b56ab7a68ed

SHA1
de33ccc3adf4abbde182c9ab92ab86ad2b418a13

SHA256
0f286f34c9384ddc1e70b061475137e935ca34d2a9a810c63bca84622b08d63d

SHA512
14e98808c9f7cb36de3c42101cb2bbdb6e19d08d0f25af9d16a6af0a426af2da07e0202563eb5512c54836154875cf4289569af33475947fa85b8b42c3e61714

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nse8F64.tmp

Filesize
1KB

MD5
99b86083eee07b4e9677160133041555

SHA1
e9633727d29ce0cc0d430ac98ebe79c5b7023149

SHA256
8d9332573cb073efc3bdab85ab606ef16e697f31afb069202a115d6b08bb557c

SHA512
4475c14ef41106b382e6a99018e6fa7480560f431723b55c54ac4705c85a7ee813b868fba85b1a7151a303c40314dfe470d2cff6d37f7892ffdf08236e1ec4d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nse90A3.tmp

Filesize
169B

MD5
aa7146096c0845579768f90d28796aff

SHA1
141d990a6712ce0a851f30a42a981d584bf366fa

SHA256
90c1e96183cdf31b0008a36646233b2f474408c4be3ec889a3f8b28db901c551

SHA512
f41bdc67249f30f60f7200ccfa0f287ab688ef8b2dcf8d5f758744e8e51edb9b5ce2f186cbb09faf91cb52e82d95c0b70bad5c478768fefc55f82dab0f108386

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsj9205.tmp

Filesize
962B

MD5
13777cfb9ee78a318ba77fd100274d81

SHA1
f2fe6862ea81c2dab07e01fc2293303b1b127cd6

SHA256
de4f7c8d3cfb89e3d4cc15ba0996ed586caf2c7fc70d6b379bad3da820cbdcf6

SHA512
23dc75c4bc10629695ad4467dba6d2455fb8f9bf63eb28856a75d2eb51062c549ac277dcbbb246791d92faee2910169462d4eeded49a05798d87e3fb1aa77808

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp8B51.tmp

Filesize
419B

MD5
e36113def65e7fcbdd2459e926b9a828

SHA1
d61134f5732a66e25626265a7eb90ae3174c8a24

SHA256
cbc88630294bae69c2de0d376d24c1f9af627f9a748b35569db9fcee4e653100

SHA512
0e337c33bccc42f636059c197806a895b38603537e85a3caf651ba1ff24b1755f9840516aa64f4dcd1a96453824a7ef114eea7690daa592c2d7a415a502880f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp8E18.tmp

Filesize
1KB

MD5
e5392d978978a546f409b56b42436a89

SHA1
5f63fc14ee2745bd236c7bfcd6c0d3956f02a629

SHA256
c6646d4ab249b1f295f77879cdc79a27f7e39039501077fde79669d5e1ab9e66

SHA512
3f17e307435fdf780e488719b827a0f290b241b7be8928eac148a679b0e99aed8f8e31bebde6e9c3c5eed00490b51b9d35a7f66286276718d951b5834ca71e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp8EB6.tmp

Filesize
1KB

MD5
4d860d33df5909c0c378e8691dc86ae0

SHA1
0d59f0e1f14e212b61e34ddbeb6f96b3e79d9c14

SHA256
0682ea9f0a71729da93860cbfd0361fc2346f5afe79abe7305b5c94a9ff997b4

SHA512
519d7b0a20960e312c04606811a242e8ce9a5671a39681c28c4c90be834c047a9fef1c9a16c76eafe611e335990ed573e89a123304a45ad2a14aa42fee830696

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp8F06.tmp

Filesize
1KB

MD5
91121eeb0e018fa47c210865ebc91f95

SHA1
a26d857ce6ba4931afa4e0ddbb413efaa8599f26

SHA256
128e39a36cf79631555e63b6e453b725340779c4e2d2fd0e00c22fe0f53d6b90

SHA512
e38edc5a66262deb93d96e17619c555fcc7349d6b29fd9310d9ed5e12f99e338376a70162c291f55077e5f7eba36d5c4d4ba3502290acbf3efc176fe4d86139a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp90E6.tmp

