djvu | 5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d

Resubmissions

20-04-2023 18:50

230420-xg91tabg36 10

20-04-2023 18:34

19-04-2023 13:11

12-01-2023 04:39

12-01-2023 02:36

Analysis

max time kernel
174s
max time network
832s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-04-2023 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
Size

321KB
MD5

dfc9518f5e0b145f1fa786628670863d
SHA1

a54e4137ccf90fd1326509874063bd58c20fd1ed
SHA256

5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d
SHA512

d67aaeccce8629b38c918e97c5ffbd09a6f9395a73cac88e9a7d795e36f0ba6b51a59a4d65e84836bea44568054f00b2f4bb74d4c8d591c01d254f127e110a8e
SSDEEP

3072:xXOGnVaMz9JltM5JxSmp6jUO4QRLaSmKLs8FlguE1igK56n6dF8M/WhJshp2BTBp:VJr1tcxSmJMm6FlgLde6n6dO6Wyg

Score

10^/10

djvu lumma smokeloader vidar bf58e1879f88b222ba2391682babf9d8 sprg backdoor discovery evasion ransomware stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

djvu

http://zexeq.com/lancer/get.php

Attributes

extension
.coty
offline_id
O8Ao46dcCReRPC4I1PGMYsRFFc9WI5eOp0O3MFt1
payload_url
http://colisumy.com/dl/build2.exe

http://zexeq.com/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-EPBZCVAS8s Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0692JOsie

rsa_pubkey.plain

Extracted

Family

vidar

Version

3.5

Botnet

bf58e1879f88b222ba2391682babf9d8

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes

profile_id_v2
bf58e1879f88b222ba2391682babf9d8
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

Detected Djvu ransomware 11 IoCs

resource	yara_rule
behavioral1/memory/2588-4273-0x0000000002C20000-0x0000000002D3B000-memory.dmp	family_djvu
behavioral1/memory/2064-4275-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2064-4277-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2064-4378-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2124-4471-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2064-4490-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2452-4491-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2064-4492-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2452-4493-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2452-4578-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2872-4621-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file
Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2832	icacls.exe

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
564	api.2ip.ua
565	api.2ip.ua
575	api.2ip.ua
579	api.2ip.ua
590	api.2ip.ua

Launches sc.exe 3 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1480	sc.exe
3028	sc.exe
2744	sc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2548	2796	WerFault.exe	113

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe

Creates scheduled task(s) 1 TTPs 5 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
1708	schtasks.exe
2612	schtasks.exe
2760	schtasks.exe
1056	schtasks.exe
2964	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	Process not Found

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:PID = "0"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 200000001a00eebbfe2300001000d09ad3fd8f23af46adb46c85480369c700000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 56003100000000009356a76910004d454d5a337e312e30003e0008000400efbe9356a7699356a7692a000000a0a301000000050000000000000000000000000000004d0045004d005a00200033002e003000000018000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\IconSize = "16"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Mode = "4"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Mode = "4"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\NodeSlot = "5"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 70003100000000009356a269102054454d50315f7e312e5a49500000540008000400efbe9356a2699356a2692a00000048220100000004000000000000000000000000000000540065006d00700031005f006d0065006d007a002d006d00610069006e002e007a006900700000001c000000	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000070000001800000030f125b7ef471a10a5f102608c9eebac0a000000f000000030f125b7ef471a10a5f102608c9eebac04000000a0000000e0cc8de8b3b7d111a9f000aa0060fa310600000080000000e0cc8de8b3b7d111a9f000aa0060fa31020000005000000030f125b7ef471a10a5f102608c9eebac0c00000080000000e0cc8de8b3b7d111a9f000aa0060fa31040000005000000030f125b7ef471a10a5f102608c9eebac0e000000a0000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupView = "0"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\NodeSlot = "3"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = 00000000ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0\MRUListEx = ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874369"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:PID = "0"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 4a003100000000009356a269102054656d700000360008000400efbe545662b09356a2692a00000001020000000002000000000000000000000000000000540065006d007000000014000000	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Documents"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0\NodeSlot = "6"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = ffffffff	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Mode = "4"	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1588	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
1588	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1092	chrome.exe
1092	chrome.exe
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1356	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1588	5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1356	Process not Found
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1356	Process not Found
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1356	Process not Found
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1356	Process not Found

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1356	Process not Found
1356	Process not Found
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1356	Process not Found
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found
1356	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1092	1356	Process not Found	26
PID 1356 wrote to memory of 1092	1356	Process not Found	26
PID 1356 wrote to memory of 1092	1356	Process not Found	26
PID 1092 wrote to memory of 1384	1092	chrome.exe	27
PID 1092 wrote to memory of 1384	1092	chrome.exe	27
PID 1092 wrote to memory of 1384	1092	chrome.exe	27
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1256	1092	chrome.exe	29
PID 1092 wrote to memory of 1224	1092	chrome.exe	30
PID 1092 wrote to memory of 1224	1092	chrome.exe	30
PID 1092 wrote to memory of 1224	1092	chrome.exe	30
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31
PID 1092 wrote to memory of 1136	1092	chrome.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe
"C:\Users\Admin\AppData\Local\Temp\5eb8103fce78104972cfb45b1242d003f9e66d2da920c7aa5742e185822d3f4d.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaeb9758,0x7fefaeb9768,0x7fefaeb9778
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3660 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1132 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4028 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4020 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2516 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4368 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4012 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5068 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=584 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5364 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5840 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6476 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5940 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=108 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5620 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5836 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5880 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7380 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7528 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7416 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7864 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7936 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7896 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7868 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5460 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5428 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2168 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5556 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6496 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7856 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2392 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5828 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7416 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5888 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7852 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5360 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7708 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7616 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=1424 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5920 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5304 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5520 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5500 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Users\Admin\Downloads\butterflyondesktop.exe
  "C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\is-KK47G.tmp\butterflyondesktop.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-KK47G.tmp\butterflyondesktop.tmp" /SL5="$190236,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
    3⤵
    PID:2732
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html
      4⤵
      PID:2092
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
        5⤵
        
        PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=684 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1176,i,14261277877548340103,14737009515131934359,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Users\Admin\Downloads\PAVSetup.exe
  "C:\Users\Admin\Downloads\PAVSetup.exe"
  2⤵
  PID:2480
- - C:\Users\Admin\Downloads\PAV\Setup.exe
    "C:\Users\Admin\Downloads\PAV\Setup.exe"
    3⤵
    PID:2088
  - - C:\Users\Admin\Downloads\PAV\WindowsVista\Setup.exe
      "C:\Users\Admin\Downloads\PAV\WindowsVista\Setup.exe"
      4⤵
      PID:1800
    - - C:\UNISTAL\UBSuite\Common Files\DLPSettings.exe
        
        Setup
        5⤵
        
        PID:2892
    - - C:\UNISTAL\UBSuite\DLP\CPSERV~1.EXE
        
        C:\UNISTAL\UBSuite\DLP\CPSERV~1.EXE
        5⤵
        
        PID:2884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458
1⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\50EF.exe
C:\Users\Admin\AppData\Local\Temp\50EF.exe
1⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\6A1B.exe
C:\Users\Admin\AppData\Local\Temp\6A1B.exe
1⤵
PID:2296
- C:\Users\Admin\AppData\Local\Temp\ss31.exe
  "C:\Users\Admin\AppData\Local\Temp\ss31.exe"
  2⤵
  PID:1996
- C:\Users\Admin\AppData\Local\Temp\oldplayer.exe
  "C:\Users\Admin\AppData\Local\Temp\oldplayer.exe"
  2⤵
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
    "C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe"
    3⤵
    PID:2564
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe" /F
      4⤵
      Creates scheduled task(s)
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\1000001001\XandETC.exe
      "C:\Users\Admin\AppData\Local\Temp\1000001001\XandETC.exe"
      4⤵
      PID:1044
- C:\Users\Admin\AppData\Local\Temp\XandETC.exe
  "C:\Users\Admin\AppData\Local\Temp\XandETC.exe"
  2⤵
  PID:2508

C:\Users\Admin\AppData\Local\Temp\6DD3.exe
C:\Users\Admin\AppData\Local\Temp\6DD3.exe
1⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\71BB.exe
C:\Users\Admin\AppData\Local\Temp\71BB.exe
1⤵
PID:2588
- C:\Users\Admin\AppData\Local\Temp\71BB.exe
  C:\Users\Admin\AppData\Local\Temp\71BB.exe
  2⤵
  PID:2064
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Users\Admin\AppData\Local\8b7e7b91-1abf-4a71-ae64-822e2595c22b" /deny *S-1-1-0:(OI)(CI)(DE,DC)
    3⤵
    - Modifies file permissions
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\71BB.exe
    "C:\Users\Admin\AppData\Local\Temp\71BB.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\71BB.exe
      "C:\Users\Admin\AppData\Local\Temp\71BB.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      PID:2872

C:\Users\Admin\AppData\Local\Temp\8423.exe
C:\Users\Admin\AppData\Local\Temp\8423.exe
1⤵
PID:2796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 544
  2⤵
  - Program crash
  PID:2548

C:\Users\Admin\AppData\Local\Temp\8CCB.exe
C:\Users\Admin\AppData\Local\Temp\8CCB.exe
1⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\90F1.exe
C:\Users\Admin\AppData\Local\Temp\90F1.exe
1⤵
PID:2800
- C:\Users\Admin\AppData\Local\Temp\90F1.exe
  C:\Users\Admin\AppData\Local\Temp\90F1.exe
  2⤵
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\90F1.exe
    "C:\Users\Admin\AppData\Local\Temp\90F1.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\90F1.exe
      "C:\Users\Admin\AppData\Local\Temp\90F1.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build2.exe
        
        "C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build2.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build2.exe
        
        "C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build2.exe"
        6⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build3.exe
        
        "C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build3.exe"
        5⤵
        
        PID:3016
      - C:\Windows\SysWOW64\schtasks.exe
        
        /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
        6⤵
        Creates scheduled task(s)
        
