hxxp://github[.]com/TheDarkMythos/windows-malware

Resubmissions

27-06-2024 16:53

240627-vd7eeasgpq 8

27-06-2024 16:46

240627-t9xz6ssfjn 8

Analysis

max time kernel
420s
max time network
405s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com/TheDarkMythos/windows-malware

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Downloads MZ/PE file

Executes dropped EXE 14 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_2.EXEAgentSvr.exeBonziBDY_4.EXEgeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
2556	BonziBuddy432.exe
1856	MSAGENT.EXE
2484	tv_enua.exe
2016	AgentSvr.exe
1316	BonziBDY_2.EXE
1736	AgentSvr.exe
2052	BonziBDY_4.EXE
1592	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2088	geometry dash auto speedhack.exe

Loads dropped DLL 64 IoCs

Processes:

BonziBuddy432.execmd.exeMSAGENT.EXEtv_enua.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeAgentSvr.exeregsvr32.exeregsvr32.exeBonziBDY_2.EXEAgentSvr.exeBonziBDY_4.EXE

pid	process
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
2556	BonziBuddy432.exe
1640	cmd.exe
1640	cmd.exe
1640	cmd.exe
1640	cmd.exe
1856	MSAGENT.EXE
1856	MSAGENT.EXE
2484	tv_enua.exe
1856	MSAGENT.EXE
2484	tv_enua.exe
2484	tv_enua.exe
1856	MSAGENT.EXE
1796	regsvr32.exe
1632	regsvr32.exe
2936	regsvr32.exe
2208	regsvr32.exe
1276	regsvr32.exe
2576	regsvr32.exe
2584	regsvr32.exe
1856	MSAGENT.EXE
1856	MSAGENT.EXE
2016	AgentSvr.exe
2016	AgentSvr.exe
2016	AgentSvr.exe
2484	tv_enua.exe
1296	regsvr32.exe
1296	regsvr32.exe
2368	regsvr32.exe
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tv_enua.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

246 raw.githubusercontent.com
138 raw.githubusercontent.com
139 raw.githubusercontent.com
140 raw.githubusercontent.com
141 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

geometry dash auto speedhack.exe

description ioc process

File opened for modification \??\PhysicalDrive0 geometry dash auto speedhack.exe

flow	ioc
246	raw.githubusercontent.com
138	raw.githubusercontent.com
139	raw.githubusercontent.com
140	raw.githubusercontent.com
141	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	geometry dash auto speedhack.exe

Drops file in System32 directory 3 IoCs

Processes:

tv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\SET377A.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET377A.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

Processes:

BonziBuddy432.exeBonziBDY_4.EXE

description	ioc	process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\chose.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSINET.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBDY_4.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\CHORD.WAV	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\emsmtp.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\fix.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp	BonziBDY_4.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe

Drops file in Windows directory 58 IoCs

Processes:

tv_enua.exeMSAGENT.EXEBonziBuddy432.exe

description	ioc	process
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET3257.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET3258.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET326D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET3291.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET326C.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET326B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File created	C:\Windows\help\SET3280.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET3280.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SET3290.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\msagent\SET326A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET3757.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SET3767.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET3269.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET3757.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET3257.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET326C.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SET326E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET3269.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET326B.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET327F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET3756.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SET3768.tmp	tv_enua.exe
File created	C:\Windows\fonts\SET3768.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	MSAGENT.EXE
File created	C:\Windows\msagent\SET3256.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET326E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\INF\SET3779.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET3258.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET326D.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET3291.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET3256.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET3290.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET3779.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SET327F.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET3767.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET3756.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET326A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\setupapi.app.log	tv_enua.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000025e2bd3910a0aaa95cf11ce0eeec14ef74063447c22c5158997e4bc610920bdf000000000e8000000002000020000000bf1a21adb5c8de60d854de5f8a163af5f2a211c9863113a2d5880f72066d7c8a200000005e818b861d4854fef6c1a3ce63f7fce26d0bd0e3fb16efd76d3536e607e3fba74000000068777c3eeb14c04ee5f3032379c883d22a920e1bdab16514e14a851f634e8ea4a2fe2a1d5fed43c57877b029633f4a14706cd84d3911c8470f29753188ccf791	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600a30f9b2c8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23CED621-34A6-11EF-965F-FA9381F5F0AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2D2B841-34A5-11EF-965F-FA9381F5F0AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D4D5360-34A6-11EF-965F-FA9381F5F0AB}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f9b6311b51c810a83b4335a6c05491d770cfab6fe005a0d05421c4776ed64cfc000000000e8000000002000020000000592ef946d8134c31e5009647dfd0f1a522914d40f70efee6e5167c1b2435b8ac900000003f387e6372ac2d40f9aac12fda610a3c66ff221ef34b58fa0f664f414893086db56e9ea1f1f59eae03ad6421d6ecd72402fcdd9a59a6b0dd62de9001d139802aa1571100042840c94bc17c3f5219aa7fc385994a5ffd7f6b8fc4dd38790497a538ab2971130f1a89cab5eb35d6a86b4eaac7e192ef2f5b28abf39e5a55970ea9856d2e0276bf46fd7c0d1e0379e5dfc040000000919797088fd760f0771a296e321947a144e433283be0b3f732048a3c7bc90417cb292cea5d1ab3c991e5463c62f255c277d46cf36ee92233d0c83ba52b3f4a61	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{23CED623-34A6-11EF-965F-FA9381F5F0AB}.dat = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Modifies registry class 64 IoCs

Processes:

AgentSvr.exeBonziBDY_2.EXEregsvr32.exeBonziBuddy432.exeregsvr32.exeBonziBDY_4.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\LocalServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziBDY_2.EXE"	BonziBDY_2.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\1\ = "148628"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriods\ = "BonziBUDDY.CCalendarVBPeriods"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}\3.0\HELPDIR\ = "C:\\Program Files (x86)\\BonziBuddy432"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}	BonziBDY_2.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ = "clsStoryReader"	BonziBDY_2.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Version\ = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\Forward\ = "{916694A9-8AD6-11D2-B6FD-0060976C699F}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame\CLSID\ = "{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4F2C1F0-6FA6-11CE-942A-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\ToolboxBitmap32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4F2C1F0-6FA6-11CE-942A-0000C0C14E92}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\Control\	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\ = "ISSDateComboX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBDY_2.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton\CLSID\ = "{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\Version\ = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\ = "_BonziCHECKERSControl"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FEA-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EF6BEC0-E669-11CD-836C-0000C0C14E92}\ = "_DSSMonth"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2\CLSID\ = "{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\ToolboxBitmap32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\Version\ = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\ToolboxBitmap32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX, 2"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript.1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "131473"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "165265"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\TypeLib\Version = "2.0"	BonziBDY_2.EXE

NTFS ADS 3 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs.txt:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

geometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
2552	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1504	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2248 taskmgr.exe

pid	process
2248	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exeBonziBuddy432.exeMSAGENT.EXEtv_enua.exeiexplore.exeIEXPLORE.EXEAgentSvr.exe

description	pid	process
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeDebugPrivilege	2556	BonziBuddy432.exe
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	1856	MSAGENT.EXE
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeRestorePrivilege	2484	tv_enua.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2932	IEXPLORE.EXE
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: SeDebugPrivilege	2736	iexplore.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1736	AgentSvr.exe
Token: 33	1736	AgentSvr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exefirefox.exeiexplore.exeAgentSvr.exeBonziBDY_2.EXE

pid	process
1736	iexplore.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
2736	iexplore.exe
1736	AgentSvr.exe
1316	BonziBDY_2.EXE
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

