wannacry | 4a52cd7f2d14d93fc2c029c9e3d7534f76aa55fde6ca117f8a239bd621d37346

Analysis

max time kernel
463s
max time network
900s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/02/2025, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RetroMation.exe
Size

651KB
MD5

9fac86f8e7907791b3c635437b6551b6
SHA1

624d6d8729f2f4ba40f6d3da7f45eddf324ddd11
SHA256

4a52cd7f2d14d93fc2c029c9e3d7534f76aa55fde6ca117f8a239bd621d37346
SHA512

633ee268345018170097d04d46ceae2508aaad02538ae3ec3880ff253a7d35db2b5921c805a87b1320de30d05b0ade121843b7b9669a12fa3f0b649e4a30f566
SSDEEP

6144:I/7FG9mpcJ/OD8J8GTyoTp2sPFHCO6bqYi4qzhWd73KsgoxL:I/744aOD8lTyoTp2stCJZiBz4dyQ

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
85	2704	chrome.exe
317	2704	chrome.exe

Executes dropped EXE 6 IoCs

pid	Process
2256	BonziKill.exe
1248	BonziBuddy_original.exe
3492	tv_enua.exe
3128	BonziBDY_4.EXE
3564	BonziBDY_35.EXE
3608	BonziBDY_2.EXE

Loads dropped DLL 44 IoCs

pid	Process
2256	BonziKill.exe
2256	BonziKill.exe
2256	BonziKill.exe
2256	BonziKill.exe
2256	BonziKill.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
2640	BonziBuddy432.exe
3456	cmd.exe
3456	cmd.exe
3492	tv_enua.exe
3492	tv_enua.exe
3492	tv_enua.exe
3492	tv_enua.exe
1644	regsvr32.exe
1644	regsvr32.exe
1460	regsvr32.exe
3128	BonziBDY_4.EXE
3128	BonziBDY_4.EXE
3128	BonziBDY_4.EXE
3128	BonziBDY_4.EXE
3564	BonziBDY_35.EXE
3564	BonziBDY_35.EXE
3564	BonziBDY_35.EXE
3564	BonziBDY_35.EXE
3608	BonziBDY_2.EXE
3608	BonziBDY_2.EXE
3608	BonziBDY_2.EXE
3608	BonziBDY_2.EXE

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1988	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET312.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET312.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\s1.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\menu.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Uninstall.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lhsp\help\SET30F.tmp	tv_enua.exe
File created	C:\Windows\lhsp\help\SET30F.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File created	C:\Windows\fonts\SET310.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File created	C:\Windows\INF\SET311.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\lhsp\tv\SET30E.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET311.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SET30E.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SET310.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SET30D.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SET30D.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_35.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziKill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_2.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy_original.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_4.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
1856	vssadmin.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDayCtrl.1\CLSID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\Control	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\ = "ISSDataObjectFiles"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F95-055F-11D4-8F9B-00104BA312D6}\ = "_clsDownloadManager"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\ = "ComFilters Class"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E26DD3CD-B06C-47BA-9766-5F264B858E09}\VERSION\ = "1.4"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version\ = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsDownloadManager\Clsid	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6549F504-C43A-43F3-B8CD-D077AF0427C8}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4F2C1F0-6FA6-11CE-942A-0000C0C14E92}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup.1\ = "ActiveSkin.SkinPopup Class"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{643F1354-1D07-11CE-9E52-0000C0554C0A}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\TypeLib\Version = "1.1"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\ = "ISkinLabel"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\ = "BonziBUDDY.clsAddressBook"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib\Version = "1.1"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\Regicon.ocx"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsAddressBook	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\VERSION	BonziBDY_2.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "131473"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FEA-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FEA-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\ = "Winsock General Property Page Object"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\Version	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CurVer\ = "MSComctlLib.ImageListCtrl.2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A981630-37C3-11CE-9E52-0000C0554C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4B-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPanel.1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{643F1351-1D07-11CE-9E52-0000C0554C0A}\ = "_DDayview"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsDownloadManager\ = "BonziBUDDY.clsDownloadManager"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\1\ = "&Load Skin,0,2"	BonziBuddy432.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3052	reg.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
1248	BonziBuddy_original.exe
1248	BonziBuddy_original.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
1248	BonziBuddy_original.exe
1248	BonziBuddy_original.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1248	BonziBuddy_original.exe
3128	BonziBDY_4.EXE
3128	BonziBDY_4.EXE
3564	BonziBDY_35.EXE
3564	BonziBDY_35.EXE
3608	BonziBDY_2.EXE
3608	BonziBDY_2.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2664	2688	chrome.exe	31
PID 2688 wrote to memory of 2664	2688	chrome.exe	31
PID 2688 wrote to memory of 2664	2688	chrome.exe	31
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2388	2688	chrome.exe	33
PID 2688 wrote to memory of 2704	2688	chrome.exe	34
PID 2688 wrote to memory of 2704	2688	chrome.exe	34
PID 2688 wrote to memory of 2704	2688	chrome.exe	34
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35
PID 2688 wrote to memory of 264	2688	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
1904	attrib.exe
1500	attrib.exe

C:\Users\Admin\AppData\Local\Temp\RetroMation.exe
"C:\Users\Admin\AppData\Local\Temp\RetroMation.exe"
1⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7879758,0x7fef7879768,0x7fef7879778
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:2
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  - Downloads MZ/PE file
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3964 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3228 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2432 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2440 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3788 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3836 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3944 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2532 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4060 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1492 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1488 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4028 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1088 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=740 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Users\Admin\Downloads\BonziKill.exe
  "C:\Users\Admin\Downloads\BonziKill.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2256
- - C:\bonzi\BonziBuddy_original.exe
    "C:\bonzi\BonziBuddy_original.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2024 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3704 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4472 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4616 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2000 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4028 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1028 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4556 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2360 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5328 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5176 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4800 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2752 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=1208 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3804 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4360 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5212 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5388 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5144 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5000 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4764 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=2716 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3808 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Users\Admin\Downloads\VineMEMZ-Original.exe
  "C:\Users\Admin\Downloads\VineMEMZ-Original.exe"
  2⤵
  PID:3292
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
    3⤵
    PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4776 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2724 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 --field-trial-handle=1192,i,3431391009957838928,13164030588914698797,131072 /prefetch:8
  2⤵
  PID:3812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1252

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x54c
1⤵
PID:1484

C:\Users\Admin\Downloads\Bon\BonziBuddy432.exe
"C:\Users\Admin\Downloads\Bon\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2640
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3456
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3492
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1644
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1460
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:2192

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3128

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3564

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x178
1⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"
1⤵
PID:3608
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:1904
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:1988
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3008
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 208101740241841.bat
  2⤵
  PID:2712
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    PID:1192
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - Views/modifies file attributes
  PID:1500
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected] co
  2⤵
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    PID:2068
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
    @[email protected] vs
    3⤵
    PID:1972
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      PID:2304
    - - C:\Windows\SysWOW64\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        Interacts with shadow copies
        
        PID:1856
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        
        PID:716
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3692
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3808
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4084
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tnwhmlprhins377" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
  2⤵
  PID:3844
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tnwhmlprhins377" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
    3⤵
    - Modifies registry key
    PID:3052
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3380
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3440
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2576
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3236
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2872
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4080
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:2832
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:1228
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2020
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3288
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2516
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:2236
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3400
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3576
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:268
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3668
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4092
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  2⤵
  PID:3412
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
  @[email protected]
  2⤵
  PID:1460
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:2020

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3880

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
1⤵
PID:468

C:\Users\Admin\Downloads\BonziKill.exe
"C:\Users\Admin\Downloads\BonziKill.exe"
1⤵
PID:3436
- C:\bonzi\BonziBuddy_original.exe
  "C:\bonzi\BonziBuddy_original.exe"
  2⤵
  PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d04171093e430125201418e7ae8bb0b8

SHA1
c6aa903ff42b30275a95e876a4f1c06ef3293f8d

SHA256
53da583edafa586219fc7019ad0700c8fa3e01555fa94c4debd022fb9a66adf7

SHA512
6311537e6c1359a4d3b042bfe3d91bf789f9986982c68be2f625ca1908aa21b7c7e46ab7812b44e4ba69bf42ced00697b4f02fd2df9d336c30d752924fce1873

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb779035824944f2d193dbdb4452ddba