        PID:2760

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:924

C:\Windows\system32\taskeng.exe
taskeng.exe {F7BD420C-17AF-48D7-8429-D46CE9CBB0FF} S-1-5-21-1563773381-2037468142-1146002597-1000:YBHADZIG\Admin:Interactive:[1]
1⤵
PID:2572
- C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  2⤵
  PID:2764
- C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  2⤵
  PID:1988
- C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe
  2⤵
  PID:556
- C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  2⤵
  PID:3012
- - C:\Windows\SysWOW64\schtasks.exe
    /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
    3⤵
    - Creates scheduled task(s)
    PID:1708

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:2528

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#wsyzqeupt#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'NoteUpdateTaskMachineQC' /tr '''C:\Program Files\Notepad\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Notepad\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'NoteUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NoteUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Notepad\Chrome\updater.exe' }
1⤵
PID:1684
- C:\Windows\system32\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn NoteUpdateTaskMachineQC /tr "'C:\Program Files\Notepad\Chrome\updater.exe'"
  2⤵
  - Creates scheduled task(s)
  PID:1056

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:2532
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:2644
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:1068
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:2036

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
1⤵
PID:1488
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:1480

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#wsyzqeupt#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'NoteUpdateTaskMachineQC' /tr '''C:\Program Files\Notepad\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Notepad\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'NoteUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NoteUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Notepad\Chrome\updater.exe' }
1⤵
PID:3032
- C:\Windows\system32\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn NoteUpdateTaskMachineQC /tr "'C:\Program Files\Notepad\Chrome\updater.exe'"
  2⤵
  - Creates scheduled task(s)
  PID:2964

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:3064
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:2544
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:2252
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:2716
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-dc 0
  2⤵
  PID:2128

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
1⤵
PID:2704
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:3028
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:2744

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#iqegjinl#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "NoteUpdateTaskMachineQC" } Else { "C:\Program Files\Notepad\Chrome\updater.exe" }
1⤵
PID:1080

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#iqegjinl#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "NoteUpdateTaskMachineQC" } Else { "C:\Program Files\Notepad\Chrome\updater.exe" }
1⤵
PID:2576

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Butterfly on Desktop\is-MP1PR.tmp

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\UNISTAL\UBSuite\BMP\Aboutus.bmp

Filesize
93KB

MD5
21d5f7d022452210b02fbbe814ff8e11

SHA1
9ccc07bd03772e2df9ebdff739be7ee25715d23d

SHA256
30f0358fcc312cd086e3f1148a0fc0d39520f834c27f82d58fc48e227e3666cc

SHA512
f000c9f7dfbade0a4a89aa5deabe04619ec008c00a63d2bdd27fed64027a905baab4fa4da80a7870cdac273a41d8573e28a63c88fa80ab21b14b99689038050e

Download Submit
C:\UNISTAL\UBSuite\BMP\CP\SchedulerSettingsHelp.bmp

Filesize
67KB

MD5
00265e7f765eebe1566846e3af6990d4

SHA1
15c59b6a09fa779b21f5868d7b6b16c84a6e05e5

SHA256
d5190498aaf93f6bfa683994834a2a0023949518822899a448f644f7c9baea2e

SHA512
7434fea4e6969b311763204585ce7d0c3d07a90251debeb3c4332155aa6627f7e3c9ff3a24abc29d98b9b4853bb352cf66b3bfcf44cd09902470311bf10282a8

Download Submit
C:\UNISTAL\UBSuite\BMP\DlpSettings.BMP

Filesize
19KB

MD5
d16eba87f099b9191c79c86a8b61b65a

SHA1
75dc8fc90af8035c12fa47de19f3085e63bfefcd

SHA256
e314301210704d9262e4986189c34042a3025e62485b4793c89cb2bc54e58e9a

SHA512
1f3b43f8e813890eb111543f18c3f1131ecc308e9c332dbf8c938b4c8716b1efae5364c5e5ed00195c126701bbf839a981c1363c2de3839ee9a52e7f7f14dd96

Download Submit
C:\UNISTAL\UBSuite\Common Files\CallRegCheck.exe

Filesize
52KB

MD5
de78b1115b14bb2c62de1a25bd7b0fbe

SHA1
22d931e6649c0b736dcef85038a385f39a66619e

SHA256
76682ca168cc4af0e5f58f30598ce243342ec900bd6724b62539030caee503f7

SHA512
e01a46c1ae446e1d79a18c13fa9bc7ce6a5d050969e54b33670db6155d0de1241e1ff03edfb6ef6ed74ea7bf0828036e9fcf848eaa7e369be5ed68a1be046be7

Download Submit
C:\UNISTAL\UBSuite\Common Files\CallRegisterComponent.exe

Filesize
52KB

MD5
9e1f9efca7b0ba633d46f700d97a3b5d

SHA1
55c7a5c871f74adca895da3c2d240443264770c4

SHA256
12b0238911e9a2995f294ea660e34d6ce2ea4ba367f82361718236ff83c26163

SHA512
ca810bc0a3f66b2452a1453a583049fd0d73fed968211aa9a199044f8fae3ee894531fbd261e7be07f1c0cf3342b05d772c5d4b41c1cf79a0987ab626d0c7685

Download Submit
C:\UNISTAL\UBSuite\Common Files\DLPSettings.exe

Filesize
388KB

MD5
9ef1ff594acc007e3668c8f739c274b8

SHA1
c4eac51874f7db285d0cbfc02e5fad2c4f4415ed

SHA256
c710fe80cd1d426f36afd1d1761aebdbf6a5d589abc7e606fa7c740d8f89bb5c

SHA512
a91b2b25b6db21f7e34b17daeb367958190ebd6a805d437fa7be7f62278a511816d7a80599434e68376b8d0729dba58da17ac8b13436fc50016afe4919e7f9d2

Download Submit
C:\UNISTAL\UBSuite\Common Files\Disk16.dll

Filesize
13KB

MD5
9c442f73aecadb01e83643b51aa59e45

SHA1
7687844c1f5fe5aef49f715391dc703ee21fd020

SHA256
01445aa0f8337bdf6ab5f665f24550ad49b3556d3c351807106b838dd3f97d15

SHA512
2db28ab4f93f65259ef1e62fdd52700c22b49be332c08383dca8b3e7aef24b7b0b23519c1e44b0e147014c4d5712bc8c349ed142c4be1afee0f6f11351c32dab

Download Submit
C:\UNISTAL\UBSuite\Common Files\Disk32.dll

Filesize
196KB

MD5
bb178c74486b3cb71f1d92708c69b9a9

SHA1
06987cd938309630e8e0f3833257b3e8eda5135b

SHA256
4b9832e2ae7e36b7eb17638abecb8505476dfc03c3acb17d9cd299cbd7d4deb1

SHA512
31670e56eefc1dfd2173b1337684f8130b0a963185572562d75bad279b2e4d139d69ffef7ee3c0faf84408af52cc3e43201c270f299be082bc07252d1667eb85

Download Submit
C:\UNISTAL\UBSuite\Common Files\DiskSerial.DLL

Filesize
84KB

MD5
0fb18f2981f4dd1eef8a1c58836d81e8

SHA1
a04675f1f8032a64193cab6521609e9d9ae055c6

SHA256
a6becbac1e00e355e06611867d13cc0a32163dfd943dc1334ebe0a76d1c0bee9

SHA512
6bbda212efa966cc9e0b63a527e5510e78f78429d64653f6ae4229df4d46d0c10cb84262b8abcc56e2a3b375b3726d7483ebcbdb6befdb5eea1345028e18cf23

Download Submit
C:\UNISTAL\UBSuite\Common Files\GetDateDiff.dll

Filesize
32KB

MD5
1df790e84c7191f21953e373b66ca58c

SHA1
ba68e34aa8af146b28b322deab9c4abff00f986c

SHA256
804350550334984a82639a9fd25b2800f86baee8aaae2ea514f010d0df1ae899

SHA512
80007369f20fdc1ef9b1dccf4308db2dc2db9e7b601d6f89cdb6ab21d1ffefe604a0f39d0509f531a525723761ff1fafa82cb07d50c09cbcb9a6066ef500bbf0

Download Submit
C:\UNISTAL\UBSuite\Common Files\Getdisk.exe

Filesize
32KB

MD5
2ef0850e978813f49b732bcd3052c1fd

SHA1
104f72a622ed79f84a7a35dc9831601e8d35e361

SHA256
1b8c868b45c592e3f4951e38b03bc234e1ca50a0d93ca8edda5421c15ec3d7d5

SHA512
18b9a7751e8dbb23597feb5fe99f26cda4ca60089b2ab02de8e637ec1387bbf5bc537ccc3a6de339d339eb325a802b6fd03ef8099940970949af4d2b0a9440c8

Download Submit
C:\UNISTAL\UBSuite\Common Files\HDkey.dll

Filesize
48KB

MD5
36902373af93d0d021f9b27740a603ef

SHA1
26263a80cecd609a04c4ce0e6d02a6dcedf883fb

SHA256
7d003458b921dee2b0a6bb76d2342b427e7b48bfd5b6b683f6e288f6b6d033ae

SHA512
8ad95b56f9637c7a5139205a3f66f17c238ae2a406a9241a565fb1dfb7c937c56d8830486cc469f41dfb6ea4ec587fe521081ba81529fbec536cc99b8cf66473

Download Submit
C:\UNISTAL\UBSuite\Common Files\IDE21201.VXD

Filesize
4KB

MD5
eebce32039cdd922f541f346b9018ed6

SHA1
9912efb1e4ef894a7972aad10bf97e723554f03f

SHA256
beb6777c5e2fc98feeb07fa5b4e53b0678868bc3e3fbc0cb3b7afa01e1c634db

SHA512
3a18ce93bebd0f9c5cdf786f59672b1c8a6dab583536edd04cdf2bbc8d84b03952c6f28ccbd8d0e53cb821f83126e6872811f10c9965819223b79294aad55f89

Download Submit
C:\UNISTAL\UBSuite\Common Files\IMAGEDLP.TXT

Filesize
687KB

MD5
b35ea74661c7365b6b72f2ec12840da6

SHA1
7bee6c2cc6079deca63cbd90c0182c964a8c98a4

SHA256
ac0b1096b2845673191187a5bc632693a9360fdf14db0cc2fd459251bcf6c154

SHA512
ed54a07c597bcc7f44e01ce8d98f0f8abf0b562efa34083bac1649404abe7091a35b1c53d00d985a00ec383f84887e67a3cf2f9a2db6497d40a2f9d23eec3759