firefox.exeAgentSvr.exetaskmgr.exe

pid	process
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1736	AgentSvr.exe
1792	firefox.exe
1792	firefox.exe
1736	AgentSvr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe
2248	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exeiexplore.exeIEXPLORE.EXEBonziBDY_2.EXEBonziBDY_4.EXEgeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
1736	iexplore.exe
1736	iexplore.exe
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
2736	iexplore.exe
2736	iexplore.exe
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
1316	BonziBDY_2.EXE
2052	BonziBDY_4.EXE
2052	BonziBDY_4.EXE
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe
2728	geometry dash auto speedhack.exe
2552	geometry dash auto speedhack.exe
1044	geometry dash auto speedhack.exe
1596	geometry dash auto speedhack.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1736 wrote to memory of 1704	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 1704	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 1704	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 1704	1736	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1132 wrote to memory of 1792	1132	firefox.exe	firefox.exe
PID 1792 wrote to memory of 1860	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 1860	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 1860	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 820	1792	firefox.exe	firefox.exe
PID 1792 wrote to memory of 764	1792	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://github.com/TheDarkMythos/windows-malware
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1302688610\920460198" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1180 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f22bb797-3042-47fc-b14c-47acdcb503b6} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1288 43eab58 gpu
3⤵
PID:1860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.33021909\276263641" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9310fd45-2f96-4da3-8c36-5bc4d471f6b8} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1480 e72558 socket
3⤵
PID:820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.308058365\1394240069" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c9086a0-3fe5-4450-a9eb-c41afeb368e3} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2092 1a48f258 tab
3⤵
PID:764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.226294547\1587985041" -childID 2 -isForBrowser -prefsHandle 2492 -prefMapHandle 2440 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d2aba3-b9a7-437c-b2ae-2450d4665a9e} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2496 e68158 tab
3⤵
PID:1436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1141655286\1784698395" -childID 3 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0d6738-8cfd-48d3-9b73-5c6033d25b1e} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2976 e62558 tab
3⤵
PID:1680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.481117960\326853381" -childID 4 -isForBrowser -prefsHandle 3592 -prefMapHandle 3780 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {644b20d5-417c-4f02-88c6-ff32d1723e8c} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3852 e6a558 tab
3⤵
PID:2700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.2059298961\1338990096" -childID 5 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a32d0a95-8495-4fc3-81c7-0490e7f43105} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3960 1fe6cb58 tab
3⤵
PID:1704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.482094374\1573788104" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c9f32a5-8c70-4015-a7a7-06300f72a82d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4128 1fe6fb58 tab
3⤵
PID:2676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.653460445\1495501662" -childID 7 -isForBrowser -prefsHandle 4464 -prefMapHandle 4460 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb461e1e-f8d3-496e-9cd9-114ef0af91e8} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4476 1f7b9f58 tab
3⤵
PID:2824

C:\Users\Admin\Downloads\BonziBuddy432.exe
"C:\Users\Admin\Downloads\BonziBuddy432.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
4⤵
- Loads dropped DLL
PID:1640

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1856

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
6⤵
- Loads dropped DLL
- Modifies registry class
PID:1796

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
6⤵
- Loads dropped DLL
PID:1632

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
6⤵
- Loads dropped DLL
- Modifies registry class
PID:2936

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
6⤵
- Loads dropped DLL
PID:2208

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
6⤵
- Loads dropped DLL
PID:1276

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
6⤵
- Loads dropped DLL
PID:2576

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
6⤵
- Loads dropped DLL
PID:2584

C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2016

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
6⤵
PID:2768

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2484

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
6⤵
- Loads dropped DLL
PID:1296

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
6⤵
- Loads dropped DLL
PID:2368

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
6⤵
PID:2424

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://bonzibuddy.tk/
4⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2680

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs.vbs"
1⤵
PID:2180

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs.vbs"
1⤵
PID:2216

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs.bat" "
1⤵
PID:2576

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs.bat" "
1⤵
PID:2912

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1736

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
2⤵
PID:1040

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
3⤵
PID:2732

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"
1⤵
- Executes dropped EXE
PID:1592

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1504

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /main
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2088

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:1524

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2248

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
143B

MD5
35931e6fcb0a5aa9330974ad8e31db1a

SHA1
64aaa550fb3e98e8bcb5e92d2dc87b86e7a90935

SHA256
e53c57817f89eda76d3b0b46171eb74f5a47b13195c4407c8a42acaead30e1c9

SHA512
74616872568db77f7ab31eacd8fb41e5cb1b48a08e2a7cb14e505a0d084094024fa5e80e004d12c93fa4f11c28bcdd3e3ca01a90110fe20c6c4b07639f182acc

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
Filesize
997KB

MD5
3f8f18c9c732151dcdd8e1d8fe655896

SHA1
222cc49201aa06313d4d35a62c5d494af49d1a56

SHA256
709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331

SHA512
398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
8b5828db490fc7803e615e0a0bcd690c

SHA1
e960b733ec6e42693c55a358571fc09e1e9f7bfd

SHA256
e91d39d6f8f1a6b5a124e9a17b505cfbb38cdbfe4917cc1935dfe6f97f3022c4

SHA512
59745a7fe90e4cd2604ad3bdf0695f8be31f3c9d32a816758224dabfafbf34350b0eee663e9cf7c559f4d81fa0682ab6165bedc287ebad056758fa35aff349dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b6a9b1f4317a589a427f7b263f0525f1

SHA1
c0af41675721443d1e8e41dc6ab1576f12d19493

SHA256
0d9b446477d0d4889f382f76c4ac961eea6d090ad6791c9fb7f9304057a3239b

SHA512
bfb8fb941a1823501f9089e590670d2092fdc890777c171740309423fb92b85389394a48958507f31adec44bff4b36d3b5e33c9e27b8b04766507aa31095c821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8045b184676f53f9448158b45dc0ae98

SHA1
b9281435011c4cd7472cdfdebd97608c574b0cb6

SHA256
795122d9ffef736a2ce781d91b4c1d1cfe81c2d9f6e743da27d6433b24b11a1a

SHA512
8a611bf5ff243599c1b9e20e60f4b500403e2732f622af8bfcc3549ec3494f0aab87e764de0cf41ee6a1adde9936ae7366af402d1064a5d9d1e84451fa3eb976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d3fa7ce9dc8b15d7e5af78c8f89dd1f2

SHA1
f60f95de9a388032be9509de1d9e8dbebfa36017

SHA256
7b9902c9b9477caf4f88c995dffe1ff1fad0d6baf53fadc79b0d2082e8a0ed75

SHA512
a0c772b34db1bc0a5c0b94555fbe68618c97171c1e3279ff9f05b04ee80ec87fc9aee4d30e790645bf70e0254fb4ecd84439e1650990a52af7a2070f09deb0fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8fec9ee24ddeaea46e3cc262d360f7fc

SHA1
81871c2e090e3210821657a97fd28cbc91aa5ddf

SHA256
022646c62138add0fda7e1e309c3eb50eb2eac2d589b4069e2ae90a7dd6d2435

SHA512
0c9cfc9dbad8b6a313c17c858466e8506ecb2308dc9e16b44679cdedf19220c382fbb40085a6c030b402ec02ce93c8c48c21636d6f447499fcd999576b6e36d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6218ba89395606375bfb0f876c805f7b

SHA1
afbd3d9e673c35baa8dff5c4df8608a3bce44b05

SHA256
983a4fd9874a43a0fceb9c3bac449ecba760f8e1781c300e21aed3e0fb10793a

SHA512
5fee4e974b922b2c49592fa51c7297b7d3ae7b7fc0f930f68dec47bbb8cbc09f01797d89d4341e06a42c4e3697406a2c413368d79b51b06a322407c7a8ef5375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
25a8e5064cb4721fb42d34c3d35d281e

SHA1
33ed558d9ccad5fcd24a2e57dc3dff1aa9e0bc50

SHA256
e095e32e2b86312a97b09834bd49cad052425bf4338d6691dde14cb1711c8565

SHA512
dd86172565af9c7254ac2ad78a67d785e3a71428bb14f41e1c461a131338a35f85386e8a6306391d9cd5f3d7f5ffa067fc5223083f6358b10a38422770b741c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
aaadc3b0550ae63234615fb7adb53114

SHA1
d5f7e80b28bcac96f135b0ded36c59fb1d88ae7e

SHA256
32035ac2d178344fb92c9715340f9df64133eb0e42d6a086643c63c2ba1827ce

SHA512
5bc6075c6f930b314cc8eb3acb9b50a4594633c8797f9dcae137277457be8e84b14b1d91f20a7eb8971858846a0b173bf32df4e58dc16e3961bafb9d570798e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a1112876eaf4e5095b4b84ada137efad

SHA1
47dccd472d2ad864710be7a28ad5882fd8b83686

SHA256
d04d63961145eeab57e7d7d1da9b4d0714dda55c09c1a04afa87d929dba002d9

SHA512
fe37bc65dcc75cc4d569da8815c038908182f11a21e1564496535d9233a74eb1fa263afda391d02dede6c715d1a73209cf080fe4ad5570a886d978bc3e81c9f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
495979644a7877396d7962b03eab0ece

SHA1
1dfd523aab1b00bed8f1218c68032bf9d08f6bca

SHA256
c84006183b87f65ee39048e9c7d52a8b8bb7f40c7546325fd4dc04bd4a7f0db2

SHA512
2a288c0c8f3b1272951ad3265a35fffe6a947d47bf9f641673b863a3d31970193acc27da20fca0dd4df4b946908c3351d63ef1ef026cb5bb68629c905f9b8a19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
fd02abaaff2ed9a6e760c058b4d8c000

SHA1
a81ef6e264a5b66af57430e4641701d722530b1d

SHA256
f06ce4dcb2b0788788d45c7908d0105e89d6522defd78e8b52ebe9f52512994c

SHA512
970b6b6a2253247f3389419b2049b15e85a392b8b1a8a9bfc45822839c7a04cbb220d5387508f271ae231a21d00e49433e1f64c9b2ac2bfca0a4ef5a23081bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8186667cb4389f421c696950d6adf1bf