Filesize
537B

MD5
de5e8bccecde94e3c84f397fdf35c770

SHA1
82b9ca748a921910306d22356c18a9a90332b6f6

SHA256
37e67fea8bdbd8cade63570fe02d3b504c9ad51a5732939ee0ecc5cbb74050e5

SHA512
fd9d9ffa0f120b04cc0db4b3488498641a69c0e6d41422e00431f692b172e6f9f2af203f78a2276215868134a1c01d17a8b91fce5a779c16dd8747200412a21d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp9137.tmp

Filesize
724B

MD5
64c08fd9ba367ba8eda751cb74c4c4ed

SHA1
bcb39f43455bb6133ee4062428dc56bd5ecc12c4

SHA256
d4f6772064c21ba13f58aa7c5712e8ac820ab5fec63ca591ff9642b9e104525a

SHA512
582cec079057524ac6d027457b290c512fed767bbb8ae27ee5a3bc1c61907bf2142aeb36eac269f547555d171f7b66843172a4d95c48829e04358b699755ba9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp9187.tmp

Filesize
849B

MD5
0c5a87d71d35e02a78d7c65be982d340

SHA1
facd2310579443b1c705d7a2bf589944757d0c59

SHA256
7aab28466910cf1ffbaf150bb86335883f3a639ade86126750f6a520e7dd57c8

SHA512
3d149f35f181e9bfced269715be03565c0def0cc72c6daa37e7b1bdf5da95fde5815bfe6b226e9f80edbad00de76d755238df1cd5ab29fcdc0110f8bd5779fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsp91D6.tmp

Filesize
905B

MD5
38f2e427a54544414dbffdd80172b118

SHA1
05f881448b52a0364bbaf097275b1fe7fca24075

SHA256
b6abb8e32c687eb668aed681912cd600cd57bd85423e95efd3a92a31b4602e3c

SHA512
f64d2b33d7acfaf075001cb7455182615c1fb88c05848fae37f8e25484ca106a1529e1af6a16e847cba0554e8a75a58289b691bebde62ab5df39fd67fd26c251

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu8ED6.tmp

Filesize
1KB

MD5
3fd68712bd362255947b24506524ed1d

SHA1
42648878aef1b845cd0497a4173dc2344e3856e4

SHA256
5cd1b590837048ac44439541e03ce5a1bae30d6953a3f47da5bfdf0bd1810eb1

SHA512
99783e0875a5219ee6f375dd8faa1a477f7ddfcba1a99643de3c50dc5dac852a4c2b51f5b000c5d3371092176c11f47e162b8474eaada5df3d26e5b5ac441226

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu90B5.tmp

Filesize
389B

MD5
a4ffb613def973ac6c81d1dd0bb38780

SHA1
48e740cebff5bebc8f23e6f46c4bbffdd0b73a75

SHA256
ed8e27540158a4d6a93ee580b7af31adb2c97763c28cf0909b012f5c629178e1

SHA512
4628ccd3c2c406b77613c15a07f0792a86fcef9c8d1c8f3c3772fe67356842f4989a5b2b2f3103f5189eb2f6d6d0eec36fe610938bde7be1cd305b1654af80aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu90B6.tmp

Filesize
478B

MD5
62fe8ae0c7dd1fec32ebe5f985a45a64

SHA1
2ce8012e5ec875ec48ec4043ba91d050ea31fda5

SHA256
4f5240a4e1da1f79d36b19e314813ac98e80e9e6ba1cd3f182539d0ee4817efb

SHA512
fc47a5309c6174a2b9999acd1e098969a1780cfec6e0845b969726f58d2b7a0c856e0f458c5daf7f55d2d86cae39d0dc676dce637060f2ce1d3f04dbecce5627

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu9106.tmp

Filesize
596B

MD5
82809d2915af57a0fcbb36dfe61ff7d6

SHA1
0a6dac2ef74bed481a92247b431b384f7a2c6515

SHA256
25ac51bf1a689849f9c0392f94c57809b566f3a423310f94395b6d69f99c91f2

SHA512
021d78f13b8b91bce05a0d6afa6fbf63263d0a0c6c9c9e9b1712dfcaac1b20c01ea250b10b276ab964b9c7250b9d4ca02ff3e005b56f1b066427a45fb4d0e90c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu9157.tmp