SHA1
674033d9f697d6f9c0da9f47193cd6bb3ca6d899

SHA256
d3d5d5e3a83f15732bb0bdc10ee897f778a04fe30b9bf85459dad615936f7aab

SHA512
f691780afedfcf75be8686cb9afe897a6ffb9d64424e44c08c2a7afb12d568cad6eb87df2ce3f2fb9c6fb905fff9cb0d2996c4f37ee1936e44cad6127aa74bfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b51c2fad6b93b59cc03f7763abfbf26c

SHA1
b7a57d1d8f9021a81f39f144bb480079bc782e00

SHA256
867aa23f25da0edca7181f00e1d1d04b1ade165221a2f448774d893eeb4c1cd4

SHA512
749031cbb7ead3f2060bf7eb19cd7add3c647cd75641651b2edd1b9e64ba2a399e938ecde1099a5501a89f8cde8d87e59fa16039a693f1c2166d8bccb1ee5b2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ae1b6ceebdd0f5df4d5adc2d4c4da1e

SHA1
2c56d71b503bdf6a55a9966540ee0a7e919667ce

SHA256
ed77d0b082ed15ecbdd150f313fc2a2d00cf0141a3a9987af672562f3674b10b

SHA512
5f5316319314d5c64d8dbad4f1ebb0dafe9e1c971e1c725488dcdabe7ed496a1971df25f6e5920cf2ef506403447c90b0abdc81ad387277970d70443d78a5634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99ae2f456dc00b795477ab90cb695106

SHA1
8c8c6c1f1aaea3b3bc95a9fd54b904960781f15d

SHA256
cdba11948a8a4954f7106514091792edbfd5c3bd27e67e1dcd02b25a18e7bfef

SHA512
c6a107292d7863b39baa8bc32fb2d2374730babdf148d67de773480bb88435db31bf868d811c9a24464547c5282ca47ea6365eb30b7e35f171691eeee5de9075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bf4568f30f53de6bb40427f77e3ee8f

SHA1
fdc4bccd2b1685f4a5a5f805edf5ae469c39034f

SHA256
2c324c68313be90461b9121acb75c76979abe3740c1ac1625505b8dc9572694a

SHA512
7a111be794a26d275e724ce4973f61fce32224a4a9c3c7477cb357c80321be9b31caad5d50f31879e414ba6e17e89316c8022d3a2b2dcd9659144dacc5ff5ccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f62ee948445023174c19d4b852683a37

SHA1
101498643c818460923c60532585c69fc6cf1bcd

SHA256
9f7f59e5b138ece84e153fb48895085d8e8a63c63f7f4303fdb9dd9f3e3b186c

SHA512
51e0e697f8061e301e529bc3e8dabe761610755251040fcf7d5592587dab62d5f09702a69797d7caacddaaa82b51aa54ed569e998c8c1ae47ddd4111bd9ffdfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8d43de600e9c86ab46404cb31447ce1

SHA1
c770b08b76ba34dcde04587bc480e88c3d0c33e3

SHA256
315010e01544021645493f1bc4f0a9869d253cbb92b5ad8e1ca8e441ab979c95

SHA512
cba59fcf3d179719d8a9b1ec2f40f6c54779c2bae1f9b05b9d8a7e5589387eaf2defb9641ac22fb6dd985bd9c3973326987a7b45aac2656d9722f910497afdd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33dffbeebfc32433cb7a3d25ade2c801

SHA1
3807c85bb8bed557d426e4fcf70936ebf2f80c01

SHA256
df8ec273a70a1175975d54982aba9e4e979c68c17436ede1daf7e278e12e884b

SHA512
8d2927851b1279d73cdf3365777695c3e43881d7b9dd448a2bda43f82ad35201d24f9755ef2fff19b14830b7fa87b36a1583a60cbbcb4e635a9c882f396e0913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5074730f8c34f3ccc3481ebee9668261

SHA1
ef895d67722a8077ed36a164aaccbc843a4888f9

SHA256
d19408df265ed8f795876bf97bfa97912d05351dcaa1a6e545b5becbdee02a28

SHA512
e39528bf9e8394c8a8f18184e0652c80551ecb88aed4e1846dcca9084add746406ec014d3465b77157be1fca5980c349ca2592a0c952a8c3cdbfe3a7863998c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18333abffb2f8c11fa85ecf51c66a93e

SHA1
ebfe4b6472e211aae464772a8c76701a9d916642

SHA256
72d36230489d0aa883cb44cae13332ee8e2777f6b7f0a7e1158a9e71f0c84578

SHA512
f2c7992a4dd407f47e3c056957096c82ab0234599ca24baeb2c2f893125fb132fc64624ec16e43f078ecb64247229f87569ecb82e43aa7b9f519d3a2b71fe637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27578e34da6c8d25d54161d69626bd6e

SHA1
5cb69232d35491eb33cd0774f9d0bbad4098425b

SHA256
c0cd311713886373e9717f623b556d31bdbebe0f41121c951a37d8e27c2f14e9

SHA512
32e5f34a66273b48eb9892a4f66af2424e08037ad29165f3806014f304e51e3185f8daccf34652e2a540d6f8deb580d27754c81bd6a8027b29d58ac5fe39669d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56245b1e8d476f6790529839623012e2

SHA1
39b5a6c39255d4d0ae6a4cfcb5648cf7562a0d74

SHA256
ac2fbfca22ccb1a81dcb332e62db2e1e0f3bf6940bb2e05ca24d0a9e94ab0abb

SHA512
9b09e84987b4c13640222438227a3c5d0b4b43c187d35b1cc609d0bb3b13956c162a7dec24bb6e9dfeda03859800f7b497b0b97a4909c5f300d27d1c09c9792f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4b6d5bd9-22d4-4abc-9e62-ab49e608e2d0.tmp

Filesize
7KB

MD5
93cc6533e189fddba5f7642bb48fe424

SHA1
6028c9e348ea43c056b6ac937b3340fd6665719a

SHA256
3a0715d35785713a211056f995a17865756d91b056d8c5e94ecfab90d1e52616

SHA512
14213371ec567d250dedf81ef96df246e8f17d07616fa999d0ac6a91f4c9a0d5a1287c976f3b45abe49e4e9751438ca89a5bc4aa55ece6550832a65df0858aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
3b37cfe151890ecf2145072e17fe2105

SHA1
454efea7acb1fd3d2d1e2c21c4c57a754adcd95f

SHA256
ab87c5b7a83fe0815b93936f51513b5df88ada2b0dacc65285ef9c5a40e595d8

SHA512
add3c0c7373cbb1e24ca3b15ab92a22d99f877b645a610084f80729a57a05cfe8b4542645b26d7eefcc1a2abe7bda0e39fb7bfd5ece09f94db7ce996ef1bff33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
6f9bcbd9790889389f52578f0c27177e

SHA1
941fcd07ce8c21efda837ce99c2c0c532a153115

SHA256
f83e87421cda34647dbbbd00cd215a7f86445af8b2e550fc88413a757b89caa6

SHA512
8e20dee4c862b915790779e05fbb8bcb61d686c6f11f9bf74f459ebb97979e590c5fa4aec6bd83d9eaa68b2cfd6629144b4123c2a9c6757f777593dad313a0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
71KB

MD5
d87af091edc9d6967c276d02c75b4cb1

SHA1
852d75f588ba754ca33b71f1561d25311d24db30

SHA256
893be5e650984979026ff7f3bb9b62e02f975ad1ca9446b401eeaa0545dd6645

SHA512
a20ce0191ebe688334da42252ddaafa7e21823f514c218e91864a106ec61fbdafe542754474ff895679b7084d9e55b59c4a75cdc63467d169b80e6e6b4ff31fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
412KB

MD5
f74112e5e32b736055f5a92532aafa12

SHA1
e52cb9ea91860507c1d96ff2da64a303b7d07744

SHA256
ee66cb32d5d33cbb08d74c04226c6b81349fffeb6ff52fa6a0cbf0e99a4fb823

SHA512
256b0bd56f8adb93ad20659dc129c907cc665245f1a67b115d8ff5d723d6701449ba865233eda6250ebae7971f6af84b798ba8247149e9c81af1eacd0e3521b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
251KB

MD5
c86c15fac3ce189feb98143ea147abf5

SHA1
adf69796fb701934534fc21da077f379be85944f

SHA256
994a2aeb7ccfcedb0c65726a3bef3d003427237b311628f38a42aa4b79081eb8

SHA512
be4ede9f41bccfd5e627fab4c1c13758388be2a83536ec6045d089505793887d47eb2462f4b993ae90cffbbbf090b63e104e044920641149e028f69bf224b27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
174KB