SHA1
03d8d73a66c287828739497688bb8b4e940119e7

SHA256
a9e198a4d3cc22f198f6ee8c1c0a02a7ca9c65fa37a0edcc43713e3f345f52c3

SHA512
bddf32000d11a2a6392be6ff406be77463e9ada1fc0ca164258c0c91cc5e0acb3eb4d2a20809af63a8f3f02fb055fd9aa957a8859567b479036c443a3490cdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2b0be9de18d966b066dbaf78c9c84fe8

SHA1
92c13280544efd396225a687017441d1235f52b1

SHA256
9f4cd592ef889e9b0f16b3c9b054f26d15db191b10fbd02836e5dbf48b425a9f

SHA512
23e08500df89da2b3480dc1c1ca842450c224eab2f1e4a1a4b3d7ca9ad619517e719cad46501ad54864db51a492ebebc278a2f85cc55fa503f99d45373af4cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
31c132bd79dafcb48fb0d960db653b10

SHA1
81847c55c7fe32768ab7258d92f4e3da698366a0

SHA256
be7d8445fbaef62dca1a76be0aff47e386efd13e710c8c79b0bef82c1eafe7de

SHA512
5c0b6b35f4465ca28536ced41cd0ebabc80667fab7756f59bcbaa5516d1d374e0085fe1525213d73b3189b13fb08da7e22cbd3a78148a984a8d2ff78626fc286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2579db718a731075e46276a16366f7cb

SHA1
63c03ad9b69636981d0761a8f58a4fbd9bded391

SHA256
eec1a2b3a035132af06ef11e0d72fadeba648ad3f39e0e61fe8ccccc93cad8e0

SHA512
94d46c058fbe83fd7b51682469507012ad879d2bb22eb1985de4b03de9439b1c549c08b11977aaa95b9d49e695643e4c0145754f2ed8c43f44bfdfe52ef26204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
27dccc931cdcc5a90e0322beadce8bbe

SHA1
35e00a2b00e55ed5eec9b07e4fb5529c3c809f5f

SHA256
c94a5462f6e36161a3b66cd11599eb96494aef4d2177a52b6a5591d5e9a1ca3a

SHA512
c3436317766d2a3cfd4ee1c6cf93aa01d232c0962d4ddd3d6c59907fa5aec2e36a6be9d542abcb3642115cafe46cb0cfa335b5375cdc70079f3f989825c6b6ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
331afbab434cd021b39c1891bd36bf8a

SHA1
bb44bd0f568d8c72c86ed6783d35de7db21a03d9

SHA256
50bd92e0f2e8e6673c3b8f877dc0700a0cf7d2a2209a171da6282df9a41ccf25

SHA512
585019923502b1abb332e322eef5b2b77455b66f5b634fa5b68a8c558a1db32aab291f57acbe3b26719779afd20e405f8b561acae92401889bbb9db80e862d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
24e4922827784b925b37cc7c30c7311a

SHA1
bfa02158a609ad6d7b3eee0cd752d8c9d7850f5e

SHA256
aa2709e355c21ea918815b8fa733998ad9891b08509e0706b302afd1f06902fa

SHA512
3f148bf2017bfda00a474b95931af4d33a572bd46ca067ae4f5b44d7ebc7130bf1dad7d9cc8198750e283e1bfbe151c1ae3a6a042bf97eefbde83c804dc5ebe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ef32bc48fdd6fc15400236a8bbfa1bf3

SHA1
1c5e4753b83684f10d766794fdd7dc8a99bd8c5e

SHA256
9830c27403e7a7f651da696c7bfed7aa6d37f2945e6547a018ee294609b71630

SHA512
cc7b5f57e52aac2f44cc5b05b0ac20fce639d457af41474b9e10286ed7367677018a492e5fe0d258a7140b4a289d8634b7309d9d42a27e89a855beeb40460d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f3f06067cfd50a612570689187c4173c

SHA1
28297c2f935d9e583af3022d2f7d0c76cfa06868

SHA256
dd7369a9247e2528d66d4593cb293003116c3ba5f8e8dc23d9820cbedecd2172

SHA512
3671da102b82fb058fd1502be595c8c5fcdafd9baa5895598acf4a15b39ca8a4297ccbbeb746f87043baa1778df898f93bd07b7ddba6a90a2a68975116ce4864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2b08e019771fef6b1907af572a61794c

SHA1
b952ec053abca26ee21f465160eca385bf6423ab

SHA256
3ad080653f850c7e1d2a0c32fbdca503de6fefea5f6fed0cebc8c31cc06aa2df

SHA512
ee1baff322dd406da07efd22c5d4a33f39de791f76ee5df23c16c032917780ad3e9dbd28d53d15684376c0c8a789f7b6db17ded3cfe9308437f983fa2f266be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
44a0097965e40804a996f203878f9405

SHA1
d04952f35816d9fb06d03420d16ab2ccb98adbdc

SHA256
0fc5326c2cdf124449f2473aae0466f0607a29de94867f0a5d2bb857e41a40fd

SHA512
cf24c4e17e984dd01d37638c119ce673eac91130c25363cb38c795c4a647b25ff488663f64df9cc611000c5be7993c8583307f7adc0a92969f5c4efa7c8ca82e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ecded895736fd298fecb73b317379ae9

SHA1
1610370746732c1f5950017f6c3f3b8061dec2aa

SHA256
4ea2c07e24f20fef4fbcce57b34856edc757162d8478e081a0c53400bf918776

SHA512
434cc13b30a9e34b130266bdd6a9c8b2a774e07c46f283de21c191e8510ffd577a06b2175af8285aff98e416e939c1251572f7ef545b0db574dbfc5f85e57110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
65c4cf8193ef20309d8ed7ebe43cc8b1

SHA1
d5a8d49315f618143780d0c799d3f7fad8a2da84

SHA256
262e8e3602b9f7f301202f5734dbc1f8c1e4db97261f1fafe1cb7c3a5858539f

SHA512
81e57a3d7d35ecba31b2af861e26f0a82d94fe0cffbb03f7ea24f9e71d9f66edc30098d52c4fd0b5c315e8f56eab6f99e90d526b805bf8b8a4d262d4fa60b4c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
adfe34b0e3f38cce23994aa13904242b

SHA1
a8870c6212a4db77b152ee948fb21cc0060f42b1

SHA256
d2498482f47ff7dd3e01b0a27a971c544e9e750334159168604f2fa1c6a6eae1

SHA512
edb9282a5393539d5cb0c5b76ba58063ddbe2bd9bb80c6725c7f6fabdbbe73cb05da26f28bfb62bd043f5cc80c1e718d3203c98d31577385de9d7e9f073583c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d78bb56f521f32dec4ad833fd69c49d5

SHA1
aa1cdf7ef650c6869d56cb46ed83780c2ace3daa

SHA256
78eaec51566fef93474bbab72f6d485139eafe6295b5309f9fa0b3d72313ce79

SHA512
26182f717b0c1b6a597c58b41b931e1310e793e15a69c98463bd8d5c328464b9902c54b14d7a8971fe89f51da34c9ed64b277dff5660d093f257ffe7f26ec14c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
edb5c91a0939a94c660b18e02f588683

SHA1
4d9a5efb0a5e6b08b904fe8a0f81af95f6208d42

SHA256
d23415c70c015e7d3047a03424ef38333ebbc915fc2339eb167c3d279c1f928c

SHA512
f9db567bb64c4c6b2fd5e9326d9d78f233851b366467b99b432884cf735543986253f88297537f886f56f98bedea29ce2cd48ce2425df18d686098b3aba8db8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5bd7969d5df646489a781a5f65e5d327

SHA1
940507c227c07b1bc8ae6c70f49ed111416bcf17

SHA256
c733258a50e598fc325fa1e953894948fc422a9dd2e1f4d379ef9fd45193377c

SHA512
189bac65841ed466b5d03bc85acc0466f1e3000f3f224891d75dbc979bc53b3dabfb96f3bbdae45fe1af8e39df41e1b94ca83d81e4ece7531d8003afaf8d436d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
16401ef1c4d48e61cb9e32b3f956ca52

SHA1
c9388d71719975c8e4a06254145a5255ebd1a256

SHA256
ab128d2ed9fa18f827596ce53d63687b0e515558e160f8ed777c47ed74c22b47

SHA512
3009fbe69fe602d60ed076622d9d5f3ecb8430f95115fe64c4e9826e417c26e682927300b6452a8ef6c7beaf4e75aa83985c028086371d809287bb3d4aad0c4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
93c65fdc9b3c7783fc2286d02c1b6bab