Download Submit
C:\UNISTAL\UBSuite\Common Files\IdleTrac.dll

Filesize
24KB

MD5
c6032765bbfa12c06c5ecbb879c01cf7

SHA1
3fea1e2b865386638d41597a885a914681cd4a5f

SHA256
54b425e6cbd1dbafac15d76d34fe392b21f2ecef9184832f9743d475cbb62ef2

SHA512
5b7f4df0ecf4a3616e217ac890b36f69fee7c97b9cc107bf34148e9c666d4fecfb9787dd5db7706d553c7c380d8261e4763d8af36e08bd91fdb8aecc14a051e4

Download Submit
C:\UNISTAL\UBSuite\Common Files\Nodisk.exe

Filesize
9KB

MD5
1bf3791932dc4692e76ba256faac0404

SHA1
36a073e6e1982d226699afda526df5c84b00e6ec

SHA256
62c0aaa2914ca9fc6b04064d7649b1cf8bcd29215bb325c895fc935479290f46

SHA512
09c319fbc6d8ad8c033a8f87b1f6144e1fb5abd7172864025692318e0ea2e3d88d35e1d57988f7e6fa2563b624b583b56ee891ca3d65a0cd5c6dd2f8d1a6b2f7

Download Submit
C:\UNISTAL\UBSuite\Common Files\PSAPI.DLL

Filesize
17KB

MD5
b3d22a483875a61cb2060c7d518effc2

SHA1
d9bf5f0b6c1138281bb45e4cfebec2c4d9753fb2

SHA256
d88ad399f7dc2d4830e7af1be3bfbf45aaf75e309f0b6afd8a9c4025bf19930e

SHA512
3add04e7dc482bb4b1e72306fb55ebdbb1a8fccf5eb2d1513695e9046d754322117c145f7eb1b4785e556c466efec667c70c0a573f24c2e6c141ef324f9287fe

Download Submit
C:\UNISTAL\UBSuite\Common Files\RegCheck.exe

Filesize
716KB

MD5
11c9153ad6b17f9b777e7d4bdb86ee66

SHA1
ecea25e94fd703fa0c8e2babaa17698c21b40069

SHA256
2a937b8309e24e4b3476c26b63f145e551c02f583126d92b31c48b8d1526d2ed

SHA512
f8acbe6a884e45424a219c633b3caa87993f80368608938f8d7a8a978a46d92474fa09a04c563bd30ae20a9d6b5a6285bd4c9928b0ba816535ed76757589b684

Download Submit
C:\UNISTAL\UBSuite\Common Files\RegisterComponent.exe

Filesize
648KB

MD5
d9b90ad083533ca18bee1901758d7067

SHA1
572be08dc08fba9cf48d4b26cda841dba334f811

SHA256
85d71e6f2263399fe86c6b7f532943a0a7e22d6f3c15a66c6bf5e7894eb8c664

SHA512
38dd0662e31936814f27be16fe31be7307883197221f72ea1a90828576890e496cf13c81121d2bbe2bfef8e9d62c4b8179dc60ba4ae2b6bfe73b8454d97d5f88

Download Submit
C:\UNISTAL\UBSuite\Common Files\Registration.exe

Filesize
200KB

MD5
3f56d9a1b940387c5a359f3922110302

SHA1
ae5a7fc0e7491b53b9fcadd60c88d8ba1ecdb59b

SHA256
ca22781e4c5c7e7aef50cf4652ec2de5264c3ba88bda781ddc237a7bde02ebf6

SHA512
c7a92904c572e84f5e94372883fbf2e2fa4231febdb10b91f1df8b0ce621201d9e1fb9fdac45c56e12e204bc04d7003564db04bb29b47f6c8244730585f60fe6

Download Submit
C:\UNISTAL\UBSuite\Common Files\RepairWMI.exe

Filesize
1.1MB

MD5
dc9f9c63d65c10dd198f0b3fab09d65d

SHA1
7a1e5d690b77f609594e45b61eaedb60b9f6391b

SHA256
f27ecf9bb8443f682d59314e9f9950bf54303133bd3cfff8630311e303e296ad

SHA512
5294ba81cb8e07ceb63b13dcab883ff4816f1e15c11fd61f8d8828ec4e3481dd8e5df7faa5586aee9a0b35be68236a581f8638025c066682e440c0da1c9ff951

Download Submit
C:\UNISTAL\UBSuite\Common Files\RescueCD.exe

Filesize
632KB

MD5
f9a6fac6a7b3162a2edacbe14524046b

SHA1
d7da4a1f7d8e3e9ea3199ea09b8943b245c3983e

SHA256
a082a2a512211f4a659790e694d14afd3fb871a813083b5ac9f1592a1ca0fc06

SHA512
3b21aebcb0dd297acf03f1bce75666efab1689cba869ef40a6a7dfc089f5d21b315edb705e7d43a270ff897f4ed0daef73ceb6492be8175ac1f7317e337c3b7c

Download Submit
C:\UNISTAL\UBSuite\Common Files\SchedularUDC.exe

Filesize
524KB

MD5
46b040f0866120eef7049cf324438550

SHA1
20397e9577b3fe435e1b9f461cf758e0e10ad388

SHA256
9c0e33d280800be5d4ecc1b5b004901328e029a5838746ec664acb0e9f381dd0

SHA512
216d1a363b40b85cf19c13ea0afc019eb5c952b560195ac0e1522d726a63877c8e21ba10d63f96ee8cc6253197a24de016c05ab9f550497418a1b1b7bb94d3b2

Download Submit
C:\UNISTAL\UBSuite\Common Files\VDMDBG.DLL

Filesize
22KB

MD5
0ca19ebe38fc164367caf74325a44792

SHA1
2b8cf9667eb15ca53c72bfd139a14acc5507ecd9

SHA256
13d7e0dcb0bdb5ca6da7fc8117c2a9a4186b8446c21a4f9e281bd8dc0533aa8a

SHA512
f81d42cd7bf05df7d0becd474f2ba2a6c3bd0ebb4b55c31518be4092701c74690da034867c7888932756e470a618b39873532be8109af6897bf14c7113906606

Download Submit
C:\UNISTAL\UBSuite\Common Files\unfixwmi.bat

Filesize
60B

MD5
f98fe63c367a5faf0aea514407fd1b06

SHA1
51c5f731a6c1e3288e545eb64f14d88d3a099368

SHA256
fdbc0dadc5c425e8cbc2570069d83a5dcd0d52f8c056f7989e0bacf8a274a632

SHA512
618ce0fd4d9401108be84508568c1c8dbfc43bdab2292a9eb8b2860f768e0db457889cbe0e6ec2c95e2b72c436b1921682465b13ed5b146e13c02444b26a16c3

Download Submit
C:\UNISTAL\UBSuite\CommonFilesexists.dat

Filesize
488B

MD5
3c1f3f686af8dc81bc988cdf0e6f838e

SHA1
8fadfb27c507f299ecc971e3fdef0c8eadcf5f1e

SHA256
52f65b6de647f0419511ae49783dca46865e1e7a77efb64dfee7bbd895e5c478

SHA512
2f4c71a1236f3876427048e07c9d9e110b5afa112560b27e38f8a972a8bc15067835ace69a3bf1eb80fb2788aa459450d05684de09a3d5c2e2a3873bd8cf9f03

Download Submit
C:\UNISTAL\UBSuite\DLP\CPService.exe

Filesize
64KB

MD5
42d3d80ec453269bda6ca81bf5352d72

SHA1
e2e571d5edfeee3b4f73c5a1abbc1ea342ff7a63

SHA256
922b809b44dafb14cd0b671ff6ce029b3e69c1108b03469734b7eead66921f62

SHA512
7b61ae51f7dce641c99a8479ad2918e95b81a9eb38919f2ac798ea556768464564a2099b8ba43738579c58437273b5ced9d7c116861e2e6122fc98c1cb2e0781

Download Submit
C:\UNISTAL\UBSuite\DLP\Crash Proof Help1.chm

Filesize
14KB

MD5
14140666a29645d7d1e185d68d77641a

SHA1
b32228ccd1e8aa8c762177af1014f3dd80fc8cd2

SHA256
dc53ac2b934136da7bc9fda2ff58393fd4800aebc2cf54eed4279f63dbefd188

SHA512
556eae70b05e4ef346eb600efcbc36c51678738e6246c9717a1fcbe00e5ce8e582f817e78fb934c6bfb73ec03522a6c06372d910e8f6b252aadf9d940a763ffa

Download Submit
C:\UNISTAL\UBSuite\DLP\Crash Proof Help2.chm

Filesize
10KB

MD5
9676b2452fdef419ac60a14092f1ff02

SHA1
280c12d2e054bad39f5c5ba193cad4af9171d56e

SHA256
7f431c964804a6f9ae467c1867e03d5d6b1d599d72ca899ce4d1a368eee656c4

SHA512
ad357544b7928072e183568bd1c39f9290f39622232feebc9581f1fe9b90b061c27e922a867cf650a6deb759f5ed38604c7e680bc7bca19768845fcaee23a5c1

Download Submit
C:\UNISTAL\UBSuite\DLP\Crash Proof Help3.chm

Filesize
10KB

MD5
9f991dad92fe8b05ac048727780ebb00

SHA1
74aa6863c2c06d6de64de51e568fd466061a4a70

SHA256
0ad3bb7bb9a27d10e727f1cfeb1895f0638b58145c504cd4e2d37ae7d6204718

SHA512
947197ed08ba20e5e0866bb83cabce4d350846259bdadb6dcadb5cad753449de31274e71d614e47843561069bb82114be4b5143268c4b63908225d8fa9884cde

Download Submit
C:\UNISTAL\UBSuite\DLP\Crash Proof Help4.chm

Filesize
11KB

MD5
65217af5e116ce99faac19d0a5403300

SHA1
a015208c4f863a34dcb9648415d49f4d6ecadf29

SHA256
1b4ed269e543fe1a6d7f94c8a49c10ea39353231a700cba54e101419cf15440f

SHA512
c639dc13a0bc5b0b47e280240cf11e92268867ed176cbd4bb6b18a40c2f95b40d3a26037498ec9f6ecce08274a44b42ca4bf5f9184d5c9fccfb329c8d08e22c7