Filesize
784B

MD5
41ff41ea31dabee343bcd5fbed391f67

SHA1
7a8aafc2d0d0dc6988f2787c65f5fedc576998c4

SHA256
efef7795147aef22c0a27107801dbbb971e60067883a6d2312fff1884f0e5bd8

SHA512
97f7d1a650c3dd7fcf320e2468a0d510ddbc28ef7714ec9d9638e7282f9d51e2e157078170c5c9932ab38e91cb750c2408febaddd90ce380d94170b0b145e1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu9245.tmp

Filesize
1018B

MD5
eb0b1c6715a79510bdcc0314d0aa48db

SHA1
4389332b0d4f6a72f2ef2b65a0aabfbf98a01df7

SHA256
45a143244572f3d25bdbacec7aeeaa914d1e9884f69ea14fe532b9fb3ecbe07b

SHA512
6d1bba0746148fa9c0ecc484fb07ed167d11696f4544ceb1100b40d394d66c14b74526879005b4cbb0423a649234a71786d66bf049b3823f90d0d2122342e529

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsu92E3.tmp

Filesize
1KB

MD5
b4dd797b5fbcf5dee45150de75c1a27b

SHA1
53a7e8e1e0941110e03cf86750294ef9f84105f3

SHA256
7b9fff3ae8908b059d30e8cdbed50d502232b222c89adf8c22f4e38813b36c1d

SHA512
c252f805cac0f0d275f1ba043ebab13e97822e7d51cd9ece39e865a455a451393101555893e82b117c533e5bdfe99a2ecce5938cc0ca4dc62f9356763e418965

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsz8C30.tmp

Filesize
846B

MD5
000f8a71293ab935eee2dff0cfd18f87

SHA1
92bd2bda38a51cc600f10301a26f28ea4aa19547

SHA256
a3c6ce0cc764e1cafbe67b1391153843f09ec6b410f7506d1893f58aab11454a

SHA512
a68c6f8e164c8dc60ef24b1648db276218107aeb1c0be23ed25dfd29034c078851fcc9efc394733b4f4fb0fc559f9db64f56e3d0e73b2bfc4ca0f040f86ad499

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsz8D1D.tmp

Filesize
1KB

MD5
0469567f6764b80ebe89b7d242d45a83

SHA1
44502af163ce3f2c1dcaa43db4f70f5f6b6344b9

SHA256
905743303eb8db651faa2c0191c0bf4ef65b357f53ef6a268c2b2a0c6fcdc7be

SHA512
c9249b411a709eedd7c8526df621c864ae0797dca8f378d840836129d8caccfc07e65bf221401642dfb44a5b9ac5d76d49fd0df67b07beac719c868c9a522eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsz8E57.tmp

Filesize
1KB

MD5
68135f2493656312c5efe0d9db64e32a

SHA1
cba38ab36aebf6e580aba9ccdcac77bab0503f0d

SHA256
10bbc65ff59fe4bbfa4d2403d95263e43bae408748e87f6575b64203531b9500

SHA512
9ff8589ec8dd8197af0912aae5cec5e3d453d888bdb9e7c6992f4d306f47c5a39cbd1765b785796a1e7e01929663f9532f9f8159a34b4f90abc256bf5fcb444d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsz9126.tmp

Filesize
656B

MD5
808cceaa75f884530fa7bd594c2aa6eb

SHA1
ab4cca02dfca0282abddfffe7df2ecbe7f0a2e71

SHA256
800bbec89ea7072880674a0b8c2713cb50925738c9e9de8f9a6583a3373894b2

SHA512
4d1b468e8e505093624b99b59a9dc8db00fa6e8bce36d6ff298c198b709605e3cddd04d086b1dda6f4f3664fede06f9eb966129c777fa5efa8667b79fb55f9f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsz92B3.tmp

Filesize
1KB

MD5
94b7575a9289cda4c926839a42ef189e

SHA1
66f4877239874e118e9281ef684b986c1967bf17

SHA256
4e20ed6055b1ed90bc86864ea148bfdf8c68961c472ae8bc476af7ceddf522f0

SHA512
7a2f271ff63471922302ea410749553d735eb1317549c1322f86d2d6473520ea8c7e080f751fec803382c394bb74ff1e75420eac3084777c50133946cb33083a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabACA6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAD74.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\InetLoad.dll