SHA1
d20f80f296d4b112217535a1e5cb9344d2987fbd

SHA256
38c9b41f0e3237e081399623977a70624e20977ab2d6b6707934a09eb1e89245

SHA512
0ff444f3afdf0591400751368c024c9af7303a9b15b7b21ee9165b9b610ba71d0240efaa65fb7d9d32109f0e8d20f713dfdda4767c2dcc6e3797055e3233e0bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
fc19856ed278c96226e2360c15f7f154

SHA1
d1b83e206aad60aab76ae588411df0e09a4ffb56

SHA256
fa460580f9599df726693b33f61e1d082129077ef32df228f2305381e9c9cfa8

SHA512
95958a570797544ce412ea36a3c7b6d4618e86cf29944b95165d4fceca5df3a993f857054c2faadae3b9e0f672afa9902ee4274737c7ab73ed689a4205120535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
946d34a39f9dfcada640168717ad5fe2

SHA1
4be469036c4aa75ffaeb447780b9a6bb298ac8d1

SHA256
d7d312d3af03f4c1bd72e0c4467738c0f108471108e8670bb0f62b823f8c6c97

SHA512
a03a4a84dce6258828910f5526ec270947fa9eef7c4e66e05c490e3bf1e122ce0cca99c153eb2d473e7949db1745527188202caaa8ad2cb4f2a5229a704db0ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c316155a3a783526e546097091b32516

SHA1
3789ace9ebac7eb57017b34f37219c691397d721

SHA256
549a7ea62d385129481dae43281dd16544775f8df704196ac9c8a45c6979a557

SHA512
d99ca6341ba9f0c8bd352849c08beed02d51b690ca1d83da8333b66578c330aae7122384fe12a86cb935ee4038e480223285205eaa2ce56878cb70466323935a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2368791f91bccd57f6b0e20559fb9f8b

SHA1
13e2fd36851d0345423caa29883f1417c05d7e47

SHA256
9c5813da9a06f7fc168b669d947ce66b49d0414236d6f380da252009e1e50e8c

SHA512
cea44a2b650ce98c5adce7a5787084cf8cd59343618e98b3114967f255428784ce5be7fbd32471884a2393647be5c96a11cd0b03b5fdeb86ea241ab95eec7348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
844c8cf84e9597323114eacaaab4facb

SHA1
265893383edf983217099a89a514cd30e7fc83e3

SHA256
b89abdbdc1ad250332ec9c739fea9922b8b4221b5a8a44ec20dc649e0486e590

SHA512
b5279cd3fa8de95440e5c0f32ac95150d7a3938f538f0a4708e5af09f8a3d3c85794d888251ac335b88d3e5335703fffc0acf1eec571565d6b28a035d3f3227b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0a1feef66f3f10ab61dc1dd9b0fa9d7b

SHA1
58c54b59cdc23e905efbd02146af8e85af63a8db

SHA256
b5f78331d75408ad8649305a3761ff2878434c62769a2a05adce2faa8146f573

SHA512
db965836788ddc9a726ea606040152f9dafcf4ce5904598f72f723607a1069061c441074a3dc824fe05c3ae9fb2abab0581049b95241697918e8e5902428bcbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9e4d84ef898b281a4729a7203565cf3c

SHA1
ccd1433b175401e19fbe9b36a2de9b2c39bac43e

SHA256
516fcf4852fda5d040f0f2c0d7d8ad50f87406e1d654e97e7f4be6af528d5c1d

SHA512
306cbd3386fde55d16d05347ff52d40b4ed63e9a91b357999f957f0eba5a9935af99e645a956e81d0d5f7c013f32f45676e4992dff287bf7a59690597f4eb6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3cd7eb4d941943c65427092bc4c0d849

SHA1
33feb0be99ff59f0a5f3622b16c016159b62c47d

SHA256
25f638efc508e37a51b520dd2230ec6654818339e80e295778bdaca85e673258

SHA512
0ee48aae71b0ff1f887dd03eb461b6471493d7c655082da3e0e857131d6f5554bac4b7fc8eaf97d2c1f204d09b53497cc56756d3defc4ab3377f00203c50436b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
092416b7280a76e5071fe05d412e1e57

SHA1
deea54fe13b2985b330448887c09282ce75d34f3

SHA256
6b9683b9ef5b39814c7a58bb9d9c4c6e5727a05a31bb661e809f3fa6cc43a531

SHA512
f0ac5b63dc02b3982f0eccb9fec084da7460fea17031057bcfb4eb415902069212ea3513d47a3a21edc418039b0c3bf2b3468a82bb2186d1f9d3905906b77456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5295db7289d638df1c52f73f6c49a229

SHA1
4066522b734ccbdc61e0fd974d2678359666f4c0

SHA256
ae21dd5d03a54d18b1d5b71e5079021145eff8ac95e46c3dadf222dfce00b39c

SHA512
94d7d8e5402f4de7ae098f31f94d276cff7778748bf9775978da6b1e1d2ad7be2dd7c8684c6880034b539fb0fef54415275a945b112728581ab1f261130fb382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
97a303f22d9563e6bd7d651151c04452

SHA1
5ca75e928f559e4421904760bcc7d0053e67e2bd

SHA256
e3f7799f547975f7927127504a3c4273fc595e85f05a43e3e553ba44e571328e

SHA512
2dbbafe4a0392bf4bb2847d3ce1348fdfe1c4fa63bf6f326abb285b49b11a37912caa393252250f09e401624cd862edb9355badfd96531748ecf23de3f915d16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
cda00ec9749cfcca8e42643584bb609d

SHA1
bb75d749de6b3f42130d8d1c2c006e9bfbd9e1c3

SHA256
884cf2bd568da6315f57e39be436cefa2b83c3ff07786e4cb806b77c31cbbbfc

SHA512
25f0cf6390076becc5a8e766f5d9db1385ea6f1b5073a4ff504068115d3e233e20061f74bafe69801e41d08c2d5e3670b339a5029079814b418ec6677eb8f8a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
57d0f3c4673ee7dfdc4b11f800eec9db

SHA1
348b2ba97698b3eb581fd5c733ae8723a4089680

SHA256
8aa330e2dcc4217c2f559a3dbff9ba7cddc1c757ad9266cabcfc937e0fcb66c2

SHA512
bea777d1025cf23ff45e0e07f8b6a9e09b6e3faaa7c292fde9927433b96068c098f493115f7ab0fc5fc74588991217511392c9eb71bd9d1e87e91241dbd8f4bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a1ff7a2a228fd5abb8048a9936529589

SHA1
7fea169c8cae035e8563e3f121a8c05483b9f72f

SHA256
917febaffb686bf210619617c2c527f008aa84d930df292614dd7bc323d6173b

SHA512
8be9f90deed21dd048de6e5410c970eb8d7a0b92d58ceab65a9c73d9cd1a756578c13337831260c7e8b8a5bd23c04bf12b8d6d2cbdd90866bf1e3bb2e0e57026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b50d6d3e4e5c648830b60911fce37f48

SHA1
cdbd2a66509de68ea2c5fea8dea3e5642d31a17a

SHA256
40185ab3351df417a60857dce1ed0c2bea522812ae5580962479c1003ad058c0

SHA512
20b53ec1af3d68dcbf67ef7d2a7668929aaddfa111151dae84fef33f0f12e0ba0d7bc8f1225eee0b5a5af01540fdc80d02444350a4a6d24fcc68374be481250a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2fa1d8a0a025fe090135166f4b41e376

SHA1
6fbe7e5c580c1d36ac2a9f351ced07492dcf89bb

SHA256
7ef7431ebfd5b6cf9b0d552eff9efb21c3777161aca81e8e54dd6c3f8e506759

SHA512
f17fd9049fb738ec2e5ddd6ea78b357b359e785975cc7fdbbfbbd999f8c3dd737031844bcc639d30831890b9388ada56702bccfcbd82b136c6f23d82afc90041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
22b2f3018fbaf1757796fc622971f428

SHA1
ff9e7a3547d7918c81d800ede0d8a11b05c45876

SHA256
9b0766c6da75f09480b65e9bc486ab5af3f5126980efe10f826861fab9c86985

SHA512
d4aff40ea1b60f9247d6c625deedd773b27e49c36cec18aa45fe595e07734e99c1483b105dc8cb2500492f93804450fb7aa50502ce4ff8104101ce24b39c6b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
42cf552fd32b44c77d948d1419739fba

SHA1
d3dd034e9f84c84574b1a59b6fb5a9c40b8d0dd1

SHA256
b235cc9ae6d6cf299285e5169ba4415e96533fd114ce19923f4f1bbb7ca0d81e

SHA512
f77a80debce71624ea88bb47643110cbe74dec46b33d02ef00774eb0faddb41eb412769fa1d3d01d1b3bc8b1adeee2d23009e7e05ae9b4cf1b63ca5eb15110de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
57e6caeca26417ffeaf40bba5d753691