Download Submit
C:\UNISTAL\UBSuite\DLP\Crash Proof Help5.chm

Filesize
11KB

MD5
68d86027ac7e7426c9a2c104c17eba75

SHA1
86ef37693fa8fd27d7dc8ede468f935ed3177a83

SHA256
6e00fb912581cd445ac805809d474480fabb92dba81bef70cab1f7dd33d67117

SHA512
588b4a75599995e5e5c7eabdd49322504b86789a2b694c146ccf0a49e0526d794b077e04cb06d8992b758d9c83b0eeda9fc1f4ed6d9a45e3e7a1463082f6dbc2

Download Submit
C:\UNISTAL\UBSuite\DLP\DRIVEGE.EXE

Filesize
11KB

MD5
f051664c499bb621272c84f91546f2a7

SHA1
e6690b96f71560bcd2bc76ee73059f2d5da07005

SHA256
a2ade052d6a4379eec95fa8db267b7b307a2b155c1b2a7d33f8bd26604e7a485

SHA512
12ba82b37bdd979f5542227c5be2d66fdaa416450ce8ea8456bbd33831f8c4df600558d11c0869dd55d2a41421a26429cc176d229c473319c9383cc665aa75a4

Download Submit
C:\UNISTAL\UBSuite\DLP\FileRecovery.exe

Filesize
564KB

MD5
cc574cb42d67ab563ee4ac1903d09436

SHA1
817dabe341ba2dfde46eddb8b9953db47b99bf94

SHA256
1d340d5d5acb3afe107b683385aa1a78ece67b5f959995dddd8c1f882b1570e1

SHA512
8c01c91d170b3303439d7d8f41f7a25346af9499fdf1842e6640b535047d3370bb57d2ad5ce2831633da8899dd5b57a158918c24e6a5e03d1ea088c547168d53

Download Submit
C:\UNISTAL\UBSuite\DLP\REVIVE.EXE

Filesize
409KB

MD5
c1bba339497bd5b3dc351c9e615d7c98

SHA1
4127f593c2e3bc3aae098e54a2304098ed7cbffb

SHA256
7f0705b534c19f5ee6c3c6bd4696c0c96a60abeedd47639167445825deb2e43e

SHA512
e6d054424c7c5e2b615746f380ca122a459bcf23e740dec51af5d314132c3eb71697d8a51bc662c6060db3eaa03864210c04557d74a137cee4ebc55a557f654c

Download Submit
C:\UNISTAL\UBSuite\Uninstall.exe

Filesize
598KB

MD5
c4360063a6a71e1f85465a2fa3ac9012

SHA1
5b779675af7c8347442c3f5e8d1dcd3bfa7d314c

SHA256
b470a220c9778c1e273d54902d9caf81f2dd6269de1fd6a63edc823a12474b80

SHA512
79c204dc74b373ced2b2c2c9185b0125cd8381dfbbc95ce76bf471ed6cfaab44c19799835a39cd9603b7de4e76fd2f0b1fa526f7f6a67b60bdb06220af5cc91c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3fdf15b21658f959e1b5fa4d515edf35

SHA1
a1f244ba66c6daf4980dcf3d35a5f06e08c54978

SHA256
d6b65cdb0597ceb34e24192b73550e17ca58c8cd978ac6707982cfd85092d993

SHA512
01d9d1d11ab830df9d297948377c35e87c51cdcefdbd4788e39396e27d0827b4f83d682d6bfa6216db763be7999ca79750d478f989710b35e3b3c080177dca96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
099104c48e8f831449b0150163ac9c17

SHA1
56c3d7a3b4e6e82c7c3c42f89badcc4d5bbf0109

SHA256
65a327a8abc1de8ae0af3b8a171eda78594946ace3bfad003d717a723ddff81b

SHA512
febb00ee4eb65f18c89b353ff28408be8fd09fee1da6777262e9da3084a1becbdb0782c4a2e051379fc38bdb042e94dd1087940261536fe4f6ceccab6285aca6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c8cb07c958f6192b60c00242eb9cffe2

SHA1
cbbb0884aea86186fff047c8098e09897de8f3d1

SHA256
7a085fc4a1f5eb54ff6b11a77cf6e86171fa5d0221cfdbab379f3ba4027ef050

SHA512
7d1fcff8c3ac87455de454fb51cb65498bd7374cab24ed0d032aa323160114f638369f6eb1233bae25b6aaa5109d9070542afc5d06516a0a18f90043e214aa11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d5b19c8301153589e11a3b002b3821fd

SHA1
7b0e19090406490d070a41075896b152c2a0ce3a

SHA256
87966a705457a7d68e37bb4a64ac2fbbb80595ca41950683278d94cde72e2ae2

SHA512
fd8cd31c12b8d84facdfcdab9bc8e32ba5d4e126bed3914a85ed893b36193397cb3629b776bb18acf1b50aacb415e2b37daa748cd35a963008350ee1b95fbe8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0e50bc73f98221d172e55b8f4ab541eb

SHA1
523c0d4dca5a94e9ed28243f905ac590e3515965

SHA256
564765bf275563e3c5c712a5819ceaef7778bfc3e5a8be61b2a1583c936ba765

SHA512
5852f99840218dc018c09217afaabd7f01ab63b1b06abbd48e0deb6ab825220aea41a69eb9215789355c922b3adc25e8119e537c7adbd14a86e58a4bac3f7eb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a078413df965d0d39cc2c89830b63913

SHA1
3162f1137eb6d9f1a8dfa5c22cef18d0d50b4211

SHA256
7f0aa625d90598421a915563c10409ea8d5e8c709d3a94f3849948bd97387bc4

SHA512
d84b8f692e8edd5cc24cb24781d28853297d2417ee157487c322aceb5e26893c11f4412d5ece8dc93322d0285aee45148fe1408437283aa0acfa93b2ccf05457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
37c62b835c9094ec43234e52b62c0d24

SHA1
55420a828a8de5f6c65aea2d940d0b826dd293a9

SHA256
a3e51ae22de5475f94f0655b035cec86b82e9909efc4e8010caf0afee2cfb3eb

SHA512
cd5735e894f98d7c723a7e7bede6b2a3da21e3986e1dd9d9796ea1c18d3293df72d13d79e92989e8e3f43d399ea0ca4622eeb5bbb0831ab313ee1dd272b528e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d899765abe840f8415ecefa335f385e9

SHA1
ab66437fac33f37a693e1b96300b896d54dd5970

SHA256
9e5f32d1d582a7b62dfaf21358f40f3107f94451e56fdd8b865911980ff94d35

SHA512
e87777509fcbee938e0954b3f6b494ee53c21489565c74efc492ef729059b51cea71c20f309e1e36d96c20157ebf7b76c0b231d9471889d6d4c397aa1cae0129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0d4e480a7270dc3a8105fc365b2d3e00

SHA1
9d5f64966491c2321ed4d3da9653e17fa1799406

SHA256
ba51a872faf945bb840ac46eab51669e951c486c81b5c4d29cc2fab617a551d8

SHA512
65a27dbc3f5a262abb75fc4a799acdabfe1a1c6316d866bfc430e88348726c24c3dd1bb036d891e49a3c3a386aee224ef2d991a6d7ac30078ac990c143f0b427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
37959bb4a37df3077850cb3bdc9a56ed

SHA1
ff0b6e678c1c6a839a7c181d5e6fa4acb7f932c0

SHA256
00211ec69462fc7b2f4e8f0b44c6dd19630af3ece6de7ca4080a8355b8560350

SHA512
5e3eedff31c3c2caa1efd5c7ac6eaf2634cc085939ec8defccad7273ecaf779780909aa480bc764f6686e99a044bf374688ab435e2a4bec5388be9aa3bc008ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
52adb16fbc80b7cd94b906a8e8c32689

SHA1
ebf64cc78639311d2c67c55990f84d0652f0406d

SHA256
62ea184da350952ca0144607dc1e3657bf296d97f8df46c27f8144805d570eed

SHA512
c54d6841fd5d1efbc624df68bfe573f5f13c8bc5f52c5d1434190c7b1ccb0ebaa059aa9684d8ccf763649577c9aaa2b391a47abdb1e608f932027556b17f86a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a92f99546785a8cc1e5ab01c698f9b8f

SHA1
4aa7e2db10eae10026f49ae2dd24c8eb9817bf0a

SHA256
a5d955be3f4cafb57af8b5eccf6bb626e2fd376d102c0930796894ba451b2e92

SHA512
5b4521f0f597c723fb13f582afc9bfdd1f5a69c5ff9891e717fb617bfd50f6d2a0bf281575589d78e720451a02b49a9cf0fec032adbfcc2b36cbfa50488c14bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7fe2e6fd72815a67943abc68d09ce06b

SHA1
1bdb61278e7f5bf9d0786dc7ad1354bee1551ccb

SHA256
4b919c754ef52b8c3085b2f60a2eb49b3c1386aab6afacc1c2ba6c54f1f99df2

SHA512
74fa13107ddd8440259263c09bfcfb05f133c0347627682a177c3bfcc0ed3b61b3d9ef1ee42776ceb2223b5bc174f6eaa9f19af1a48956dac4043a1cfb5eb88b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
db7b8b1e8b0288d346c424883975060e

SHA1
3035269aeccbd12e5198ae5bdf794c090ba903f0

SHA256
af6455af30a047861dc58d0baa0829048d6553132f437b10b06fa1d9dc97a70d

SHA512
6b212d1e4573f579565f6bb334f00955c2012d64ea516c95ce4407b6a6796f4111728abd423a179a1e4bc5ef4935a10e2a65341b4a32ba515b2c66eaecfa0250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ea717c6fa8e3a60fff78334aed6d3f46