MD5
c931ccdc94c8f273113c68a32d8e50cc

SHA1
740ca0a3af71d8da363d5fb90b001f18dfb19299

SHA256
264a2cd937893666336b3416b2236737e0eedb4f12997f77a6d6d4dae08707ad

SHA512
82bfd633690e17607140801984793fb302cf8ba8de2704c1c435c2e6e443b8994f5d7e3f91f52cdc4d374c6ac80188405218ed1c371dfa9ff3ddf6295fceea27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
327KB

MD5
2bce461e7a14ad5fbf2b5e93f5ba2760

SHA1
be900838120fcf03471c2c11dc8507dedf822858

SHA256
873d2e198dac77031c26841bbf63ceaae30f07d745401f7f516310bf3db9de40

SHA512
03653701bb6c82bc5d6e9d2ce3ba6f5a2407dc8ade192df36cb9e6b80ec3e3fe7a4f0979bef454c466b73a8a0299aa4bfa3a89b147049957017ea6af5d887c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
77KB

MD5
6a5c68582d07108b30980164eb113a8c

SHA1
2af2735d6835ccf91279ca1d26d0b7f563cba774

SHA256
20329f92cd372d03c92680f0bf542578cdee0dd1735be9129590b5ab37fcfe38

SHA512
f3dffd93e4c083031b587813c9f9232a5b68d4214898c43b536d4998cfac57ac85bb788a388168fe020d6c78458e3185d429bfc191bec2dbe546e2e0fc82207c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
63KB

MD5
68fc333dc1589290fe345797480a6011

SHA1
67b22b5b9f41050ac5287720c6f536534bd70631

SHA256
2440ea14dbb08c847cc25fdb2390443718368685722ff2f7a812339832705fc4

SHA512
e26b56c34a8b84f3addf13a2dfd896979bd9a1384a536d640fda17bd771ffa45b8a47af01a83b7fc2209389d2148518937bf51c5138c323ae98c6bbc083cd229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
92KB

MD5
83e745c48f1b04f94e9248f283ac0a64

SHA1
19b1d347376aa0bf40e2a9bb68f32a0551be43a9

SHA256
58c4aa1b2c9312be1a158899384d6fc4a39ba0753fb204d94548f2658d14fb37

SHA512
4732873420cc701c2f891f21d63503d00016754a50ed042c94e2449bdfcd78c9fd3302f3164ad530862a28be8515206f4a3440ec8b409fbe9259ebd411677797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
20KB

MD5
76363e40c7b68b6178fb19cbf6269fe8

SHA1
705cee19e9b0a4c053c192125ad052494b6b687e

SHA256
0a95457c946cc25986084bad96e1ae857e2ed672db8bf6bfd0bc7f81e7cacca8

SHA512
3187d951a897b21d3c9cee304a1320a363f08b3b7821d9bbcbec338e5592774005b0ab5291861150294180799b287423c7c0b93b42aff4e925381c7a27847cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
67KB

MD5
f593cce72618e8b8cf712e2f7f27e25c

SHA1
886da22db56abc67572951b2388b78eb58671299

SHA256
3d9f3b97330e451de407d7254351d9ea3eed3aebc60ef503666eac8e12720e12

SHA512
8ff617dca4672a54ebc8191fdbd4e0d5520bd9fc9a370a0b88361a2e03fe117f2dd4576decaa9b055ed37ed9366d56fb907bde4440c5ba6b8ccd5625f5a5805a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

Filesize
242KB

MD5
a7d483e5507be58ce00085a0203cbbe8

SHA1
a823a494330ada0349bd36dbf3ea3ac5531fb892

SHA256
23576e91cc525740f68bbe39d085b1d23d4fa42618d5c543b7abdb450783b0fa

SHA512
727d056e162d6020d8ef6d737872f1a19311b7a9335cd90c7c53b9b3eea6bea003478c259bd7e58e033160c2bc8160b53da69d85f1989f9908dea360c51aab6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0be92fc591bfb9ea_0

Filesize
20KB

MD5
8bd84adfb2b5f84a2044a272aaae4970

SHA1
4644ec8e2dd96029014c5c4e462bfb7c23f84f78

SHA256
6df1a7e9337833a2debea468cc704c28f63605f74ef9ea35b10de747304d83ad

SHA512
016691b269abbe66e3493c19e6444d6fc11dab5014664c5fb2fa4380c733a14b3c3bd0e7db93159a33bf2eb8d676941ba8364fc4d93712a3d58a874a31cbfc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2342cf9b198365d8_0

Filesize
373KB

MD5
df8be04bee84dd9e858e1972cc374a61

SHA1
c65287dd3b1baeacfc1698c97f5e8890abda76fe

SHA256
63ad88865b33dd3c8ed911c07ae2ef63c0fc437f87f74a1ca2217f7557daf99c

SHA512
ff366d63ddb4f37a372442acb91f04e781c51e14c2dc771f91720b5f98ba4c5fe67e22e7ae9b4bc5fb7dc43b71ee863552a52983c92f6fdd120650085b48c76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fb246211826f866_0

Filesize
1.5MB

MD5
ae22f3fd5a69a305b4c924db4df24763

SHA1
6ab01601f4f5757ec5b9319638fcc7619e9d950c

SHA256
d844c26fc17e5d3209356b6852810a6fc1312ba8d2fc9b935f3c610d966b5fdb

SHA512
c9f8b53cdb907dab5755a4fc63453e14de1d69cc73ab8edac6aab639304448485f42f0fa0d79211826465ae5fc84dcf5fa9ca345d1b4bea6f58f6071e36c066a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\311b07cd5e8f6c13_0

Filesize
523KB

MD5
275f8bcf982fd124d440f6d7cde1936c

SHA1
0e3d2f6dde61d2d9dd99493c55cdd0c359aeb1cd

SHA256
676e1af3aaaa859a398ae85c1394bf8f3149ed0bc08f1be23c583c6575b25b58

SHA512
1fd655369db30e0ae795a8c3a9cbb0f27558e7ffaa5dd726546dd0ef065268c8843677bea56908450ecab49c49b226f8aebfa919526923f430741b2e67671b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3eb9f866f14fef14_0

Filesize
3KB

MD5
dc73dbd5b86117adf3fe69503bcefdd5

SHA1
22296866e2b8b4c788dcc586f60c35c4115bbb64

SHA256
86dc556b3f4fd6dc8d4a375132a19bb8b8b79f0eb0907ed848c11870bbb2b8f1

SHA512
a6acd98205628e7d531e9bcc78a6c95634012029dc0e2c4389750f9d06a7412325606a5a7fe955b7655a9aa869f466b5d8a60342f34e90c042a8a4fe9a6df02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5085df587a823960_0

Filesize
1KB

MD5
7429a3962bd322715452681cebe27c7e

SHA1
aab5a9be4929c50ec8ee1ed96c50fcd299e9ec5e

SHA256
32513a2ceae8e2d7f2595408c3b4b0d64ee34bc3e3debc7301ea617ee9d5fff0

SHA512
aee6051995bd2ace211b0c62325c25c4e47d70d4eae9791c7e5b1e26aacbf9a25b77cdffe10b207dfe1709773ef410f093121920d7bf5ce0785d5c3789b819af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ee44684ca94f577_0

Filesize
1KB

MD5
239dd301142f03c500fd617ff31d43bf

SHA1
b64c428f0580d6edbe6fb079c808f14627dbf13e

SHA256
edfae75392b7fc72ed0de795b18378d7a329c88fb95bb502a93c64dce4b9b685

SHA512
78d6f035a3f0a5a7b38604a6b938f59af9f03c9af760b7710841308f4142099d3d095433f1d96eee544213a7ab6a11d99c618dc3f2c4e211f55c545930750541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\80e8cbe7d4be2f58_0

Filesize
35KB

MD5
7f40e031d044ccac02a8c465bd456759

SHA1
c7c7ad9732ea532841dfca611add17e217f6f324

SHA256
794f10e4c24422e2d60eb7896e4c966db1915e9519f83c3b9c962a4850ecf562

SHA512
6bec0c4704dab59f81a0f49cfc3ad1b6ec98392f7f49b636d04194e0928710c18a724ad64bb1fd977315fa9fa53eda29ff79fe09377c8adf6297f0a888738704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82445ba22f2b775a_0