SHA1
aa870de385d861b80e96575ed33a6870c253834b

SHA256
b47a1ec61a1d0f0aa8ae23911dfd05d300bc8aad06b55791d32f97f6e96918e7

SHA512
30d8321b82be7002d9c324508497f4b761efae8f34bc88fdca629969b19521b66d6c4fcf4fb3c72b20f46228eef77780964d307e0a3c74b6d009a11c946af3a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1288549f222ab51967123f30b5f04b75

SHA1
b77c08321f1ac740a1640b92b7e60853487358c8

SHA256
f8fa1e342839245807f71d440c9cd8f65db86de5ce2bf083e337d402b11da4da

SHA512
ea9cda52153085b173cf3fe098534dad72897bcb8771d953cfe7ac5912c1e4ed194dc4e8fbe88dd77dd48ed68c41b0fb3e4422c2e66f829da436eeb932001704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
80f3f6c30de6c421d34553ce13a425ba

SHA1
02cc4fb16bfed863175988f5dc9bc18a5d4020e5

SHA256
4c62316d95b1aa068e1d5e7557148a4be601908aae8db671456cbcef00202ada

SHA512
2effcc7ac27496a40870d1bbd0dc09fdefae0da246acc03aab1035916ce514ba9555975a3a2b750734fcf8a9a23bf63281439a5bc310b098df582c2f8f3c322b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c7fec0ed218098b61b5dc2dbdbe431b4

SHA1
857eaa8a7941c3447aa370712e1ad02e34f4701c

SHA256
145bffefc163117f8dac39e5b4152d39da9023c574f61d54c3ad2c7899cf11fd

SHA512
70ff66f53dc8c8a04f56791d3f84dbb7933b1d86793197c1353d9493a26d76f9befdb643a989b1e3f4f6ae211b19ba90d2191489ac3a2160dc57e077925ff672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9e1b3eb42ea93c601aa43e363dc347ed

SHA1
b87f0fac840a22337ab0709eed12823c1657721d

SHA256
7992e1c4ec108cbe8c9f3d87757bfca5c5be0cb692df842d39b24527f33d385f

SHA512
d25e7b74c8175bcc50123e4f1ecfd7516daae338a936e0db8e4617c5d704317e9a69dd7eb08354305572441a82aee953b620fd383dc94815676cfc10d548681e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
05586b76335d9027897c695c8486bd8c

SHA1
fba1372a86981d62f5cc8bef3fa72107f5992205

SHA256
ab3f8443ba3c5176d34877ccc894a87da686aade5a8f14a6b45add5981933809

SHA512
873e64d7c1e42e5b4460e7e56e617642a5ac2b2bf2b3f9aa35d9c931a6a3a4a04bccb03c1d5cf428c64133543ef01a6a5bc3fd1e0da28867d3a9f8f7bd67ecb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5370045499fd74e269838418c58ec2c8

SHA1
363baa40935123642b2601a0ee24a660f7ac1b47

SHA256
a107d529d12b2d0b663b10d97bfbead49b497474f2f553a9e6f471ef724b2275

SHA512
cde7d6a6dc02e3edb2bf953bd29a2e250f387e7dc3e15c32a184dfae282efcfc6839bec2a0abb54e432e89e738a23f03be15c3cb3dd36dda880e9690f936f4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
491dd8ec9becb8271512a50b0514d35b

SHA1
ada4a7fa8cc3d032831a851b4525d92c6b874030

SHA256
666355f0ec55402f0b112d6916219b51d24e0b49d10905d89acd64bb0d73c704

SHA512
e3e31b2579fa0dd3b8f780cee32347b0d8f89e5596d3875243da7a0afe7c82081e86b7b20e0d61a33257b13b85342919027c626b2199d68994df227c4511d958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b512805b3b03fc376fe710051bca145c

SHA1
4baa5a3890060ceb9226f31a92ce2a6d7e4b6cbe

SHA256
73f8fcaab044cd02e14380838dc7b539c017e48b1ff29db0c5d9c079b6d3ef74

SHA512
21897d364ce41e550d2f85455944920ab0f032d0f2b3ee8fa218737d7a0a02d34af5ff9615e98b47ce709bfecf8a224653bce8aa5df86597481a331e30144ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
78f40a34644faf750f7710619fb01e26

SHA1
50cd5d74f1f6185a1c672b6332597d05e8679550

SHA256
754b702f50219a25b25435c09719552393b821097af01d7b3ab037b4b5e3f29e

SHA512
16db9a7577594e0855c662828a7bae78b7eac2db2a0c4cad9f4b6b1cb0196e3b2c745f36c25a1c18212b4659e7a4cbe963a9d007f2d6ff0e549f46394335a2df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6571e1888de8731f281c296ac6a6f276

SHA1
6cc5165d29f328720238a8d9538bbe003fcd8e0f

SHA256
258e67c8b4887861bac819db9656250477ff0ea40a5ed17736b7ae0d29879bb3

SHA512
132f5fe043ddc81ca1d7978e6a4b66aa64d3274cc8cd8a532f2a1cb06d0f88c633e48f3bc00ed80cfc917a0b13e9db98a5f388f7b5198e551a841475832dca80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
244c31701f7f4c357f64931c9b8f3779

SHA1
7e0b3094f6a642b3d974b7f98ab9f3f53d8aa5c1

SHA256
76df4527646ff55b6fbedefb970bfab6292f4c509ccf2e1024c8bdf2d26db6ed

SHA512
7d2b1426bd7fb2d3952fd91cb63bf9b26eda8ffe6c22b6fdd054136b3eb2f52866b2658662bd0ce7c1fe15da059893a17b20cf85394dc73523fb0ecee51b88c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
29518c62882e84a72574e2212fda0b51

SHA1
fa24921cea5c3b8efc935ca586744eacc8200928

SHA256
65ef3c82fb2f81c1945f0df0cb32646f2392488a861bd31278a5e160d31ec10b

SHA512
d2ac62e2ba423485e23878f00585789b49572966c0a85e9fe015ce06bc5ba056875adcfc3ca77424b17f5930da24859af8a21ab75d74288344be12a2af53b2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ef9dd457c0bc9b5f7cb7aca9d527a673

SHA1
c448cabe9909ced4bc6a0f6dd346113a807185a5

SHA256
c14677f864cf68068b32b7dc90c3a91e72e3417d8e54390ecb9a801fc7484ac6

SHA512
74ec98eb4f27d0b9ba1f578b5bc1bdbe1bdc7a734fff053aa9786b52f16ffc817b61a01fda896b19a4c4c981c9441a6d09233fc58ff03b6f31c31a197caf3380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2920ad4ed41e4a4ded9bfec3eb1841a6

SHA1
2ef5e8f32b83641b61c9327b7ac11bdfb1121a88

SHA256
10ce0b813a3b590edd24f1cbb08fb2016d2bb1d4084b4ae2fd65533a4cd61460

SHA512
887b4418be790a5271b24ef7d011e2d65078ca9ca17b5e10c30e77e27266b701a023be450cf420c903ae4e31d6470415b9a8eacb231929040357cf1abf24b9dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
beaf1887fc5bd25f067de1c52477eb73

SHA1
9e553cefeec1e0875d2d20c1219144108d03d172

SHA256
34b6c420fe56e7da519e674e7fea6b009604f6f3646b38d1694b17f743725e50

SHA512
b54c74577411ad4db740e998170386a9d1df86fb9cf62aef1a56f8fcc69e8fab14f91855928bbc81fc33af2edbcc08fadfe61ef52af17de48365a2684c4ac055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
18563b832fcfdc3aab576312bb2d9f83

SHA1
0ec5e9d23c23909abed93ef9e5af2671211bc330

SHA256
03d6340430b764bc4272fe328544e4db7958e5ac64717edcc33266b73900f86a

SHA512
1a1fedb32dab9d3b1fc15b34efc75b99c723d3f71c5fb3f2ca7a2e2a907e6b8912edfc2e54691e9d6eed17d30f7aa1e87fba02c67e9614eab5bb088fd4ac57d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
90f0db8bbf6a27dbc71c366bbb19b3a0

SHA1
b9b3314229ae5719027c4b2f65559287b2f92f49

SHA256
5c8b549eb0753253e40535825a7a663fcc6f8876a898f010ef1b7f4728a54942

SHA512
757457f90d204a8e2da8f4d14ff65372fa81903eda26812d3350f66c3be8f0b11da05d36dc4540c2fe87b781ac6c0f2c839989861befabef56654d9a761f6272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e831423316f9f8618c25352684a9c508