Filesize
18KB

MD5
994669c5737b25c26642c94180e92fa2

SHA1
d8a1836914a446b0e06881ce1be8631554adafde

SHA256
bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

SHA512
d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\Processes.dll

Filesize
56KB

MD5
cc0bd4f5a79107633084471dbd4af796

SHA1
09dfcf182b1493161dec8044a5234c35ee24c43a

SHA256
3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c

SHA512
67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\mt.dll

Filesize
7KB

MD5
4fae8b7d6c73ca9e5fc4fe8d96c14583

SHA1
10865e388f36174297ec4ecdafd6265b331bfdcd

SHA256
069db1a83371dcd2dd28a51def6cef190edcac6bbf35b81b7ee3c52105db210f

SHA512
73a5547c6d83227a08e2427f2e5eb6abf429d4b5b7e146fcd59b9fb8c9cc6eb9ff61347a3d46f83d0c7adbaff15e94e70bf40660c217f48e9a46a6e310aaf6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp8A66.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6BRHO2IO.txt

Filesize
298B

MD5
cab28bf2a0b09ae01271faabfe484ac6

SHA1
24475bd7f05ad23342912ce3e8fbe5a75d24750d

SHA256
70948d8c4bb79577b07115a9fedcd5adc207063e6dd10dece30d57213108a43a

SHA512
32b1418cf10f5a77797e1d2820f132fc3cbb320f8c3981bf4558cbe9fe52ad26720e50a7bab3b0e52bd061d07d7aff3750ec815b33068ff8d8bd6158630607c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
59B

MD5
f6abf26891434f5c1da533557c20b125

SHA1
183844392b249b47a9d141dfa411e929607fa3ab

SHA256
18f3c4fb52e43871fcc2b2263c8c15ac2f0b0bee6a82c16076a56c2646eee8bd

SHA512
2014574467a054d8163d264a9cb0f8ed85b0ec9957995295eed5abad4ab3fd47c1d4a7632b03f5d531797c7f3b539c0b64cedd1d4a76c88fa09966787b0a307e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
787B

MD5
9345b4370429c377f0d6fc7f61dd04d7

SHA1
87a458b094cf5736e928d1d140a22e3faa98d951

SHA256
1567d3f1ccac0713895756f8368652b2038d70b4618feed4038eed53a973baf8

SHA512
a3971e4b13ce0294058614c8023a8d2c7403c1001c491c8f180aeab13e2856c4cc8d9d1a0cb9e9d76bf94a6ac49dac9dc020315864e22d62d8e865d3740474ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
974B

MD5
ee993ad05011c54b396a1c9634562490

SHA1
9e4aa7daea0b7f83224949fdd2fd71f2b23caac5

SHA256
b7f752dd4faf80a3e2398767c32affe278391e5030c10a97cdd20db2d7c570e1

SHA512
72bde1be490aa642d0c7272afa6d97f09ace23a41dff6c04fd91deb61dfba61843382a2a0a49a603f2e8a05d39d415f491b8d67a708c9b306431c64c6d95a16f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
1KB

MD5
4ade5e5f67ec13e9a9a8b8b08dce8d1a

SHA1
47477e093a91783024fc1b60cd3db94968a0f5cd

SHA256
2f62d2a24706943867e80ed59a4d4ac0ab25f4aa1f94631ba3dae3b76cef1caf

SHA512
914768d3120fe44fb4df84404593209a70a9a634131da62b8b8d0684f9c5052dc275a78e942cdb67b836fe15f4b841340706b4d17ba7de054a9e533dff2019a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
1KB

MD5
6f0dce09720a5a9bd9ddc755308c7de8

SHA1
389f52f17f293b78b50b82ab28c7bdd6c86f6275

SHA256
9e7009d4d1087191314e76adad1919efcbd40c13a305f826104ca91ff40370d4

SHA512
3320a2d58767064f192a15b86432b680ea6074036fddd8cf6f066fe0733bcdf46218c47dd942ad927b8185ddf8fadbd87688a66672d4413da879cf8c2ce6a448

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
225B

MD5
7f71eb48bf5311c40a0b1ca7b4f3ba87

SHA1
1b10b75e152026a991b8852531fff4de5205f91a

SHA256
24acc2058b7794c40b125d513bcf1b09eadb85652f78e9172511ec7eaab19e98

SHA512
b54ae34c92d14af4eebedb52fb61986bc45acf09334bd70ceba7517c3183f684030881cafea23b483ca200a5085191b96b4a04ce092e5308cdbfce8176bd3eb5