Filesize
55KB

MD5
3d3ddcb302ad051ad2a1902d61321516

SHA1
bd9a8d94aa6b16b2390ba3b2498fbdf91bd7eee6

SHA256
8289f7848cea995fb8b368220be6d5505669671c32cb6f16cba6c6858bc16c56

SHA512
52e1cd20207b3fc262ce2f95bd044039b10576fef3d67db691189f67719c992d3ab550f27b2349b80e52109af65b19a2e3f19e9b2a61780aa0c4b7bc0ffcd49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83119709594944a2_0

Filesize
3KB

MD5
75009b3a56c9146efe1abd23d778ca16

SHA1
c84d766411435f1f83092f743784e6f33c65fee5

SHA256
dfb73b8cb869910e9aae5b26ce08d6eab26fc43468e35525097bf0a5d0a17ba4

SHA512
69e7b73111b04f6a6c5fa37d832684d9cc968749035f15cafda3db9387f9383f388df7ad964e47347a61011c8135c058a2ff69f2dd8160ec93bf0826eb309144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d3db18619d59138_0

Filesize
352B

MD5
e1e1ea524e798b583164101f76c57b82

SHA1
71b677f2297d38456795599e8dfff71a9104d1e0

SHA256
eed932e9a98ce13f970efd8cf155a190573d0787c7dae9353ba5d0c23aa3c1dc

SHA512
583bf83336b4ccc6a14c034599d26854056aa8726ca8a89126d2951f4c4ddbeaa85128ab494a32c2007d1da0f77ace08215b0a4ad8e185487dfafe88ae0c291e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a669f9fb60797a21_0

Filesize
248KB

MD5
8c5ff0c4ea03a1324e31c992a48bcfea

SHA1
91754d0be43b96e23fe61fb234a861efefb00bf4

SHA256
c1d62f643d1815002db5848fe82edefd7892a90f57714e9c6b7100cf5aa72d66

SHA512
57e3bec7e33e28f7f7e46e965aa2e52c16a7011434bd21d28491de8fc3133607373f969543ec0272dad28bc959717cc1d56292fc197883f7fa5c48397b3d250d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a86588362b1306b7_0

Filesize
280B

MD5
5e5d3abf22964578b6aa187fce5a2b15

SHA1
59e2a672dd4f388f0b049f87572fdbea234cbe22

SHA256
f3b5cc75bc41e1462bccd75bf934316bbe117207dbf13e8af88cd921b53a57c3

SHA512
077d8731b6475a41fc0efcb89521b827ecad68309fe1e0060a692d7e8de2667bb61919f587a2c68d991a1a5ad96ce00f05f3581e503565904f85cc97b24bf87d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc20fa95c0698cdc_0

Filesize
1KB

MD5
9c85abe20fe212777f1fe9e63bad490d

SHA1
5ea6badf3daf718865b7bb1c805703b0eabfabcb

SHA256
88cc6034d86f5bfa156498ae87459fec98dc203c71a2e9d6ed7cd63968a274d9

SHA512
16ef30e1b4610ebe6046ad967d14b086a5b3654da1f427375cb927f564e93b4f08ea1afa892d1332a308f1185fb7fbb014df3755fc5b5c7606b046aad5f6522b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4c9796afed7cd74_0

Filesize
4KB

MD5
acc6b48a02183b9da68e70369385f86f

SHA1
36a61ba5e69a627de06f2af92600f27cfa680034

SHA256
98f0e96b0b1aadf3f0dc9de9fb9e57262c14e7ee65f94d4c2fd4ccdf215c7295

SHA512
769af4343ab8b6ba1f646e7bd647f1419fa75ac53519310f3834234d0e6e9cf8d18db9fd485400e6c724f5aed2cbd733667febce021dd32f53b1e2b0fd9964dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f31e66bede243bf2_0

Filesize
1KB

MD5
b1a95473a0f81fe22639fee0db7e7445

SHA1
1177819f46e8e42ed6a79164d94ff8ca7a4aa92f

SHA256
32c579bffd6eafec0c858e53d8550da70afea3299d3b1fc654e0e5eb0a211f28

SHA512
9b4de1afe319c8652ec8a8c2cda1ad05844749f79681b8b88d41c8b6f0849f8639f39d7508a9010b2c21dbd167e6ac0af97bd50524c5958e3d820f14032a89f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
13d0a2b0ac7310ca3f54f264356bde32

SHA1
be3106a89a997b65a75db363614fe48ab92ef7b8

SHA256
3ca01835e57e664bb466b0b573db2e59c6c46d37a3446522f1e85985bfed5bc1

SHA512
a73c80e7ed5de1ba2427936ef582b4b59b13281789503d9005eae08812030795a0a9c3a89d1b15d34b6657ea0f0aa50ac89377603e1ac11e4eacf3ccb846a1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b2ebb80648f6a5f76dbfc4d6ac7b902f

SHA1
a5414a9598819d0ca68f50c032b228eba057687b

SHA256
8add2b88a5a951822ba3171b8aee1386d6f83d87f7988d0a191599e7d498431a

SHA512
a9732303b4303e8d4c83a7fdc3edeebe04d87002da5bcd548cd6b080bc7759599068172281d62f59e1bb3625b3e2f177ffe665c579120a13e6078d5febb581d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ff0d932b0fbffc08fb8887c1524b642f

SHA1
08f32f2e642a9e849d542ea3f7c817f205f3aad0

SHA256
fbaf47a34544f2d4f4ad002e6b96a906887cbddc4fe88cc1424906e267de7f9e

SHA512
a5a79b55693e4040c26dece040d64c91ccfcabd5d283b926d10bb31513c39346b1bb1df14be1ea111852b8d0d83ad9f915d2cfa6f49e5254c7c699ec33922423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c06219542bd6c8d9f3259123c453f63

SHA1
bcd1753aa869bfb516548c4bb447e6224dd99800

SHA256
0d708d0c3580186e165b68fa11095bb7b99de625814afcb6fe96b1ec2b78e189

SHA512
f40b0ef7b99bcdb74f613609ae81bef0155015aa353afe448d7ad765ff4889b9dd9f519bab543e173a75eb833aecfcbb7de5252474627b98fba6e2405c802db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6dd276e4250233bdde788485351b4681

SHA1
8a72913c7b5548258fde1922de657086101206f1

SHA256
76caaa5122a4754bbb7901cb299472369cb7d887abdb362d1e0ced1856bb851d

SHA512
1a2f265b6b286383540367cfa089584cd37cbcb0485efc39eb03ebaef26b554f50dcfb62d642521535d488085d02ccf3f0bf7897cc74976e2e48d4a6229b71f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e9f2.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\687bc188-5c65-4225-ac60-ab4fd8f2412c.tmp

Filesize
8KB

MD5
e2fd4873ff1ab436d0f3849c14ee25b0

SHA1
e3781147a0a4940918b606d80c0390ebe79446fb

SHA256
7c22fdb05a3fdd31981d0cf1bfd23f48ea3566b75327beadb3876237148c6672

SHA512
1efa55ecf605beac44ba26880348bd8edb78881c09f2b83d7f011476725e636dafbfc8c2d1d4e1164d45809dda7616a38c00ae3eadab363cf0c2e5c8e4900618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ab1118013c0f8d10110fc88db94926c1

SHA1
6dcada0aace91eb9b0852f008127db3e836c6fe4

SHA256
15820bc2886981b278b72351520a07505e684a61ab24c3b7f44657d5fa258837

SHA512
a02b10e2692f0f90def4b429180474810e9587f751cd5a3c177012aa8d2b828d78c227ab50eba00a67d853146c091f1d990601fa46c26e8f26cc0bd7f10b54a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
67f4aa688beb17811a9b9c6ca81974aa

SHA1
de44d349bbfc796961507b1de8cabbf0b136f399

SHA256
ae2b5928c6b56e47463d7c019b4ac57c1902606540b3c4f2e59a359abc966137

SHA512
5434b9e3c71ffe0b77d054335f956a73ad07772bd7aa7cb417c2a1bca424b24c521bcbd4711d7276bc18baaf9bdf8608c12b774813b51404618649b59e7a20eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
76eb3598aad18411798e90df60287b94

SHA1
1b8363569d261a8fd1b0ddfbda1dc87efca7bfd4

SHA256
30e66bbcdfbe07be93d1d47c6e13de5e2373984c0df6336f2b2d09fc52c0a454

SHA512
1b7f234893b8e0edadaa4a22aa2e7e12b075a9c30837da1f17ee815c01deca88fb16e6b8a2d99d3f023c67e51d65aca724e337b0358d0d5f1816b632727b47bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0b60cefa4a4b17f62c6ea4cc9098ddf7