SHA1
278ab5e5792eb00be57f00723879578e06dd06b2

SHA256
904f3b65c640d461fdb62981a05b1fa7f8866fddbf2e5d1d16be646f31b72f0b

SHA512
d7f458cc17108383e6ae4233bc1a1f2d8d0a13f557d6e20b69d0b28ba599df959e7676ba231f7d322ed7563ec4fa6d76a6f5449ad9ef20312f259583d27b9cd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6a7ffec8aa44ccbd6440ecaf39bf6f7d

SHA1
da597cb8c4888bfdfa2b55a2b0c6edf0e5950616

SHA256
0884e009d5b66dc5b19bc62f3120fce694908f9f67bab45a3f1ea49fd9b9ca74

SHA512
5f315d911a83fc1aa937008479282b95a723f29a365c829cbe21c15e43cbfc9c2baeede9f66c5abffe18d311b80fa0aaf4b99284e20e826b637b31426dc7477e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7141ad3f18d87ec1d2dd9e7deddd933c

SHA1
fcc4dc07514c28e8b4848394ae171f26003b08e4

SHA256
21d69e18e7a5c2e7352aa8e7ad77e00cb109934ddfcd75a3f65ec7af9da483de

SHA512
60c9cc9f33c35a525ca110bffe3ddd375ad7cb09605c73d6a972e14efaa79c2c5860b8e028ed9b006d9d8d4bf0d309388358541056b7104c0c24f5748ae159e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6325493977b4461476d3c121fdd6bbb1

SHA1
ff9f08064689b6db569d0432dff3c9bf871ceba8

SHA256
177c25fc9ca9c025feffe1d2574ac22bb014fd5757623a5cc5fb2ab1ed0adb5f

SHA512
8a015c70b4293a0017b68cca37a2aa0569ccb0660f2098a97d3badf86783d11664749317c57f3377ec6c9fc8039b05a7eba0cd0b0b17f73feeff35e39df30b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d08e01e34b1b546076fe892fec3ce46f

SHA1
aedea4b40d7491636c83c74e6683e608cae0fbab

SHA256
e861ded8813ba5e6734c1425b2df83f2a3796e2993e8669fd787cbeac7637335

SHA512
89863577a94a027fd62973be1ce445bb0a409197e936c163bdcfddc7d43bdcc6413306fb7e09b15e98acc2a907174137f73390d8e5788b9d856eaa36156bb38a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
be3c02a690cc773e5482cea0d22cb0c6

SHA1
686f0ea1b3c4c42ab5457f98159ef48eebd3cb7d

SHA256
40d9cde3542eb70807f61143810c77327cfbf766befc834549d04662d7f5fea7

SHA512
293008b5c0308bfee594a0b717aa057429d56011b42ec043727eb4018e182e98af7d6357aae90640c06580cbca2b102d51a09af1d1a32321b69fb4969f88371d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
61f1bc26efbbb161fde03b72e7fc5e4d

SHA1
f81556738978ab8dbb6bcd72b0c705776d8c9c84

SHA256
2007b6ab662064bcd8c3a36b754b1d150098523aec7224b6b167761dd8554431

SHA512
84951834bbcc9db9df35e83c49b3dedabdb48e63d1e7652ef5f4364b4a49e4cc7bc225b8b8a59e8814125390bdde502618e080f47e6bebd46db9597676b27dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
143a3d897e6e8a3ba79d8bff8b4d6232

SHA1
a0b495f4cb6f8fe6d70f483070f5fb2f144686f1

SHA256
9dbb6962dc529a9fe59f67d1216d1f4849833ec4190cd7bea1aa1e12f1648cbd

SHA512
7eaab00f1eded3b37d97d763070743ba2fc40749b65fe1893cf1b6a4e4b4a3e4dcb2c4d928ff16b4277419652c8109851cc75e3a8d240e09af3dd6b23c4c15c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e6508a8779a22cc91921f7594fd03e6a

SHA1
7b8521d0c461ae17d0bc2e90887762912d78b6db

SHA256
5494591d32977209d9ef8732f86eba2a629f504d5e58eb5f2ca5dd4b8b794434

SHA512
9125bcf43c7bb9e649f0c2bafb51b40070b44021621703003e410101d3318064e82c847044f62d49210212b93cae2363ba796774db24a7c726cda8ab2dab9882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3568e4560101d2d6d25e5c52faa7cb54

SHA1
c63ad0710ec83938ad97e890c5bfc69956e989e6

SHA256
68f183a1658480a355a93af3bbb95f8422e0cc4e0e46faa0de5d7cc92f16cb45

SHA512
fdae40910a709f719367fcfb5e527c440ed8b55aac6ef4bafcb648fd9ae0e2a0dda30dacb9f369d61256c09e11440236f2d7b8c9c5d30730a4379d2af242442d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9a02efa948d382263d2fd7301ba51847

SHA1
9b3f9d96092bcb85e1d508be36d2e7cadba56dcb

SHA256
effdaf79cab7e508d423a120c1613d9f29fa9081f42775619b84021927d02ee7

SHA512
b016ce9509855ad0cbf4573587c5d8b1940843152c58c23b9df2014e4f311ac6acba4b64cd34883b0fbee288cda350e6b735bc0876a2d4ce47cc24e0e4091b5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
7fb045ef5311c672b748b9252703e346

SHA1
83c4b939e85f347ae4e010e2bc916ba9cdab1d84

SHA256
2f34bcb9baab8c871c2b30896755d6098884bddd4dcbf08d93c2cdb08a85bf2b

SHA512
bb5abef83f0c6fea478b7fee73532a1767a5756fd136c4ca49f031632d601ab638c02e3a3c4615ac5239acfc86fdbdad34b6af5e4626a225e5c2b3c247462a89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
f866f5af16e1e07d849aa51e05e05003

SHA1
19eb34ce6e764c209a8bc755faf4fdfd84a41e73

SHA256
80a91f0fe4ce7d543826ba292cd92b02ae5c15aa24999f183da43daeff676aab

SHA512
924067c0e6047693ad9ea15f94b8d508c047e56e9e6da9a4fd61b75a8618acd00f41efdf779cc9c8dcb2619b13060b73fd19b7f379f252340bc4ee808e6a378f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\doomed\19783
Filesize
12KB

MD5
4424aa33745a65c2135b6b16d39758c4

SHA1
ae84c3851ab9da52489b73d553eef19256e43edc

SHA256
88352f93ce4040c912b9e5d3c266c4fd5688f727dea3cd6fedfaa73294988549

SHA512
807d531f797fbd502a813fe8667c178cc706c4ba1fdabf6dc82525cdc95d3a6243279e607094ee21920270f78999b42777838fd06895b76c6cd08c56e0c3d1a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\doomed\29447
Filesize
12KB

MD5
10b59197ace1560b347ee571368198e9

SHA1
f804c473223ac65107e82c914c5ab41e4fdb7e5a

SHA256
ddbcd3603ef8493401a9c76eaca61b0527a321eb1346acad2d2a7a7021d91725

SHA512
09e08390eea9aa0d7a774c60b4ffc9afaeb5d17631749b39463da1ac8ce9a24dd37e5cab3bd3fc08d5cafa8e777b4aae0f96cc0650f2dba68a1169906480bbf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\doomed\29784
Filesize
12KB

MD5
0c16f59d40757799f031de871511becb

SHA1
caf3bf6ff1c683c6b7909cf8c0ed8430c27e8bf6

SHA256
62b11eba2a8034c845b9e5573002c7005d923d9cb7cacaa59cfb4dbd91af44be

SHA512
99aa3722b7521c243a71faec5a9a04870b910c11e3e42fa11bd52f3bc32250d2166ce137a145305491b8a0cb51c7660177cfcf03a1066146a99a37e97eef3b3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\07E58126644AEAE01A2252933A750571586D823D
Filesize
38KB

MD5
dc548fc8a9f35e23a7366c9e922f2d6a

SHA1
fcce01e8709e1248f0588b710f8740ce581b1758

SHA256
b903cbe60e61ca915bb988c1f790091b61e46079f409c519f03c34e338e3c963

SHA512
1a7a8257f3a99be812b37129d4bd1fdb09216cb7f45b6d108555974035ea47c8c726cbc0f2ba699cdfc9059add496f34ae43e12363f39832f4ba66002b859ad1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\2B1DFB3BF62868D7BE390097837204DDA6FC828E
Filesize
33KB

MD5
fcb16c7f4b5933be9df25f57e9b9171c

SHA1
d7904e2727600a518be0c316d647ea520c93f935

SHA256
82916dc1123ea29ff2dad87f4b479a97104c1b779280c8c2aec0d354c00efe74

SHA512
47330e0f027e691663cbaeab9e6970e1e9526803cf32ae84f519b40fc1dd39c123b5e5378b616f9a447bbb65c5d05d2764fb47b3c87a339540b6fc868c588941