SHA1
893ebd25f3c6d8016fcf896d37f59d8d466bef44

SHA256
6c488ff8795ce50c67f4b283f90a3d43cccae2fd707545d4bb8e2d387b1472dd

SHA512
49ef9fdaedb23487b59ad184ee8ccf6ea8def801f111801091cd9decc2bb8a76cf0994144e879e7e7167dfb5b5c0518cfbff867401051a320224ad6b03a28673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
89ac42474b2d0d05f01778984f269d5b

SHA1
5c0c85c33c151f47498f520b10ce19bc64078247

SHA256
8a1d9bced1b0214d4875ffa4d4d91e2887a77659cd1670f21e6b74c3d36e3174

SHA512
f96f1749eeaaa888d116e5e17d3832cde366df6954ea0dd71e410253eaf2c1b11f8fead9564debd3108fa27bc1865a8f1117e7102e9cd54e284bff3bd9b4b99d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d1edb8c1e19b41bbafdba6b942e5e666

SHA1
be34929909ef0221b884c87560db8250ee7c9711

SHA256
8f863133dbe6ecdcd64e0bb3ec7d62a0cfeac6c64c49f376e3829c3f65b400f7

SHA512
5d53ae8a82a965a2ae45d7901a1e801a82eee88f339a8e2219e75d28afb114732a3608fcadf1fde1cd648f0c452843850d6c5804e03d1bbd15e4c4639b7bfa19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4d1facc34055a3106a99d5f28ff26c23

SHA1
998fb5f1ce3be8ed3e33d9165061fdb2746d0918

SHA256
705b30c9984f6fb4bd985bdbe41778780f84606496bc0acf66f1b61f40a2ecde

SHA512
bb3adc4fe7b7bd1c30e0fa12219aa3edafac3b8805a7eb2c492f3a4eb42939721f12ba43f5b24e63aa09fb6e04d585a8ce1b2edf698e6f531542ba1f07468ac9

Download Submit
C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build2.exe

Filesize
324KB

MD5
d0eb40fe08f409805aed3f5312bfb5b8

SHA1
5f7942d58673854f01d25c3831efcba4182882e9

SHA256
2689a2c221cb723b4f35e912efa5c1f6df415d9f656b44c1c9cbbccf248ad1c6

SHA512
ad0925312dfb7f2ac82670b77c746920154dc2095553ef0df70c0a935bf4d0e31850bd6c4781cbd4e97fcc0a1bf3f918e977134b9d9101ed71088278a7b61e94

Download Submit
C:\Users\Admin\AppData\Local\114259ad-95e6-4bbe-8492-4ee3c165959c\build3.exe

Filesize
9KB

MD5
9ead10c08e72ae41921191f8db39bc16

SHA1
abe3bce01cd34afc88e2c838173f8c2bd0090ae1

SHA256
8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0

SHA512
aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\84ee4a0a-0bac-4306-a1cd-75a6f9a037ee.tmp

Filesize
200KB

MD5
431974c0966d6b02227454b45414484e

SHA1
8a26293b7a4ca1d1a0f57883b6275466ebb59b53

SHA256
02f3274fd6d229fc0eafdf183d9b2018f2e542f36fad940c706ef265c7ca35fe

SHA512
cce0fe7eeb49909baa74a3cae3e1aba4ff7ec4b363db1406085ecaded4284fa7407cdd056f4362dd6e6ba9235ae09b52d0519cc426ad3f1a607edfee76207bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4e466fd85d75f2dbe028b3928e8d778f

SHA1
ec495673585b78f478cb124657160be66a6bad31

SHA256
0f540d79e6b6ba7c07aa6390d7f3e0f9a1484ed30e9ca5c092b954468fbeb3d6

SHA512
501c696ce4e26a74e7bb0ae863e068df41db65148d2ef6502a8427ccb8305dd68976713519bc4472cc023f792c1543c47be8bdd3dfbec9cfbd34fefa7f1ed964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\18d26e9e-430b-45bc-8bbc-a0358c7db1b7.tmp

Filesize
7KB

MD5
a7902c33d3933525fd5dd6444f81c32b

SHA1
5f621e5c099794af9f03a84c344ad6caca8bb749

SHA256
f9a3e23f521a52ac8d8ee9ad85a3377825e105675844579ff790a2007ad786a2

SHA512
9704ac6116962cf30f615ef6147dd52fd8e7ba7eec9b8cf0e18ba6e2907bf6a42747d94fc71822635aa2a87078194879b7050401d2aa3748c26dff7512b67615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\573bb7ee-8537-4a43-9679-69018e7aac29.tmp

Filesize
7KB

MD5
64dd5e2f80d691d52fcfaf60c60b5134

SHA1
da2db9727ea0017b76291db7b7cce9a437959bb5

SHA256
b05ada2e883fe39967bd30dbcef8e18b5351ab7d5c6cd2f249627dfa758a7f88

SHA512
ae6dfbdc7d7e7ceef13af9f9b9563ab56d70c8578f1b4e730d5334346f62302b1ba84da618c81e7d6ce162c54b97a2ce21864aa66596c3ebb27011bf389a5565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\965062ba-2117-42c6-b910-ced05b3acb04.tmp

Filesize
4KB

MD5
9910ae12c2fd1c14eb19f13ca0e83bd5

SHA1
28af6666afef4f21e7eed4599f8cb1888a70e55f

SHA256
e50ecbedf5daa881491b10c225d22a25dea3a14d1605acb36a6d86e333da673a

SHA512
d32d0be162148cae167027730f732e01e392541649850bfb356ec586fb5eaa387d7c727425025ffa2a8bdb4c1e885972cef31196f5d110664ce38fad06cab376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
302KB

MD5
237e8db52f2410919c7d056274201aad

SHA1
f44d74380f78fc029cca94e7dc393e874d332ecd

SHA256
68694766d752e30e88621a4fc8f1158fe97597cd55321f64918739bd0b18bd69

SHA512
a3b5fd41c96949201c2d65491910a2832dd2ab757295b6b5502893134d6ac7619f9040bf308fbdbb8b682da53693b099a9bea7c84747ae9255741f2ef0d960ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
65KB

MD5
a7b7e7918a12587fee69cc84717f74cc

SHA1
6d002c60853e5c94a48817fb947ac1b3d16f1b6e

SHA256
605b901bc776b2358a2ea914f06c9da0ce5b422b01f764f308c68e9a789ca3e3

SHA512
85b0c4cdc2e67f6125ce2abc45bb934ea14c0c1a27b9bccb9e1fea7638ca7680765c39e15ad64f00f1fe8568c9ea10a57e6f6d96a21c1d10a339991600b7dd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
71KB

MD5
5aa24aa3b15841adfa6d56fbec40af73

SHA1
84d4be52622ccb166d7475a58372f48b2d33919f

SHA256
f68a61c078ee1007fe60a054c220f3282d8999128913e31e5c3aa9e4e0c55059

SHA512
2655f23094ae37c472ca2c39bb7ca2080a8271d1561b66f0c69314487ee5087265639d01f5d2c6749301461cf93d1e368d8da4e3a0896431f31865ea6b085048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
61KB

MD5
98cd30ec232b4d8130a06c984d8b73a5

SHA1
a5b9a5446b08b8a2bfdda101ec72537a92ab0de1

SHA256
c2b2952753b613d80525e39bef9706cc41728c38c2fa2bb65cd62ccd47cc055d

SHA512
d702c14b964f101eeec921feac272c4c75d30d88096aff8895c5b12755de4b02d89f333a7a36468e05947cdf6c61c05e21a499d972bb1021040c388159755049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
50KB

MD5
322c7ea5b81a01940fdc4cebe6d5022a

SHA1
000df4a603c205667c9da9735609019a4d1c77c1

SHA256
089d9480833d283208012845bcf91b1ec55b6da8db9c0f753e80bcd5b9d91b65

SHA512
681939f3979b71d914caccca22adb28988506becc3b795e7d0bedb87be932546b9da173b7352e792f9ddaf2a6f618bb0acec620ac9391ecbc4c273f50bee409b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
108KB

MD5
371e976fdc0396a2a19df2887ec21c7e

SHA1
5244965458646963631f1cc020543ccade5ff215

SHA256
3ee9526eed593009b438181c1bcffe0f4f321ce861ed52f971cb3ed84859172b

SHA512
f65dd4549b5ec44b6854e29c5a0bb7b19c9be44d7d4d555fc6d7d10c42dc0a8132bd5d98abb6a815baf51ba814a2386c88ec9fd7ee8d3c4e65d25ab7b8074cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
617KB

MD5
d408673703364df6e73168e313c9085a

SHA1
dd1a500765954f0b8f931d3cfe12aaa5b780fc79

SHA256
bed44f52bee41ced289954040f7e1d35d4be73cb164335d8943e687b5299bdcd

SHA512
01854d5972a6aacf09028b6b348bbe0da37fcf68866a82939d439988e762ae70464add76ca7ff0c7dd0ca491418e3de6fb696ecb22a3caf893411348529b2385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
35KB

MD5
f90847025caf7034a8790235179be5c9

SHA1
2994491da492c8cf4c51645cfe8807351257156e

SHA256
fed6b9374cbd3c1ae09c78dc2e46f79b013904493a26cb364c575d7eae89dbf2

SHA512
63d4bbd8042c2a39211ee2fb7921a8ae85af05428034f031540d3db0123e9bfa8a2821253e735613015e1ed8eec92384d8e16dddec4d5a87b0debd14804b4556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
29KB

MD5
f8d4cd97e53436f3c20d32bc3dd18695

SHA1
b412cb15b2b545181e6f3075e9847e6f1f5802e8

SHA256
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

SHA512
169197af2b468514c86c2f9434b4e62a814eec67b32fed51ba25484a15d69c8569da63e2776eb14c3587868731bb2482a375daefcd6ee8bad82cd2bcb9b78b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
132KB

MD5
fe9165eebacf164efc651ab3f778deea

SHA1
42a8d968ea0027b2116d1b0c52ff32c27998093b

SHA256
acc56edfffb5fd46bdf57d67b39dffe4f5146c161a61f42551594ca9563f0e89

SHA512
c0f463db2582baa2f610924f6de63535dbc9868620a997fafb101139afc99147d28f1a2c7c21e5b42af83e025673e5bed27e14e95cd8df9cce97f791807a7419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
48KB