SHA1
db7e9b07d9a3de6a2332ec181d0cff4c21856401

SHA256
72623768ea33825f31ef1cbab94d7798f7bff4b180c566f8551222a33e2f1f2e

SHA512
0ab6a60462e2a236053db268956cdb75583f07bafcb017d5fb067a470ab0f61b1a020a9f676bd1088e411f83a5fa95f700a229bb001bf28e12fb4c385880fe0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d98dd0a260dd6b4e31c76b49f52f7bfe

SHA1
52fc7f9314bf3c6e8cc98ae7b8e19b1898444700

SHA256
dfa2a641f3725a7c0409bb8fec0435ac1b594e658d730504bb95d8c1bea1f55e

SHA512
b6bf2485150fe91ae48744055453a5cfbb5bdf0dd4800cd2981df30b323cafa278bff354505643e57d1fa28125439f12a2fa3dd7a277cc182b89580ba182fc7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
616a65929ab8ad61066b5d03a0888d5b

SHA1
76128551860c1a3b2315e2f53262443facc12b03

SHA256
bc4a8c2ac1c008fecedc0d4da406495138db6ade34cfd5e04781d3919c4d8287

SHA512
384e77a9ef9a75d385d818e1616cf9aa488cdcac7079cecece2bbfe68b4bee8c33dd1a399cbad45666ff1e22e12d37fdb78804386696d74239f0828073192c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79bfa5a31966ec0648903afd0a88c5c2

SHA1
1e2708f5fe8aea938b30dd3c31efdd461fef78bd

SHA256
a3c696f434cf0072412cc760ec6fcce071e1da5aa6890be16757b290bb1fd4ca

SHA512
0f46b9eb4dff4a9324337f43c63decab78cbfcac62c492927320b0b417450efd7e5a3853d73e63d3cb9a18b1f7d1c7fcd5a96ec7106478e7004ce865cabffd05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
4aba919e2326288d13b23a901e577604

SHA1
30ce3c92541c76198d4d7874de9c356180904375

SHA256
f828d09935cb47c0f165f19ebb2f3975f1cb1870c26c86fd4f5244392c665950

SHA512
bcc7d0a8f07a46fb3ab5f05ad24e688743a3890c40d914e07858b088db08150fa6acb33fccce3141ee9c2b500123212081cc98eec8e8845a77a7b8ec906c8d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fb8ccdd45f574e6efebfa8236225638

SHA1
9a1bd52e746b8cc6d7baede150ad0c8ba968b177

SHA256
28ba7cd057c736a4b3c51945718a6d0e297f66b9f952cf8cf737e77810b94c32

SHA512
f7bac44b7a8eca821fc72b33fdac8c6ac488cd33057816c5062122ac8649ab409451eeb1320055aa78b1f0902ff23afe193d62fa4ccd91a71798805aad5d5520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a6c74c05afbb3686aece2df363dab148

SHA1
0589864a6f9047c64c15b4340d94db6980fb3045

SHA256
6c40e48065b7242b55942e1a9dbb009e82dfffebd30089a1978992d67bc526bd

SHA512
7e6825b3e70fe4cd7dc4daae3af178dee9212e2f94ee082b02bb28e8dc7c0b62bc5f3c945acbb13fb87e41ca581458618660ca71c9e7dec2aa7a8984c5ce5449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ecb9123b890e7c32e39ebeb661d2a8b4

SHA1
ed911f289024c2a0b043c63a3bbd5b49bfaa5269

SHA256
3c5ddeab420f2f920ae435212d2097d8b1cf2b3339ee10325b9497d924990c6a

SHA512
d8e7eb4612279a283a59e6b4356682fbfc45600084843ae7baef71ad511ad1e4a7642c881630a0b0db49cc36018ecbb6d997e093eba07f3fd3cd94adc76a85c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
37ffaad8bb15ea7d1def89c785954965

SHA1
fe2720a40cabd37df4c81b78ca923849b149fa0c

SHA256
4c063f2a113a5617b2f0c051d61844c5cf70fe4135dd0488329071cc32b6cd7c

SHA512
fd942dc318f4b7635eda693d322710cc3196308187960e5de3b8fdad642b71135364b98aff6fe11378c6da213aa243167a8399645517c155f184a48caf33ed05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
501675e10069a6ecb3d55e22990b04ee

SHA1
38df51aa9388b7ec17ac2ff79a16fa820996f91d

SHA256
f53c856e00d44f49f9b2080b51795eff50dd7cb48d9d9290f23a205c3f633fa5

SHA512
e8de4da8f725a4c5c8fc12bf70509c308f3a82164fb281e3b94b99429ca05e237a5aa35fb67d2cee099924ed46f2aff468b80436778deb3fea43f789d4329cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
118e5baa88c71f319be612cafb07c37a

SHA1
1e321e483dba2dd87fed67351f122f6b36bbfde4

SHA256
10f407514a8b79ab26a881018197ada6e68109dad716a29aafca5ed7ea974a69

SHA512
e0d3dcef7a7fc8b6dbf89d085113d5f8146d53240dcc926f88f0009960b6a9f517f2f0eb3d9387d41fb1b93c37ccb1a1ff6fe759a69a25546f2aadb65d5dd043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
874f2d5c919c5cbdd746918be89e1509

SHA1
8feb9c576ec5285efe856bce06372067dc1b5764

SHA256
532f427ee9d44d1805e744742bc14b64dd7195dfc16d8d34fb68f8211bd3384a

SHA512
c7e94de88fb0ac41fb5e7b93fc8a122cb655fcc61d047451d7ef35c97ddaed26d9d65e2a5b8752054f0fb41b7f83fe97321eaf7e49f6649aef6c1ae5a43b134e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
b0f34b7e0226cf312f7b00b53dce50f8

SHA1
b53d7edcd5a49802170922ccc6bece447b7a99b3

SHA256
1d031fe5a6f7138d0d59cd2dda1f3e7fe17c15e50e8e730fafbaa2ea6f443fc5

SHA512
328b493dabd18cf635bec59bd13adebc6fac0cfde030c45103ff28231594e288d29655c706401c5c55a7641c8b36dcea557b094dba88036b40557c7f0372c0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
846B

MD5
4fa687dc6b0b2abe4237d844f8ef6926

SHA1
178821c248e3f69e4298eb5427249bf388eceafb

SHA256
37f6f0a4967f6d6c2cacdb9f0ee18ee0be4bcb57971304773efaa85e23833d57

SHA512
4f39c48a5f075fff4c6a086f3d010ff30d0982c9498c4648927a849d3060eca294837cd441e7aa5a3e8690c518f312c04e3efc57fecc0fcb16b06734f77dbbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dd89015741029e65b6e0a6886e1a5a63

SHA1
23ee56cdda373a92cea3a6de78961030e51aa9d8

SHA256
63092bc7ef3f7e3f07ad47e7ee7ee87f8d11bf7514014c9c61ecf105eb2bf59a

SHA512
6627985cd5120f31e3775670dc9f978e182519110d817e0323366f28ebefca7c0fb690030a08d6a4b4b5c42774a04b34ee492396a5312382e31ad772dfeba75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
4b291a7cca8d104e025b03276993a1b7

SHA1
e6cb1de13f241292fe165f6babf4aa60fb76b6e2

SHA256
b338cda00a3cbff1aa849110124280593d257be2c1901d382d8a7ca20138cec9

SHA512
d8447bf299ca50f0d4376dc72541b3c3b1eb2b6fcde71f2e5935a970953bd88517b282af91261ff8ea347614ce78081222d43194923657ad453bb618f70b82a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
008d551b028f6732b3aaa291714da921

SHA1
f5a04dd2aa450fcef82c699b6f2b86654b56b3fd

SHA256
0f92436cd632722afefa419a6f300bce2c6d8f4996d080a322ff4420f4488b59

SHA512
62fa354c015a97ef1931f61c951ae0eac1ef70d9f659434c8655cf9b859f0c4d62ee841cd966f758641ebdc6954d57cf2ffe1eabf2796430b481da7d0fec712c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf76dbb68d3333a8046690e259056f06

SHA1
3e3cd562eaa610a18c075aae177c76e72d5b65c4

SHA256
6991d0c25a3abfab0851be6d8178c256dc7725da8fb70f5f20cce430cb686257

SHA512
214635a9405c610245dbdfd269c43dcbe8adfc2360fca017d885b2896ec420cadf3892026e923a862e89283fa0ce485f6d74dc302865ddecb9bafd4109600f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
8169f45ad897904ee001737775d3812c