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5
Filesize
333KB

MD5
627fb2a216bac35960852f1aea51a45d

SHA1
75608752494e88db42a41dae1ea1054b4e7346dd

SHA256
f9dd136ea533483a0869034bab3b888aede4b769c8bbd957efbd5006bd1f6ff1

SHA512
d98bcacf7eb117dae9f8c891d95e45d616487bd613499b4e2333cdf8eb03114bf201274784e0c71cb32a5402ee55241b0485378fa70e168b51d6415990ec9beb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\51B2CF5B56A052651F21DB6D6473A6FAF433F0BB
Filesize
36KB

MD5
a9aef1787f91030bb5b9268dbf09ab8e

SHA1
641d6b693e37c40543a8957ad7092be32b563094

SHA256
10ca7e26ae5be8d081aa91acb3cba988ad4c12cc680dd647ddff0b8ec906c256

SHA512
4a334ce52312b4894910dbd086986ff21694ea4d513c36c3816c2d238c7ecf82047f58c5a84ce609d0aa29abc51f30474b3be4defdc831d16f206ff8fb338bc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\68ADA6A2A4F2FDFFC709865AD2629FB4400675B5
Filesize
934KB

MD5
47e3b5c66283b82cf77b470b8e57828d

SHA1
3b22215c9403171d32ef755284bc4ca3de4f76a8

SHA256
e312faab4ecfc2a846c2b9baa8fd85b1b30877c7382f5427169f153e016bb7f0

SHA512
6e2a511f3336a3b64716c71e31498fab91854e4c5d57770dfb642201e393968817994a11716526bf3ad5bd405f15a79c63f4b7c99f5f50b7af2c039cadcac4df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\7E70ED4B97A34E95EA37C1434415111DA60ADEFA
Filesize
52KB

MD5
dd680d785cf7fbbc3c4746b7f5daabe4

SHA1
818ac7fe55cac0c5a140b5a0197cc56e6cf5c828

SHA256
a4243f9b848a9f37645a540c7d3eae576a00caf34b99ad69505decbae6396399

SHA512
16ef363667a14a026882be6b93d6ae610ef9a01b1ee008f28deaaf1a8a5077c1c8c76372abcb953572fe27ce630f326ed0f39db3f81a5b00d2e652723ff0f5f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D
Filesize
39KB

MD5
4ae1304153a452f3bfad60e4306b8a2e

SHA1
a634d4244e318d0e1019358033a1497dd6896aff

SHA256
505ea1130fecb9eeb2c5526c974f9b8b1acf8f23ea2644753a8f122f2995b7c1

SHA512
d11c449a6e7a4504ccc67c3a53fa2fb2c680de3d8d9724d1d2a7581fdc3d7e13ae9adbecf09fc44e1816741a8a80bf5783f03ac96457bbd47ea241896fe069d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749
Filesize
68KB

MD5
bd223393529c83105f99953fc2a5bcc3

SHA1
8286d4c786bd1c8939fe02afd0ea379b64da7e5c

SHA256
207aed972932035e94fd14e7eefb6f6d8f2281d377206be5d240ebd4beb3b136

SHA512
9c907d8d035035b97789499ba83f5c4fa45ac93a0e7b92e2ade958c9664468ac909daae539a2e2a4cb66b1a19d2f3eea6d753b1126cf82e63aadbe0910c25f58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\9C76ED03235B16036B6081E7D29AFDB1DBD86F69
Filesize
65KB

MD5
3724b78acca2673af4188dcd4a84eebe

SHA1
896d20c8997b056a47ed2dca69b53f92a6c983b7

SHA256
7b156626cd7aa40463791c7c93a738ac637e4f8c9dcf15eed8e1474566cb1829

SHA512
f0f6c01c58f9f1db9b49c5083725845405d378dc9e453bdee5b758d2e89cc3840b831d76c797beec665f173027552601b244bc35487da01181345a5ed079937e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\9D052D1DC54D0E3995CAC53B82BA9B60130EBB01
Filesize
75KB

MD5
17b4361f06969525fbeb765eaafa6c66

SHA1
84a91f60ab5585991d5e1d633ae04039a15c9334

SHA256
15b20ce0088b312faa1f7a164e776b11cc4c8a267e1821e0a43dd650a6fac729

SHA512
8228896b86fccb1bbf13903ae0b9dfd2896ad6ff364f82ac235d3f27698fbdee72622244e2ba192a4b7cf61614a65378573ea7ab58dced2271d5f2a055fad5fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\B86B02EAB8400C58B2F4F42B69E218D9C5FB9327
Filesize
45KB

MD5
8479d4aa679d730bc2a58a967598c1a9

SHA1
299e183d5fc25974af429383af8a411f1ad04853

SHA256
1c1a4aae79b3c93ea1decaf34168930bce7e78a4b039d903096f84d5fdef1ce7

SHA512
507d589d3ef6c97194220fb6867dec245e307b5a9a8a0ceb700264b5c16819a5ac84ae977ab3fd0ae279dcf2adcee94254d742ee67fbfe2b4a54690dabf1f62f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\C32ED2DDF5AD9B08466B5E29BBB468DED054B2D0
Filesize
115KB

MD5
447bb861fee2dbd6336fb937a8432dbf

SHA1
502265c08df25c2a7387a23af113cd47bb62ee66

SHA256
27a95cabbf20d1a516ca26cc4632e76142ac53cdc30b4cd42f73e5fd4c3989fd

SHA512
2c7d38e74ac71aff93783ba6cfc57bc33ddf08acf907d46f544421b7131e74387ed38b4bf0597fe63c8e963b4a76ff3f02e8961999efae920314ef5dee3cf88f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D
Filesize
40KB

MD5
0b27d4c9ff1e6ca3aaab29c9f6585ead

SHA1
68935e9d25e42824516436f2c67298c3b319a018

SHA256
1ec9bcee77986355037c7fce71bc381f46aeb153fff3d9ec3132b71a691a8d11

SHA512
e3e60b20b324125fd26b2f84dbd177592ffb46d34ff12fbbd203e23949f1bd52c93d02241c61174dd5050ed2b597c9638e35439a1c113f8e916d6a30d8e34201

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\E8CC5E82F3EDEB71ABC5E9F37D58E778DEF61F2B
Filesize
41KB

MD5
f9fa88d7196cbe6fcf10ae966648d7e6

SHA1
70aed9b3fe562b2b6f6fca6ef4a91fb34faf64f1

SHA256
1cea0f5fadd9823c58761cbce36b32daa818923a291a976aa5d63ee84c13c5d5

SHA512
41be4a8a1efcb90853e9c14a6d59e88c94097d1cbf169ca1a783f70685b38712435a5c889b505f056047ed98014862ed86d04c8bdbb88748f0b3feb3905222f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\F4DB32A33BA8ABD54C2F4557A74CAE91E42459CE
Filesize
13KB

MD5
e7bb9496df6f557d60cb216711f83a7f

SHA1
f7f065b97e13907bb3cfa2755dce811af36bb1b8

SHA256
76d3a0d15994a248a5c9055b98a5d7643f0e31f78d6dc0d3cfcf816b4436fba7

SHA512
bcacd56193a794389772744f5406ea107986627e20bb45c5abf42ffa094483b4523ad9f8ba423766354c95e97f3e01d868ba87b137af4384dc99b833a5ceaee9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\F72B374DC96EDF65EB8F4062EF3DA2023F9F563F
Filesize
46KB

MD5
78af4031b8f20710febb77318524605c

SHA1
5699f000971e05b8bea36af55e0ded0896730e85

SHA256
1411972b2901b25a809a6504a1ca6dc36fcbf38dada21e57ebc66cf79f593736

SHA512
102a7ce0a981e68202eaee31ce8d2fa8eb7b6f825e18dca43d538a1f00282de78f5b5141f6f2afaf78a16e0147bb5c52b9fe2d5c655369c3491cf8cc18f4ed3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\jumpListCache\5fOT2ZZcWKqSFvKh9EHX7A==.ico
Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E96.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
Filesize
49.9MB

MD5
06d87d4c89c76cb1bcb2f5a5fc4097d1

SHA1
657248f78abfa9015b77c431f2fd8797481478fd

SHA256
f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc

SHA512
12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
16KB

MD5
5fcedcff55eeca276f9e00b0ad408cf4

SHA1
55dd7059fb37a2b4a89d2fd4a4cc6d1a52326952

SHA256
6ca9ca467c3eca34db0bd1222250869199ab013d677fbc8fe8ac8d7c82545669

SHA512
31fa7e4e5e4841db435643b0d6e4ee9c9269258152b81efc79673f434eaeb1fa92bc51cee0ba41beab258d0763a71255488ceb8160a3f3401dc9daeba4683ab3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
f0194742de61615b32430735ec261a47