MD5
d61ea2b152e49878b8b84432850a63e1

SHA1
9fa3fccf2f0147eb22d493a9585d4416d6020dba

SHA256
edce6627f6084c00b74f12f9e7b33ab3bcbe0efd0aa706ba765224dab3d9b7d8

SHA512
5407bcd3ca1520ae24c95f81da0abb547f69ab6154d377a7a0b22ecce0a3d453008edb6a6fd8d16662d327d13f34d99445f3fc29f32d151b9bf5094b46100900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c9

Filesize
43KB

MD5
563c842b84430e3ca3a9e28a04317ecb

SHA1
b3f0872ad2490566b445f4c8ca20b41e95e1376a

SHA256
2390b676138b8dd863b4bc00a0826901faaf4943d96e9cc88d6f72ae89a85cc7

SHA512
9da9a9e279755d5ba2cd3cfebe68554ea586f0274640efee3051c131848cc4727375dbb111f98eb26bd38cdb9dca5405e9e7c305c995293b1487d08886f8105c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cb

Filesize
38KB

MD5
e9912338b09bc7785c89251ddf7f10d0

SHA1
5b887cfa326ac8fe86bab15d8e7764ba72d7dfef

SHA256
0478820227ad0fb7cb3c2ccdcbdb6128205fa2d0f510f7e6d9232a655b626a3f

SHA512
91c9d283e58c6acac9bec2e2fc54038f787027a95a6309bf74b14f45c7a6b253e55001b8250352024d399af86fc5d3039f8df8f9ae2e1e1e64627f91babcc046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cc

Filesize
55KB

MD5
1a93a307454b3062f911dfb85b33aa19

SHA1
05d8ce1b51543c540820e8acb0b2b333f911af27

SHA256
71ec56f1877ef70e9cf76b12c68eb772ce8cda5648b24602c9861ecc4b51c521

SHA512
62dbc693ade5a82ccedeba0b592dfbdbec13d8c70abd4ebc80b52b0c0358319cbf6cb70641303420f4901d73233780d62f5218cc77af740131997797a926d934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4

Filesize
52KB

MD5
cbe38283be1c048cb2a9ff3f114e57ad

SHA1
07fa30317ca6b548d42359c71dd2547f379830fc

SHA256
d21c5a149421983291555b6c86facaecbe34d2044b6e5150912c4c81d3371602

SHA512
d8b9fe2e67296f31c33dfe5db2535451b62952d627c85939b4bf9460d2196b5f8a9a2ce2f06a1fde1cd1075d1d3da00c14804d9d9770dfda5fa814f682b8c70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d5

Filesize
129KB

MD5
4a031d154872056f5f5133ed888b992f

SHA1
c616f5b9b046ee1cc5998a3915678e6343360271

SHA256
29ad543b5b41c1f96ca6d589f3e9da183a8cde24a9bb7e4b781a6d2bf5cdd41d

SHA512
731e5f09877ff311aa4487b6f98a0d0a8d89fafbe1f5a4bc54c0dd517239077a721d406d239974f2b70da7ea76a1e4a27f67bd202ca05b787939e101a8978619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

Filesize
71KB

MD5
b220a47b34ed76f8305754609ad2875c

SHA1
2e27c22f544764e50c9a323517b4e73e572ec4c0

SHA256
485c4e0c81b0a42be4b064fc20d8be1a185ca659a004ec91ef43552e134b3c52

SHA512
617892430b8bd0812357f183fe1fd1826ef6e37940d6b5a3c9c1a545392b1917d34242400f0c147644241d72c2ff3292858be936b30f8b05a7acccd00cd42067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e3

Filesize
28KB

MD5
31048cd3dd91452922d6b1dc8c66a40a

SHA1
431872374aa0883e9817ebc7bd4c3e351e727544

SHA256
41b1229697315674ec508c48b71399f9cfbc54e29721c9630a9cd582f0359e33

SHA512
deeb17f76125a3305dd24143604053179906259368427ad5c3271ce8b1348ad86f8bf3bd9a9dd482fb4bbe7734f13171ffb8bc00d94decebd7f051b20da60cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6

Filesize
21KB

MD5
d4999def6d6e2cefe3b1d8549e4cad5a

SHA1
fcf7564b5c93d8037710d13af9f24a987b4778e2

SHA256
a4585bf33c5d6845863234be9b267784a2ed0cbdec06637be45a9eb99a3ae5f4

SHA512
4ac07141228f8d9f24f2da064ee5e1584435812373d347f4e50520186ef30f0567249c16548777b7b3e09b24c90821d6f71c67dca1d52bd2ffa97553d9fb4284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

Filesize
19KB

MD5
e77048fa46872865d9811a0b04e1e71b

SHA1
e619152591bcfe10f3cf1e3da1420ed99f4b3db0

SHA256
cd0d71610c081a1fc808dcecb296cf8bca4244b93d4acb19417bb0cfd17e4b76

SHA512
0a3e1364c268147e2abc769fd2fe631c18948ca9c02bc99c851e79160000af5788f6811db508b06feb85a25ba32785b89e6946146e2f59d936fa599c477137b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8

Filesize
21KB

MD5
26cf12652c1dcf193afc3bd0d450929b

SHA1
22f2e901b43c3f0358f480933ccb92263f7664e9

SHA256
0c4129fde9afe347feab75c59d95558e3bd7a3985d6a8f6e19c10bdcd81e8835

SHA512
7129af73d22de393053d683b74d1e4afb5d9ca874e8679b7c6941286d69748c8a4ebbab7bbe373b1071fa12bd3cea0e26ea833734e36db04697e7e5ac90c1565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9

Filesize
51KB

MD5
abfb0aeb193578e1623c4c823dfbb8b9

SHA1
0c3d8c8526ee77cdac5ef99a5818b4b61c3add31

SHA256
2a5058ff0e9fbebcf0f6e766a01944aa435447c0fb33f920c01722ab435eff37

SHA512
842f15a8e2babb2fcb751f8f566b1cf053a8e740992df9dea058519beb0e0fbbcda94fda99120bd34cfc9cbf009d434230da82a836478aa608f4045711a3ba8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea

Filesize
53KB

MD5
bc2d0a301cd4a27f068752a5c30eb29a

SHA1
27d43b45d3be1a583ba445ee96c35a49351e030b

SHA256
591e14db060272c8722a61a396ba5046622eeacc5bcf2bd40f1b43c6be883349

SHA512
da2e27ae210433af558053cfcd7d01838f42525e73360f81811ac72542dd02088cff955113d06b83aeed7e3aa0304cd30edb6eb7f503325f2af42a8ba61db6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb

Filesize
264KB

MD5
54a1a0813164a9b1b075571b928af9b0

SHA1
adebd38c92a545f60a0f576b4ae500b394107630

SHA256
1cf08dc3aff62e3b17c97aa7c2744f4b26dbb08196c3ea6fd815a6ea6188c67d

SHA512
7c2966ffb53188f931c25b20301beb914bf3d9a35e4328e14da2ee5c999d27c0062b06353f8dc75d52947bb09e8c7a8d9532d4849a18353888770826e2146276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d986eec9dd6e3a0c7300a2ceb897cf48

SHA1
37fe0339f66542e639fe1a1139bb4c6e3b4b2c24

SHA256
b5e1b8cf760fbf6fa9f12e69213207495d04f9401b63600f5b5428399d2e01c1

SHA512
418e467708af04707166c00bfd74fbd46f1036994286b10f481a6345b47152f203d23cb4c473b5c38c774bbf535b6a48d57910b0c03adf2a0d0a54265aaa2782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
349674caca35f396a06999c406eec5fa

SHA1
0d0924189b512cd910883dc53a6775bb94af00d6

SHA256
83c366884096dc1c122cff6189debd64d3a7fa4fb0fa737408810d3bc8dfebce

SHA512
442bd27efd2ac6ad1905ff74d02334cf23fadcde2f8c9befb5347fb85e3ef2f78a4435ffd8f8f4d8c84e0cb7e2556da4da7013aff6641c0b7589d1d64ad7fe9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4852e30ea7d04841fd88d8dc7dc749f7

SHA1
2194fd9df9fe25786ee3e4875bd13c8b302cf0c9

SHA256
f3cad5eaaa3030afc626c43e33b7af48b9ad962355b5e8aaf730bbdab9af1342

SHA512
b2ebc9e885c6ec90f3ff602be803a17c48035d816d8fadad110a9d50f011c938e3a7f26b9d117ffb8f12cf24a2c160ba42fe67ee247a211f00c9877787e2aa26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
fc3498593d9dbfd7a6a73599237bd051

SHA1
b40ac7d6531e578757d2610f4c0d39af06974ae4

SHA256
ff5db7b4979949199cc998e27531d5baaae8467d9f954940f271aba6573c9a0e

SHA512
20c4e0bc3c239480744c4bf47edd469da4b9dba62e7ff6a71dfcd6af0f4fc21a4ccb723943f12ac08bdd547328f8dc090c2ef5e244f8b29ff1db8b977a1403dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
59fbcbf5ca4f67ea8da23e92c28c90b9

SHA1
08c4bd1d570db835d9949e10670ce816978b4cc4

SHA256
b82cc63dd3ba4a02f007832f36477a3e23bb8e8e58d8c0087d76a3843cf05cb9

SHA512
f3d1c6dcd54390424012c4afa0cfcf6c7eb8817a00624dced26aad57739b9908a3bc18d01a9170432eb31e40452687777db8f0365294d3576bd44765df015644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6182e044f5d28ada05a66bfad25de133

SHA1
88741249751823c8bd13a8b428d183a353e7de51

SHA256
298c0e2011d723b16b185b86b0af8a21014f7ea55c84010ff3945b63d574a798

SHA512
3dca1a6ce5bc0212dcb63909cd86e134485aee93fdd3eadac12bc8635f3b083de43682853c7dec75075ed1bae9ad4669ace620a480360a059843d153136622b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c24201c484ae1c3252bf9ad117228164

SHA1
1a5f918414e9027b0fafe5f8fc4cc653ee50c7a4

SHA256
34f4d8be761f2c56878c6801445bc57a3602e94105095b223800871f4e153d54

SHA512
69c5071a4c5a476b1645c58f5c121176846b98a22caeaffd901e008db37a6b6f00b8e24b77eae1580126d518698fac8b9edcb2432db3af9ab58a3823f4d259e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF6d0c03.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
295B