SHA1
388749bb1a94e266ee5e19a676bb0729ff2a8f92

SHA256
7def71d30a0ca8c052a7d8e23338240156639465f2a3d752712f6fe57aedfa8f

SHA512
9990718a537304ea6a57191722eac80f7b03cd1c3abe5033e82a96ef2d285dc942d202895faf651e28e212c152074ba424ce69189aca29f299fbccb596f9acb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
66b65787b97f31fe913ca6aa4154c8ac

SHA1
e331b94ed9312a6dedf6b6908907e0f9735e3503

SHA256
466cabfb84814ee352dd77b19e2c90fde7c6abeb79103d828d5cb168548e7292

SHA512
483f0a7f32d22834f855ab881aae5bfcab5658dfc569a900e163f54cf0b6f5c1e2595fa645a0a5e123e278699c0de59cf69bacdc58aaaa0d7b96b122cb68f317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
7e6d3a78624cc8a1b40715f84ddcbf58

SHA1
8b9be7522b37930fde6813cc335ff274c32ad18e

SHA256
a58a77279674ae99d75eca62657cb9a2ea2fdb9a4e123d38b8db0b8ab53f26e4

SHA512
e35ef2389bd81ea1e29236e3a54c5af705e35ccd9c90f35346150c7b7aa2fe8e73528106b9c9a6b21266f8c8adf07fa4a4132dd48ea10f2afff41399e5d6d122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e50f1ae3b908976406b73f0084debcd7

SHA1
7ec63b6820e953155608f511adfe114747d1990b

SHA256
ea480c6f8b31addbf903412d5d74ef76c4ac0fedb324b41f7590643ae3d0c263

SHA512
5200030ceff4f47f9ba3c828ec8f4b2c3a9ea1a64301dcde79a985a3c00110c8d196ff170138fa690b1d614ea7965672488ff6a9cd6588a35ff3e8067a61ae52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9b1d8be9c82deed15a05b31475e62b9c

SHA1
caaed8fa49cfa2e4e818100fac672ca00d651d6c

SHA256
85600ca1b28195b0c013d3ea4e683e0b5571c5ed7fa9a78a56be849af148fd7b

SHA512
cf366cd5c95929bdf38ddb008488833c5014d2661f32f75d6df8d5b261cb5a9456a1eefe60695a5643f789a73db86337cd7d72f73e9613154ed95f6dd422cb05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13962b279e1f14ab649bdae1082e7c13

SHA1
0ac6edc445ffa77442df9b8137ff2224c678abe4

SHA256
e934bc3500aef6aba490244c362bc0d64ea4f585e397dbffa1377f54580f64df

SHA512
2acb04503719d1f25573a7409d11163bb6eb80aa77d228dd78b1ed60cb3bb5f95ea6ea258d3f6aada9605a3902c622d89f7db44815101bb768e4a6ba95d5ef2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
29cdab72be1fa81075ec2165d140cf6e

SHA1
963372ef93d2b26612969db3496d0fe9056f9a28

SHA256
4beef1ef014eaae45ea18cd21a2fab52feea8d851c84210a307ca7b9fa9ee267

SHA512
ff456d1a6a68693e3539d04449292baf9c62c648ab22fed222746e7d6bbe918293697c0b13a464dd43cfa88e3d4893c96e53e89fcb2fccc78e17152ecda981e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4139012e684c2ec52ab7924e7823979

SHA1
31dd66660e3f6f3c3798f3111bfc1d229444a8a9

SHA256
4d7488f353782afe73b0df18117c5d9102757fc1b4b7425f235e45c99c959832

SHA512
5306111b1c6c0c98bcefcf53a52b7e5ea685bcd28ee28b3b86a8a1979c828bcc0b0ce514920843ca823b9667ad402a09969612eea4cc2f0532f2e6ce366054a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c6c79da7730077942ba346327a9e94d7

SHA1
3a9e8a2164ca59326b2222b82fddbfb0de3bf359

SHA256
0a030c5e1c258bd0f8c147ab19164ca40691a21e68bbf79b7b79c143088099ae

SHA512
b3bf13f1940772ff5eff87704ea0d0b6b9cd69b8094a2799bea19573e8600f345a9db8ff389535c7d8b108fcd701374fb22a8a3e799607c1b85170f57055d41b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d9152f89f5ae7fc5a51ede15edb01ca

SHA1
b818e86c957c40afa495dcf5c7e765bf3c9f6945

SHA256
2b104c7133399bab9ad97e18a8358366cb6ab36b59c81bd41e7bbe90ec99b61e

SHA512
71ebcbe9b898ec6df3ae812f716c90fcc4294796a8e2eb69c2c9068bbe31e4d8194b5aea6f0b85a4da685e208c1e8077f3edbef6b2f953459404a30b968c2ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89e20d8a75044f5fb51d9ae0b5419d88

SHA1
9d7efbc5c33fb58363de467203fb3dac7e4dae34

SHA256
0410fbd788acec5021f9141905aaf097b20fbd827e366dd4aace9d66d90ff891

SHA512
19e902f4defcb0f5dcd76020ed8fac0c328eb25db5dc2dfb43321641108bb7aa0171998ba5624c1fcbf7bcdc95e4888bd34aa82f5a2b564b133fca469ea8b408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7827c543391b12e436b794b00a0bc364

SHA1
90ce02da3b058ed18ad1df7a1d502460e2697902

SHA256
337389fc68f9e38184dc74aa4ac8a66c3e644e9168c7faf3fd270da49c2e61ea

SHA512
45b253e33b226635becac2810dda6f0df8d9086dada897d7414866ac37c430de75d648660d18a8ceae8ec5ce9551e570a0dee9c753c55b35a506ab727d628b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eacd4412ca69aa2eec5c244a42b824c4

SHA1
abf33b8dfe132be9798aa459ccdb7a2d8337272a

SHA256
f6e7c43101908ece90fdeb3fb6f48b9a146d7e74927a8cf707c37733c56d2f59

SHA512
775bf337e3842751df0164f059e3766ca533da8530d3169b7911895243961237e15fef686819b38c42ba1f58a5d44569b6515d4fbc390668fcaf8dbd77d33522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe16fb4859ce1f194bd34e121022b332

SHA1
c1398ea1cce713eb77da9332a4740a46199df1de

SHA256
73d32c04e758350a73d9b43b71c4a2926e4f2532ba5f7101d876c10e94602a98

SHA512
ca994d2eb9d6960bf59cb6501ce30f487387b7d4316064cffe76243413430882d53d5b06ba264cb6e23ea3d5920f29868e629c88c875862f3c7acd5db6fa2705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
246630ccb67119361ce26e9c9d9169c4

SHA1
1021495666e366f37d2dbe49e7ebcfc838862775

SHA256
ac8ead1d0c86eb13c50450b23b087a5b39d85e5a1c1953eb0e69260dca6d5620

SHA512
73d24f7811b255bc632089aee670f90d5be6277e0f2c304956421c39431b065ba1cfb84b7fd7864941278905c7fb3af3ab3743e98f24017e2282be07ed142d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf272c732261d82d4212f90640da5f6a

SHA1
aed229ee1e381ed24cd02bb3c781b0aff855810b

SHA256
5d830e566b9df74b175f60364e13224314c989140533c2dd4c344ca0f4985f5c

SHA512
ac4b706b52b2ca64f972a903602b57c19e05ae24dd57997bca1b1117b108ece9cc867b0cc1bd4d4b69eb24738d3d37223758f4209aad6f9b79b4f19012e232d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c64c98577c0a0ecbe82523aefdd957b0

SHA1
c319ccd38159528d1920e43ccf16ec11f2b8e12a

SHA256
31208a0f1f5e4b969dd36b400488d7171ad7f888daf9c66099396a0a2c907a5e

SHA512
a888517aca2e81ccb7766668f85ff6a013f64be9a01044aa8e1d068513904281af7d175bc6232fdf7f74f4502337cb9c241110249424475dec5d29d91e8f733e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3b93c241d9be39f8404a2f7ee57e6f06

SHA1
df3474a56b915395d5504c4aa128f0649ecfd011

SHA256
e20b68333f42517979c1750c66504625d583bd0d5cfe5701b457406ed6148c37

SHA512
6be596c2afa3ec8366395306752a700f6931ea303ff1e1bda5299ed668bf255ece1c47d00b26c68599bedfe0973871e4cbff8be5d827fd993f4c413f3482008f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2d0b916b5f194fc6c93d1cf078d3367