SHA1
0483bc3ab1704745049161537c0a75f48c379074

SHA256
58cfb2f0147d4a7690758544a7434644076ad64015f7a67e5461b063298a8f98

SHA512
6640cd223c98822d8bbac0782db4c42ac57c72344f04a7704bb469f3fef7b5e477b9e7864b6797b7e84c37d9e6bd4d092daf8511e90d88c48a067c3a77a3327f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\pending_pings\51f7204a-3064-4ad6-b6ab-f8f76778f4c0
Filesize
11KB

MD5
e0b86bbd71d9e9204f6b8c3e3a0d2aab

SHA1
b994773c156992863c1a565ce1d12528f694bfb6

SHA256
36dae5b98f944aff80652169ebcd39e7cd960587ac0ec525b56a2cdc7b5fc0a4

SHA512
8e2f7b46f054cdef549242923caf2deba5b1f7f6c1f010f4da6fe29dfef32b5dfa4bcadea8b298d364ac6e2e3c3b46a42be5751c43b57b270ad2f9f0a0bb6822

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\pending_pings\5d4c8165-0fc5-4c9b-ad47-e613764d0f1d
Filesize
745B

MD5
d26fe7afa377ab990e56687471dd6108

SHA1
3a93c385713252ab4dacd16f244b9a14dc39766b

SHA256
22ac37a4816c0f8a5b07ffe2a03e74ee67a1a4f60710e79b5ad517b210bccaf9

SHA512
87df24f08d155c3b9b52861ff3a1b8c2b9af6ce70703c82e5e86634da9c0a7f515d01c9c8bf2bba3439224fc7b961fb70cb7a436f208e044fbc5c9decfd003b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\prefs-1.js
Filesize
6KB

MD5
9626e9c0ced56d0834f70e13b031118d

SHA1
ef6ca4d0955835759c7291b09ada71a1474b04d6

SHA256
173c208e38102216ced6badcbba1d6fbf343bbdff08f7cafe79db0332066c4c8

SHA512
89dbc04a44fcb6edfc954142565cccc32e76cbef2ba4507be7eed108a717b0915b69c54b962c6b9dadafaf3e12c1588232b5c099562701bc340b5c567b124a58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\prefs-1.js
Filesize
6KB

MD5
1e9c49be8eef8dedf52f5f8bb1109884

SHA1
4a9e6421a567d09983d3950b7ee7a9566682f7f0

SHA256
d3471b2ee0d40fbccfe0fdf1f00765618e81690d6763f5bea2b3aec4db50728f

SHA512
c000fdebb501130ac27d3764e566cf80c9e17143fb037752bc09ea4e225ee49bcfbef4103803fbdfbad8e64941f190ed1948a249c9826bccf41ccd5456e812c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
91672905f9726c62d138dd101872140e

SHA1
6e635abdf9e8158e857e15c6e0c9c44163fc0834

SHA256
54d45bc3fd489b966e176f9dea81d2621ecfc178e3048985185ece25a60c756a

SHA512
973fd4fc9b0f2ef56cbee2b758a716bddafa05c2efaed2946599efe3ee9b31575d7476681d66173dc216eb601dd9967436dcb91b41be8af95562f41aa0b21c7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
51af42d3e7182b7bb7ab82ba9732c471

SHA1
c97b04c3229832febf6722439c88ef187a15a6cb

SHA256
b7769e23112736bfe26144b85e2e96568b1bc5312a63529215f159f84730533c

SHA512
69788a9945c86602e479c0b98747116c996389077242bb075752843a93cdf1da48df120d3e6be19260c8ca33d28088deade7851cafbaca81dad4de647b33525f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
67181495dcab4c1caabf6eefe15c0c03

SHA1
c6a22af5f3caddd38dbb563061fc9bf279edca7c

SHA256
d575e940f3c3d28adb1d5615e7d3316a90b8b5cde2c0ab2f93c63a6cebfcafdf

SHA512
62011ddba5289bd48227ffdc3a49b5d34797afc60ff0a8cae536cf3e2893086668eb2fde0f05ed510a3701facd26621be953c46fed9a76a3a81abcbc965330a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
26bceaee1ed77ecea946c1c2f5e45468

SHA1
29eb145954d77f35cdd6fb9cf3fd6a1501a2bceb

SHA256
6f22563129a7843c401b174ec4ab454683385c5b91a0cb836936c59e8fd0a93a

SHA512
897b7ff1ed8969f49c86998bd5de523c899c97620ea66e421258bc9389bc268127f6d1f82c1c5198cba1225e1af7e6face1334b9822f4a5afb20ab20190e9b94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
4521ae2d92fa24392db6a87eda30cf11

SHA1
c3c76553366dd9a3cb29b226592cb39910b4c6e1

SHA256
48a23f89afd5da76686fa467d78f6b0636aae8945784d1173bfec364a3b1f449

SHA512
0dddedc216c79d49807f6fcd0ecdb0d87ba54d6acfc9b2f17de10d1987746b772c03f2f71d0639300deca023f2149f698fc845a76d48e0532bacd1ff132e06c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
ae1f859164f609b8b648d669836bfcea

SHA1
0e5d88944f27f98698e2f6b32d5fddd1d0960330

SHA256
b576f5e11271015031aa82149f5ec3e54da795d904216564783e6f54c7d9a8d2

SHA512
c612bf69764bf14f45184ee76ac12bab27d87a62434ae02098faa1016ee9df4cd084fda7fef676c52081128fa9f2866ef4a846ee8058b2facc267665e404ac7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
4bf2453e57f3ca2ab12c6ba94f55d35b

SHA1
4a2e97c4ff36be24a44737e4b41d70f476d31247

SHA256
b4a3ed59dea39fc1da36ff08af6748929439c965427f65b26d0024355c1ffae5

SHA512
d1abf02dc3e4c4ca4ba326214cff46d4d58f637b1da8eb2bbe2be899652ea6a032929f79551ec3482d80e716613c1d8c4992985e7249e650d34d88534469f972

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
66e67292324254f2135ce129988b64e3

SHA1
17da6f6ca19a2d686fb4c45c28473e269c003a0e

SHA256
89ab09535a0f1e8457ef6193c0ca8f8b274b9cd73c0cc5d57529a003be494ef5

SHA512
c32579083059947fa270f50636ed0e65a63972f6ff3f6d74e0e37fd108fe46a7a5c75ab68aec226b57867fbcca99e2ed55b070382faf52381cbcf50809e68590

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
29614e2cdfdc7151b8334b9a039f05f9

SHA1
5b559e10ba5897062c406bb9fb1b4f755d63bfbe

SHA256
d84f76e70c217b2cbf5d10b32cdfd4db9cb46a638dd37f110277e4842f586e90

SHA512
d6a9edf085ba6ec9cd75032b7c5442be89921c905539b721bfea65d52d2c8714f3bdb16bc0828196b6073ab275ba7de4475da9380ddb61b2fbfb865a0354fe56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
ada80b488daea89cf8c50eab7f258afa

SHA1
1f015163e8378a9e5bf924ca8986e790d2bd4953

SHA256
3c2fbd93e62fef74acc87150974765c3c0d08a45131ea7569010dd57db62bc08

SHA512
84f78ecd300b98ebfd6cfb8292c009091cfcc3a196f8861b27e2de434beb7e48cabf8daba9d22cfd6a7be2bd0e64ceb2aad9dedc022413e7757e3bb74385f96d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
5f2e5cea5ee22215782b8466610badb0

SHA1
ff60870621b1c07191149917a5e8c3f72bd169e1

SHA256
18a5f53bfdc48e4e4e2f17559008634d36baa8fcc4841cd9c22fc37bde4b3e99

SHA512
1bc65f7c379d269aafe45bd54239cdf41d96400623a5dc3c03c0a2a49a090a4618faa4223ba06da1619d23b80e1a76edd21a1ce7fe8aced2e1f89fa00fea98d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
2aa881bbe803e6a0353bac9b81c1b1a7

SHA1
ea430c86e9348e91b88288fbc27224edd4f3a214

SHA256
524c51617c1e356e268f7122823d3d37b2a7a7cb0b3aac16a73db30331768171

SHA512
72312e57eb6b1ab3f37f0275952b6049460e95182fdc16e9a5051b77e068d7b2925165a0e760f0f50b1d6129b53dab7c93f7dedc4d586683c456d196209f167d

Download Submit
C:\Users\Admin\Downloads\64M40fWg.txt.part
Filesize
14KB

MD5
48ac397b96a30da6d67ffcf5b555e69c

SHA1
6b509435d7ab375d40231081417a340910da513c

SHA256
b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569

SHA512
4dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2

Download Submit
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Windows\msagent\chars\Bonzi.acs
Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs
Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
memory/2248-10048-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2248-10049-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2248-10050-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2248-10051-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2556-9097-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2556-8935-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download