MD5
f1b2730a23f8f76802203920e065b354

SHA1
dd845169285de23fecf93c08a0b584c758fc933c

SHA256
b4ac1198c0ec357e8a26c8544c3808d0cb2aeb449a4c9a14c224b3dea88627d6

SHA512
8b14314b90196741895356587cb29fe3bda96f3ba0410582f7c5b51c935e835185c243a69b6b23e8fc713e2df4afb94aa39f4c586b28a5a2c57b739cc679b935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e48810b6c07373527063c769bdd0280c

SHA1
0f1ddcb5d99dcd32f5e790b0491f02ad0df77b03

SHA256
a5edb82b691aeaeeb4e0b9582752c5d55b52c2db7c553c3916b172f6e6c3a1ad

SHA512
0dc218cfb731fcf2aeeb3dba6bf81abdb88472749af9a31294bbfa5b4e40a306b8126d6ee4d9812677e946a02bd25f190d7d9e32d07b40f3e16bed6683f7ef15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
66d3d1518664e483d7aa43a937c445b0

SHA1
26eef94756a5dd8239f85b24af3a8ddf091c3c25

SHA256
981630c7e5f9826856695f56a4cd5e0f064ab375eb6f747707599aaa190edf7c

SHA512
6f6dc66d38f8c92d99c6f0985208e3dbbd576d35c54054c278d5ece41f65827749d95c5cf2c8e47a5ad0ee7d3113d9e8a8b62b8a71f8e641f1e25dc434bd2832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
7df9e3088ba32fc6a40358c0922a31ac

SHA1
ef73b8163b0b0f01445612338482af0d4d33d2c6

SHA256
d0377ade6c13f8c73182b008145cac969f7aa836acbba3bf9efcce8f4bc4e985

SHA512
daca20f731a12700f90acddac2b2c0a5cd982b2dc04b48f95873ee86e9bfe79af738894a69def7de0e72c208210619d3797465901043b283e454c4b220699a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4731111abc98bae9244ea0554571734a

SHA1
e10192fb7545ae208573dada406d534146af3324

SHA256
fae73ffdb8fc2f716eeb7cfdd1c5bc134503a2d25e60dedb56e4209b0a3c6956

SHA512
540dfa64bfec9f26a4f4c8133b22f253a01fbb77faf57e200734fefa0cd5cc1769a220872beb9b7e94e181278eca01617bc79b0bfd449afd8de2af9072917d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
920cc6ffd7eabae5907720d95cb00201

SHA1
dfb1631b478b03ee80be1d8263f66c251ad20486

SHA256
9c52f3c7fff2b6004765c2d52c350d5d9ce624722fe6ec877d342b29297a1d19

SHA512
14ee5a6e497040009cdae4864312e2ebc426c401c8548f28419d835d770e9ea4aa8d64ebd41b1df38d4344372515c21bf7ef434e55a9024e66ace7333e7ab6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b6d8c4d3690cdf0bf2c7b7840701f585

SHA1
1c9b9e03d1932da80772281a0b27a6dcf65d9648

SHA256
4d1c2ac8a46d28821e389ec53729aee379ab594d54cf9f9f86de501421281fd1

SHA512
beb80a0f45611f2e1d80ca63ec394afa031bbb60c4f844dc392ba0178f70248a86ab7172040c9aacadc38db6ac90edafc32bf0bbb93a1e5f9d74562134ebb3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
077ff9c078390572457fd2136c6cacbe

SHA1
a53a301ec4fa1f25eefc71978fdb1f7482965f50

SHA256
31691ae4e9405663a70b9a440ef62a11f5e321515dac553a57a16c6055469f03

SHA512
5a0a19b1c34a6fe4ef4a4209dbbdfd259011c7a38301b78948b1bd1e28f9163d7ad58b11d71cdba8024d97e3f69e07c8b3acf12d258b187f65b9ca9d820528b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a940060c9ff6d5e0604a09400310d3fc

SHA1
95c01d8edf422fb8b6148886df66edc57896016e

SHA256
98a921fe2c46128308e7220fff7ac4db6e30b334c132f4f86bf624d88c7bf950

SHA512
2cadc87b1c4062120ba7c3d04667f0614527b600a4df162d7dccc47d391ce42b7c00c1d228f255e6cb9621714258a1aa84764b4fa9ad4b8eaae53a813a9b1a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7f0c9ba19ea5e8c61bcf235cb1e734f7

SHA1
98d7abcdc4387108dd522e59216c0713cf7b600a

SHA256
e7f517b20102c5583996348debf8a49e51168d86ad97ec8b40fca30fdf2fb2f6

SHA512
5e4543e80025eb0a48693a96c160716b76a8db2f0f91ea8b09ce90341fcab8d4f64579b08515b33774f51dedfd27b1c7addd1bc6ddb7c0cf161ad76bd70e6d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
634688a69ffd6f1d8f882391560fa001

SHA1
b770c226db9a7dee28677ecfe9b37e8d0f6f8a2a

SHA256
a4b385387fecb5b5d88107e7b397ef61fd1e6664a15c2be7091afce0d78afefb

SHA512
0e1f0a297b1d5b84826a1477752ab6a2780527658aa2026e5e6c34ef3f49594237cb6a8a652ae34471230eb3087bae97a2190c9a3a751199c4f964bfbc809029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9f01c4b7ebbe251854b4a5f876523c56

SHA1
26f028f8a074669f3786dc33b4278559ddfab58a

SHA256
836f5210988852ae49cd1fd3c9295b0d6b7873da725eabe069a6c998c31c9b90

SHA512
999c129ecbe8f6f87aa2b0abdfc54e51c0583bb7459f6f7939e4b1f3181e72c02e99c9e27ce92f3a0c7437b7dae8ba7160a586fa58b24dc7a8e4b2ccbd338cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c9ca1c0f522e2ff57a89a5cc85ac42b

SHA1
77fb6b877e7ff182f7f1d376f1d5d334e77efae5

SHA256
776e0d5aa753c996b7c227e01917347dcee4a00b487a35263148ea6b637b345b

SHA512
40bad9029e547fe61c53eea46bf06c65f44081ee09c44b378bd15297e2c301ac4f4c9c7ba8ce8be1d11df471c5c733067c1b8e8e2a9d9c8ac5ff63f41bbef48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
71602da3eef76660a175c5e9f99adba7

SHA1
629bd057e89aafd3e38213f27435a67bba470d52

SHA256
9f621c26d2e3950d1b3619dfc2f2cc5ba492339f6f0eca198b02002e5a84dc3d

SHA512
1f874320cb7029f9f5faec8718454cc81d9030a47df3c8a910772f9e35958beb8f82835c31b4c101c69572e3d55a265c7120995d7ed0bab6745c2d79229f4ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d7e035bd8f30554465670c6c2369c11a

SHA1
84dbc6ffd9142520f84fe4b9277055add52717cc

SHA256
9820b7a27cc16e21232bc9faa39d2d93b25682e7f4fa68623cfc5f04821ef329

SHA512
1de8c866cdb76f35a1439a0c5d69b66896af9155352c59f1b4e7ac77560cbc7a1698261c8f69945ac3b25c83007cb03e7b9eb4f82a83b2c3089ce7d9ff0976cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
261ec18929ba7f839fd8413ffa6221f3

SHA1
92a62b205f54c271cfb5aede4fb0da23f6957505

SHA256
cb2bbfdfb3f3424d9aeddaa34c5d0f6555180ec2630f4016732ff454a69f694b

SHA512
2a8fabc7b86cb6486e34df378d48f2d4ffa3090a639ac80b4c4516ee4af1a07cfe8ac25cc96069d1f1966601af1804d7159e84f7f057d437f40ac41b30ea3aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99a7d2b74365545aaf870cd5cda2dc1d

SHA1
402769db06646cf0d7447ea266bddf386deaac42

SHA256
05f0744971ca06916d9ee99070c869e18758f4d396f5a0ddbff9cd7c1d3eeb5a

SHA512
0e58cfb603a23dd3ff7d2c349fba3d16f9cafbcdbc24b88284b2a592ee8607ce9bd4b8587ee9bb7fa1674c9a469dde32bf60938a6022f1ff644a7da3f0b4afa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d265f10c627f4236ee5f3056b79d692

SHA1
ef02bdf9d2a678bb14a03a83f4c40ed0093d59f3

SHA256
436b044ce51e6abcd4dd1eb8e4e48fe293d967d7a6d2afa7b02fe67363c99739

SHA512
156c4c84d7dad564a0f85bb5a1e26e1336e557e110916dbde18afa561fbe222c6b9373803346a165ac861fcf8ec7c549bb03392a352566eb588d0386a73f404e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd6fd859561d1292cd639cb7f087b60f

SHA1
3aa998b074e810302529fc787f32f7e805f82162

SHA256
7de442fe7088b06e55dbbd4118b00903ebde299e091724a633e1cd2ceea0720f

SHA512
b6e035eb570c5d970768254820a393f4abf1f53a763d5638b6683f46d5bbb4ffc54b407e399ff50424ee3fa9265dbd32bb6dacb5ed32f2fb1129fc464bbfd734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ae71d1331822a583382dd00fa6118008

SHA1
20d95b7eaf4a3f1185108d298e406f4bbdc531fd

SHA256
cdc5f0b16aa7745b3571955621e69f28e5e48ef3d5ef26dda0ecb3581c14b50e

SHA512
68e83642d869e7d87e96045e8775e9b926b435422cde48d20bc8649359fda533822e5a647a155c1236c81f0a399d2049ec4731ea6cf57603c442801b6788f62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eb39fe2d30fcfbfc4b96c0e757bb4489

SHA1
b4b50d42bba688f5eb1b3d6149946ccc8d8d6af7

SHA256
7c08dce68be15f5944ec46e6fe5f29135a6d4308bf7cd7e24a710ecf490493d0

SHA512
60109aa2fbcc46f5652abc84cca28b422b96ab5891273d76bb6fd9d3e626fa5f83257b1de71c38904cbbced719d9f57beaa28767538a7ba924103cff496afd30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b42aa145-4d89-4e12-8bfe-5e2179676460.tmp