SHA1
46f327c83018852bc1bd6b42734fdda59ef4df78

SHA256
8438190ad1279577b0f0ccb4d5b83484bb86ba32aca7995486c5c21d3b3897b7

SHA512
43e4b53cc4f542a83d49e624cff323171b3995038e6ac7c0ef4c17759c05402450b637ffad502694b8dbf541f2418e0c998535ec088d86c476da8ec154823554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f44601cf15fccd68dcbb846058677d00

SHA1
438aecb44f416aa76e2220695cc213e9fabd8dc3

SHA256
f6314cd9485b2a2da39bd2b101420b55500e6ef0266ca22af160035176190ad0

SHA512
04f3ce01d05cfeb3d392ac466913056fdb25fcc09fe535a12172285a16da48cbc3dcdab325f6059652a05a333f1950e8cf904c250d11cd66ddf2e454bd3495b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b488c14f2558ad1db2ea4c3becc77be7

SHA1
ff4d16f53532023ced00c994c4ba424084483377

SHA256
a5e58d3a2d06f2adebb7d05f8825aa895f8cfbae63e707d4c5993274186fd6dd

SHA512
0793196cd90ae40764094fe3332610b0314c8653c9bfdb8e47554994c4a56d9b3d055d27eb949951178f7a162de675139b318cfcaa95fe34a4ae17fdde76972e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6c54496966ab7b10220a9f8fe06ba058

SHA1
9969f5289cbc2d43ed5ac0fe544542eb60501e60

SHA256
0023cac18716a10409f6d1572e09a6285dfd54458c3a0d6b0437ea37d0c69677

SHA512
8b0a95ef605e73fe598a05b8c77315ccdd37847eea688a255205182a88bd943a15d756e2d2cde13340e086e61ce861ad0fc03d37d8523fd97a08a465e0b5c7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd1cb037f630cb199ea54dc5792c14a0

SHA1
3a6fabd4a028145e128f3833ba19e32244f7413a

SHA256
94378cf5171a3dd34e7031682b289971f57d2f30840be7fc443fe05317355e80

SHA512
2ba41a1b425675a3fe1aa934b4c77040708ba3c738e8d7e4aaa739c74a5fdba0298d2db92a47a08a0735bfeba91829082fda3ed40052a232edf73d8e757f24b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1189ad9d45b819e5cff61b8fb6b29ff6

SHA1
adb408737e4ab37061965ef94bb1e233f8d262f3

SHA256
6016d6ba82e5094f06cc85de9520ecd0fb7e8ade7a9e7bb9ceb01e9d51559b59

SHA512
f8009704abcd48ca02d3fc03f843d0f9c416fdb326c95381b7e38f70bfdfa6e872d31aaab016cdb6818525b4c01f439f7b8708b789fc8245b5af1d9731d03c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f73e6bcc9782e6a90a7f9f68333772c9

SHA1
c9721bee998ce518b5baaa0ec1dd549347a5b60e

SHA256
561dc5b63d5a1a3bf87611ca5294e184b9772914501749d02d06d291670de816

SHA512
fd8cb47b53a0b7e7b3506e8b67ecb416122f82a2e01ab34648f8d203fb08e00b722917a87303ccf3bd21c4dde0bed26b3988843466ecb9e4a2193a27af181fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9160b973c5568f875dab2ce0e92b941d

SHA1
8452166683f15e7fa34c4e62fbc3470c5fde9d05

SHA256
778b4006874f604b19ddfceda582a0bb533e34ab9ee89158a248c8c426b4cc31

SHA512
419a8613f49f2999a750aedfe7152917486051cc2dab8e9a9f83959e7a02cf5e2d58bbce3e840c2911f550cddcf20854e2b35f62f629377052f66dfdd46e0f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82f71ea24333da942857eccc5c3b9974

SHA1
e102fa72dbb0e54c004e67e4786a52db213be902

SHA256
cbf659dd36e25b7359e56686041e55d3786841cfc850e9c2a03d65290c27f3fd

SHA512
36650eaf99cfbc482134c6f270c4dbd02e8800fb3996427830e8740077bc326191cac8c76204a2c4453bddb8a3b51eb6820eac9f2270ef42d6cd2e1c237ae268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f18b3f147fa6e07231a52b330a25d255

SHA1
c88d63d8b69024c62ce5794cfd809af9075d3aa2

SHA256
b6713c6f35a1c8de355256c00ab47b8a91a8092ef620bc835c56620b0493ab0b

SHA512
1888b3be4562cb3d017aa67de196e7bca0a48206e2e0774ad1f7991020c23f0a086ddaeb3e40bdadb7d07600f40eacafb0346ba76ff2b5c2c47941c9248d00c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
68f9747bad7b32dc13187fb9175e8375

SHA1
f83babad558204e7294b3602c1960cf9688529c5

SHA256
0b58a9527972648d55a9a9e60b933e9eadf7e06254c4a90f9302698aa4f20feb

SHA512
b36af3cb91cec508f565f2c4e0285041ee8b7b83a6a71a041e3dc3c6f347adffa5f9545754fef33bd1ab352aa105c114d19d0a91b92bdf5b9bd4ebc304624b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f1dee353-585c-41f7-b9e2-63e06e5e5f78.tmp

Filesize
8KB

MD5
e7ef4b51a627a2ff846df28da1f58b29

SHA1
b546672549cb5837b168984c3bf49ad622235324

SHA256
2a95980311e41f54bdf15d0c6d8b1a03f3a809e405393b61ee18ce64152ae015

SHA512
8bab3cb37669ea7adf5d6f19c19df7de92f73c385f78d1e97039f9520d3b7a68eb6b3c6eed0dafd927a00241e2a46fdb10ce02eba666416b0649b72273f2e2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
c3c6ede7fb882cabf7e154dfb1e20d6b

SHA1
65b252ea88cbdca883cae156bf0aaff328b0b1d3

SHA256
51304a334f409534766af6795d2f107f6ee58251ce085c4e3fac5cf5edd3f2d7

SHA512
6b6862b6a8e69dc21d8e78c27d16e68f8ffb4b29862e77a9291c2b54efd41562505e030244087dc04f91dc548f87e7047b201cb10ab2d58cd283e532039861f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
eb8fad129989cc7c4a7a80deea94fa26

SHA1
e482d6911bfe6ec377cfa6252593888e1bc4212e

SHA256
cccc2360f03bfaf534afbb8c9e8a34b933f7bf244dd0dc518b52e188e3f0ca31

SHA512
2ad920fb14b2102b06dd7528389b09087a6ff2ff9fc2df7f160a93710b383673d9c7bdb8cd265e26a8ff327f813b07190a5b3956934b3b26168938f4464102d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
652f866f5cd83e8053d054233b4e0528

SHA1
33913c6688ab12e0211b61b4592d2fff1ac90e4e

SHA256
1056fe7f4fe7f2db04105d99988f261212ae5c782d597aa630d418deff8e06ad

SHA512
dba180fb6b22a5a823e98536a88714d6eab97a415a232f032f0bd728e19bcad61611ec57f03b5e9e2931c17bfe546fa30e5fc13424706bb1cbc50bad6498946b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
464c4099145fe8a8066631c2d5d040c7

SHA1
4d3fc5c702a609244f3ead29dc85feaadf84de3f

SHA256
3f691ccc14f2f953e4f38c91f4f82e8f06c1ccce6c3631a6144a64ebeee1658a

SHA512
77366da029f0e56b310fa4e21b7581266b9f397c60e1dc812132190f54ddf3c59c4c2c7edc8e97477cf866cb144b483593f39e04953e5ee59289514c1abc7204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
688994d26e7671e2ec5e57640bd112a9

SHA1
d13e126048503fd79edc20daf6cc782e05aa6594

SHA256
1f94dfb761fb1e5456a3d9445b471eedb672461b377a19f466c2a950352b1471

SHA512
d846afd4cba2a487df597039ddbb454ed6d27fe67cfa470b2c01ce5867c3dd66028f31d3857ee66eba7e4082e0173de9c34f62ddd74d9cc4316c7fc72a76378c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
d369dd48ebd96755715313cbe547899e

SHA1
a5e74deccdce60bde74ecd89a9f866e52e6f8c7f

SHA256
6d4a54eea0d527d46683c0a9d284f819c2596dd62db0e03dcdfdc584fc035f69

SHA512
c10a8317237aed9cb3f50bce3cab29ad03f9709cc1f3f6f23f4a0b60e4f32f41e5efe0f9fb3d35cb53478687bad9e49ea4e7aac215e7e24765d03c18cf78d8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
5ac9a66156a1f8f180dd5044d412e2da