Download Submit
\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\BUSolForMontiera.dll

Filesize
105KB

MD5
64bea1da4d76085d0a47ed21450401cf

SHA1
296d8b511c0f7b8b7d0791c522db553f9461ba35

SHA256
80924cda632e20e1ead804b67fe64ce87c2b6dacbe73b9a2ee1904d402b2ea9d

SHA512
f4644bcd3dff71648209caa2d7489b0cc87050271cbddf875439cb4eba3e3fa400acc29703cff231f6a1c6f2097697f2f4387ca265682d8e4185a1242dfeb2d8

Download Submit
\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\MyBabylonTB.exe

Filesize
1.6MB

MD5
7c82cc9aca3eb71e463ff607cd607e3b

SHA1
5ffcc47376a89ec39fba8516694fb37c3b7d2bda

SHA256
9c1b8b8b3372737fe355bb6f4f96fc9b04bcdda5f3bfbe9617d22cbc35a400ea

SHA512
7ef9e92153607646f9eb9dec4fd087e9523df523d4f06eff994698d79ddc4e8e1f681fde13e1eb888e5a85457db558b10ffaf190c17bdc98688a59a90efc4670

Download Submit
\Users\Admin\AppData\Local\Temp\08EEB541-BAB0-7891-82AA-F8EBCD60FE4F\Setup.exe

Filesize
1.8MB

MD5
74af846f2ad4aec60779623fc8bbcd83

SHA1
9f2fbfe260c9111f88e8edc6dfc068d08c1491c5

SHA256
f795ffc4c850a6a214aac740258c6560a72a5a5c1759bb9cd231df2e1a271edf

SHA512
157e612a02e0a6ca87f5d8b572950cc85c8980641bc1f973b20836c1e91d0df0a132a58191a99efdba0b5c4923bc412083b833a12a1ef3554ade745c07a2605f

Download Submit
\Users\Admin\AppData\Local\Temp\08EEB5~1\IEHelper.dll

Filesize
6KB

MD5
9cb62aa0c5c554f2557d29d1601c8347

SHA1
f2fb5115b7d03e90f6e9d4b1f6e882385aa00f5f

SHA256
a65ba80d23494077575f505c20c9f9516aa21b9bded2b7032b6d5e7bc1737fa5

SHA512
0a325a02c323d52c9f374bc22e5182f5f49f485a689b6ca561196222ff18127f84ea7a48ac438277b9dcd1237c983f03eab54606eacbb1f79aadb0a0f84f0cea

Download Submit
\Users\Admin\AppData\Local\Temp\crp9712.exe

Filesize
754KB

MD5
5ac98c84160a9400db448d153c959bb6

SHA1
829d808c091045f45c513a6e4ab17055a52a9320

SHA256
e4f1009192f163aacafc3ac23f3fbce358122040a5dbf99b86c9f4cac9809ecc

SHA512
36f4e7f4c0f2bd647d23714b08d322ff8383e52ede16f5719f09e710e133669586af0ae7c3af2ab98a066724b2f1dffc114437d7d8820e98614b86470ade2376

Download Submit
\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\chrmPref.dll

Filesize
208KB

MD5
241d60c30189b740c9086e34ff259e66

SHA1
7be0132de11c34018b6326d1de20fe9f20dea790

SHA256
8b3d8f239f11b53bc28f645546696441446e9a593be59cbf604fcc28a7e6d474

SHA512
ad342cea73ba3f7e7afc57828abc7320c0c5e39e20f5b06637c565a2b4579f05d81540e02b094776abbb17b021712a0f28e5f62637d8cea04b832e79252dd5fc

Download Submit
\Users\Admin\AppData\Local\Temp\nsp87F6.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
memory/296-1732-0x0000000001D70000-0x0000000001D79000-memory.dmp

Filesize
36KB

Download
memory/924-4038-0x0000000000180000-0x0000000000182000-memory.dmp

Filesize
8KB

Download
memory/1796-3863-0x0000000002A20000-0x0000000002A32000-memory.dmp

Filesize
72KB

Download
memory/2660-38-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/2728-37-0x0000000002A40000-0x0000000002A42000-memory.dmp

Filesize
8KB

Download
memory/3024-362-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download
memory/3024-815-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download