SHA1
fd1f0e7326de482c9d696dcd7889e2f41ec83077

SHA256
5b5f10766fe5dffead9d5d8ec2a4602591300e5178a46d6ecc3970c1dd3eac09

SHA512
61e7fe424004cd99631d83e463b22a66f1687c4a1ebe986d287e6de72374d00093079563eddc00ed25a656b7eb5ea13a893be3373ba2bdfe4e825132e70ed962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
f0b2d9a757b242b8868140dfbcc88d3e

SHA1
633cb1380e2987edcd9335b0a38e2fce22d3cbfe

SHA256
b3c082be99713576c0ce1d0a3e6827a164e13a3a0ad7fe67a28b0fca879c5f72

SHA512
73c15051635d301024ec1df695fb5fa58acc311825fd2581a330652ef1bd4cf705c6783ad1d71887db4eea4dac95ef890b42a06187ab257340ec7f7648c03546

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP

Filesize
6KB

MD5
7eccc259af24ba7a5a0638562536068d

SHA1
acd3e0fc2e10dfb2e57efa608a60297efb32e54e

SHA256
2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7

SHA512
7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDEB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\208101740241841.bat

Filesize
386B

MD5
4f328f9964cb23a802584c5c078ba721

SHA1
30a34d991a386e7f32b2c234ef4731d0605b9516

SHA256
3089e9cd50dc6c3486d1ce4029ef026476cf03bd10dab76a63f2d70fa1e9979a

SHA512
fc6b14db9f622f6a114b34f275c72a70b793ee7250591a43ef74ef58b8beddd9855ed12b8c499e657bef4e0918e5302cacf00a7d3e4b94ea6ef7c55243797f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.1MB

MD5
5c92ba0b40a75c654cf9514d97179ad6

SHA1
a2976a48e992908f66cb498ab4a31e029eab57b3

SHA256
b1ec7ad679d38bbbb2d99b17355e73303db4e67d329062223dacdfc4704e1bc4

SHA512
21440474fd9f719ac91c3177bbe3d12ae60ebcd2dc102f2809e5a26ac696a665947818ee9eceef8aad7bc10f01d395307c4a772de50ba94ba3085fcddf800c7f

Download Submit
C:\Users\Admin\Documents\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Documents\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\DesktopPuzzle.zip.crdownload

Filesize
121KB

MD5
6ec216cae1f0e898635d296bbb1a7539

SHA1
8725949a62c581e4c55d7338dcf3f67997840278

SHA256
431b9b7321f734a3f11b23e638199ff1f0d9abe9374ec299484d9e47f20b4ee2

SHA512
b619a5e8ccc0473d99453108085b1678a75dc816bbeb1d5301cd265ff8aee18e214d4e7b877d0d5d13921238d45581cb89021c4dbfb9ba2f3bddb4d4f297ddfe

Download Submit
C:\Users\Admin\Downloads\MyCleanPCInstall.exe

Filesize
9.0MB

MD5
b3806cf4a8ab2cad2e83780b732f773b

SHA1
7ac75b2fd54739d118e2dd7d9dc0218b81115424

SHA256
832dfa53011b38683fa21bcfea29f63309d28765d88200e8303340df72e9e78e

SHA512
33f05ba3a2f8b5370b37647322da06476ac4bfbdbb0ebd9c28c46749c3c8789d4d96f34c0e8b3c0082116d61497854987d821560263031486dd4b870af8567e5

Download Submit
C:\Users\Admin\Downloads\VineMEMZ-Original.exe

Filesize
39.6MB

MD5
b949ba30eb82cc79eeb7c2d64f483bcb

SHA1
8361089264726bb6cff752b3c137fde6d01f4d80

SHA256
5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923

SHA512
e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.zip.crdownload

Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip.crdownload

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
C:\bonzi\netscape\extensions\[email protected]\chrome\@[email protected]

Filesize
1KB

MD5
789483b3188344981681da496dbdbb68

SHA1
ac3c020263f1948c65193e34d0f82e56941f48bf

SHA256
1410cdeee920ef0c53ed58841380d9cad57c1331e5a7e95fc1478e3ce82d3c08

SHA512
554e807b6d2a340511ecbd26fb9cebcb681b48e4a34f7d801e297f0d67a59828d3dbebd9980bdff4022da6a696aaecc752895db857cfeafaa91389cb506af399

Download Submit
C:\bonzi\netscape\res\html\gopher-audio.gif

Filesize
163B

MD5
0c428f6883c912e150ce42c954b1bd36

SHA1
bcfcdc2946c6e8113083d57538de5713aa033e9a

SHA256
39c501d97b098136e6d3ef487ebc2a04b00b367af8bf04a16ce183064656dc2e

SHA512
d809489178b96dafd4a0c95edd56fac21625aabb2b7dc8260345eb96b9c3c7ecb1b18505746bed15581ebfa1265cf96c8aff3953dbc6d69d56b31fcf54db228c

Download Submit
C:\bonzi\netscape\res\table-remove-column-active.gif

Filesize
835B

MD5
cdeeb11aaefc565b7e2e6de6c5122adb

SHA1
67c0bbae8ac6dd12cb66621f3539fae6971d91e0

SHA256
1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03

SHA512
b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9

Download Submit
C:\bonzi\netscape\res\table-remove-column-hover.gif

Filesize
841B

MD5
f6f8b831f31c8a4081e61403b258d944

SHA1
389daf6bcd0ba84a413dce4aff02ae9800eb1061

SHA256
f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8

SHA512
01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab

Download Submit
C:\bonzi\netscape\res\table-remove-column.gif

Filesize
841B

MD5
90ef7ea72f363d421c608e37141f0e29

SHA1
891c963cb3c26628dcb18db5653eaca5275b0f9e

SHA256
dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231

SHA512
6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5

Download Submit
\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
\bonzi\BonziBuddy_original.exe

Filesize
126KB

MD5
ff8e3bef2b1c444e59d21d5291c81d96

SHA1
a838dc974a49dc0fad824cedcf794c8c9651d410

SHA256
50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e

SHA512
b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927

Download Submit
memory/572-6165-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/572-6151-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1248-981-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1248-1019-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1248-979-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2256-972-0x0000000003180000-0x00000000031EF000-memory.dmp

Filesize
444KB

Download
memory/2256-973-0x0000000003180000-0x00000000031EF000-memory.dmp

Filesize
444KB

Download
memory/2256-974-0x0000000003180000-0x00000000031EF000-memory.dmp

Filesize
444KB

Download
memory/2256-975-0x0000000003180000-0x00000000031EF000-memory.dmp

Filesize
444KB

Download
memory/2256-976-0x0000000003180000-0x00000000031EF000-memory.dmp

Filesize
444KB

Download
memory/2640-2761-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2640-3300-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2640-3301-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2752-5513-0x0000000074760000-0x00000000747E2000-memory.dmp

Filesize
520KB

Download
memory/2752-5512-0x00000000747F0000-0x0000000074A0C000-memory.dmp

Filesize
2.1MB

Download
memory/2752-5530-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5551-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5568-0x00000000747F0000-0x0000000074A0C000-memory.dmp

Filesize
2.1MB

Download
memory/2752-5564-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5575-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5621-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5630-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5637-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5511-0x0000000074A10000-0x0000000074A87000-memory.dmp

Filesize
476KB

Download
memory/2752-5534-0x00000000747F0000-0x0000000074A0C000-memory.dmp

Filesize
2.1MB

Download
memory/2752-5514-0x0000000074730000-0x0000000074752000-memory.dmp

Filesize
136KB

Download
memory/2752-5510-0x0000000074A90000-0x0000000074AAC000-memory.dmp

Filesize
112KB

Download
memory/2752-5501-0x0000000074AB0000-0x0000000074B32000-memory.dmp

Filesize
520KB

Download
memory/2752-5508-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/2752-5509-0x0000000074AB0000-0x0000000074B32000-memory.dmp

Filesize
520KB

Download
memory/2752-5503-0x0000000074760000-0x00000000747E2000-memory.dmp

Filesize
520KB

Download
memory/2752-5502-0x00000000747F0000-0x0000000074A0C000-memory.dmp

Filesize
2.1MB

Download
memory/2752-5504-0x0000000074730000-0x0000000074752000-memory.dmp

Filesize
136KB

Download
memory/2752-5505-0x0000000000070000-0x000000000036E000-memory.dmp

Filesize
3.0MB

Download
memory/3436-6150-0x0000000000E40000-0x0000000000EAF000-memory.dmp

Filesize
444KB

Download
memory/3608-4253-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download