Filesize
13KB

MD5
a5465d900a350c16bcd83f0c96575c4a

SHA1
9e32beec0615e39343e012ba26b56ed8e6e398e0

SHA256
4e9d1e09a6e458f968cc8ffd90735e0587ff421487c1ecdf7e55fe56162e0927

SHA512
8715bdfc07c8f180dc697043a2947714f35594934f25d4e94ca3ad79666730c8955fe6f68081363b1423e901cf32c1e56cb66feaf187e44ac14f127c22445a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d97af930-ecc4-4fb2-acd5-71dd9f4fb418.tmp

Filesize
13KB

MD5
50186568a3442a6396ca94c72400a074

SHA1
3bb360146c26ad727fb36faceddd0fb9b5f5b1c8

SHA256
5df05267ef95510e78b3e95a887c6a3b9787221e6fe5654192e641719de811b6

SHA512
e1a6a010dce74e4d3936f3df64f234169bd7a133643f6de1c139f6ffcf027ca1d9205f14cf4f7f8ec9942f936bc53c85a30ba9bf0bbdbcfcf39e0b0311c96db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d25aecc59ae1c10c0eff0dc0fa637494

SHA1
bfeb682d39b39ab4af9d095bd987720df10d50fc

SHA256
98e1b0a543189fb56b6a586b8a200a1f2761c8d74d63222bcfcd20a9661a539a

SHA512
54a2ce73273ea093ccb49fe3e08f75e6d062854c04cf03680e5782c7f7c17bba2c4feff8b6ff84547938ffb72a4d2c560580e5629201c88671ed8a501a29623e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1daed9cd3a94346c95a34cbedff48d29

SHA1
3e7736e70d8cc63c30191671f00ee11c5aba86de

SHA256
f6d7a97128cd5022f35e28da3967ccd263c01f0ed7e7f5ea69807211cb3d9a87

SHA512
e3d8ae8f070afccdf7e50192313e916e532f3ee0d532afbdb40292671a22e620a5c3246b368d25e9bedccf11cda15fd188a19713a8b1afd7513cc1d912d9d3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12553b7033f48bc744d4babb559bc828

SHA1
b95980cc9ffbca3bd121f624cb59556215543e0d

SHA256
6379216ead6835d931af2a98d77c2eeee6bc210b4af87243de29cb72192e2375

SHA512
4746f3e3f9dcb8709d0177ab9a60ebc27f390300be92cd4176520e5a8ff313abeb0f5ad60bbfde98cec88fc5ffc5d4e1fb2fb594371204244d9f50637d3d0ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e831228431f3cc8567652f0386422890

SHA1
024a256bf0a64deabf932383752c532fb472cf15

SHA256
800a92d2b3171b177e3065a635636628673bca325707e7d27a1effa1783b53be

SHA512
2e0f2b447d51bb686c3c316987bf887adef917984dcc254dd2d1a5f6504727444bcde8ff69090344507789e4f27c2ed44caac0723659b6e126efbf16c8427a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8282dbdfbf39ee14f90c01e02dd2a34f

SHA1
ad2a43d4c7333485f1e8d1a9c2ae98dc6de38065

SHA256
5172d49ebd447314ceb915b6753a603233d31a067827980b80456901ad1b72f4

SHA512
5296a40b73108e6d2c5337da0944a08497ce616705a7be488bcc4221c25fcb50a907ade92a6f075bf7802df7535dcbceca6d8c6378810c98417c8cd5e6906a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0b019fc49ff6d9b4a89a3397b3d0ce54

SHA1
0626f8d079e93b5c1aa7dcf2aec63282b22386cd

SHA256
f12ad25325ea58144fc7d524b8aa079e387358230ea40dcab2cc3c5fa6c87091

SHA512
a695d3b4be2af3f8b55bedfd39ca7ad5e112826fb4621acc446963214394ea30caccec6b31f1f2e1f255c2b388e0658a0fe75b235758b7f61cb622523c993e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d23411c2d7243105669194a1f804c9ed

SHA1
fb55ae741ef8200911f390df03c683edadbfeefe

SHA256
d4a4ca38947b86d4f856ce025619e269e1122fe6735140b7b2699fe4f60d37a6

SHA512
f37914af48a5da64ece9d095275e90738e89c1b0669fc038585b9d1d94c4819c53b6844ff47456a3f62bf194bd4897bdced56723b02d16434aac3fe4162323ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48c7daf9c6fb160a47ad9d00453a168e

SHA1
3b751724db139d8f3e0c686652d311c6c24a6d89

SHA256
d46316dc460f82813455e1b9fe8633d30cac96610914ddc36d35055aee9ad4b1

SHA512
05ade06b995726a6992f09869d026f8459275cf6fa01151501213aac895729c94425c17410e47bbba86532c716fdcf040135ccd0cf862bcb53778916dcbb2dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e9e594f46c16044b8bd647da20d4e836

SHA1
0ec20a3d42c639fa6d38271c6c0462230eb8a5d9

SHA256
67e342717cc646b8d7cf46b0bbd406600ca14b8a80b5b5701e57f0cb23fdc30d

SHA512
b9d39a8adbc2eb38d94a85d6c940e07610f7afea905b5da88a7806cb4d9247b839da024eb0d31be65a49f10a001a6d75147082245031b33908249cf98a9a7990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5686088050ea2da31fd7891ea3c3fcf8

SHA1
7b00af44bc2ede33b387be11b8298382ab0f5f2a

SHA256
1597842ff5817beedb9d9758359791dbd85e4a1af08365657fa98ff82c9a03e6

SHA512
dba03a7ee838a869113359aea488cfdc284bd0d03a65f8022561824e6ae2ac902665da39261a244bfbe7540b084e863262838e3e7a8fcfeaf41fc73db4d8d601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dba99a4c-1197-45d8-b26c-aabd408bba7f.tmp

Filesize
7KB

MD5
e4ef883d9329ba5c97958e0126ea60dc

SHA1
e38e2e6fd11369d0013314a95020f352817dd8f7

SHA256
8a738421a7d38ab355dba32e07eddc40b836fc55291a3880c2b5679946922d8c

SHA512
7c3e22de8eecf3f551f5625e8c72efcbe35c995f703c70baf4e285d40319de425f17a64b9dd05ccc00b464cadbe09e67996301f891a369278fa140d81074b061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f8300952-4189-49e7-a7c1-e9c821476472.tmp

Filesize
5KB

MD5
961c46a80bdb914167243ddf2e487cd9

SHA1
98a2afd439b34c4870340557fdafadcf42985a2b

SHA256
a4db3014b3a0c3253279fd1287fc419dd616b32b27671ae225e59b52609bdb66

SHA512
08f2107e289bdd754b89d97d9a3abb3fc9dda6d62e0167d9a3d2cc303aecd85d2023f6ae3f3d7aba32277ebf219e9cba87bccc8bdda1965e2ff02335ef901a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
11d62aa78a8725f946fca76fa1e7441c

SHA1
a1b8e53688fcef101df1ae8fd05f283069a9111c

SHA256
daee8c1c2d7587e0c6f810c2a0f15b1a639d1844a6dcc4aaec3b096d5960e0c5

SHA512
d51fc86cd4d4d1e14398ae9d8c99735bb422c1795dea4bbd06133742c6490adc6e02c4cd172a6b465db750d42119cf668c70c18519d9d99da2b1651c4502a080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
2c1529645a7767b9c2b98cc8002511c9

SHA1
2b26096bea3f23fd4d6cc632b7bcf5db9eb7f3ed

SHA256
175819976df0ce8edfe1d9dbe2b9074e60d4df2a91c230d8e82a624015dc3b16

SHA512
7b554c71162cd57d4cdb30269bd5ea3b8afb9a421bf0e3eb9f29a2809375aad601150f2345e893093a6fb681aec986b56964880d2bafe3917e64d318a8a89cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
98f6b1f9156b19fc45c9a1c11da3f1d4

SHA1
f079998421f7c4b1c61e143a6aa15d9eae6d3fa2

SHA256
2b134afcddb80d49b8752abf758cbdb3162c2cca6463254886e7006dcfffbfb6

SHA512
aab6a07e8dfca9060db05cab3dfa398c20fdf5b590114368a4f5d0549921c5809dea0f93f335ec604a2d917388090a5d1bf3b70b699075fd5cf1bef31dfe02fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
ca1fc80bb0f0a7880a5007f4e0a1e79c

SHA1
5460cdb0a1467909841816c35d4a390028077cd2

SHA256
063acedfd4435d1f7ca1071168254c208800725eaf7819364896aa37ff27b448

SHA512
9b6604e71a5fa31b8541981ce855fb3cbe3def8dda409d602b8f6f4a41270b1754d3c885e6bfd05d0a501d0f250e51128a5a750cf90149b4b2f5f6977bd9d659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
a571185c16c3cdda9ccce754b4a9d85b

SHA1
1d423ef3ddc063cfecf4f018186423759f22ff23

SHA256
312b3af6faa3523e75de00b1a32ac45f917ccf82521c43a0d76ab22254176416

SHA512
29d8e9c509706b90985cfeadc20168ee5301e242024ba68d243ce5b3220f6f3081744a7903b96f2cf6b7a99e77b69abc7049874dd3ac0dd27c37a10957021fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
153c4a80dc973dd892aa1517193e5fed

SHA1
91c511657ea03af2d47d277531d1c67b554b144e

SHA256
12be78ade380560c669e10433025e38555138e395f72cbbe4f3eead8a2e65574

SHA512
f98a48cd475e5c98c6ab0ebf1531ef16b6df0bfc1511527b7c670f21b0d5cc3543dc76ecd5df27065ceb741d9db50c061b953e4483f31d72e0715221aa9db897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GNJ30TNQ\freedesktopsoft[1].xml

Filesize
100B

MD5
607358fe04a53a334fc8a4e53e4edf3e

SHA1
8e63afb8f625a9faf0e59d0cd3b4efe9ca5f4519

SHA256
61c80a27c1ee38dee3c21f0af3581c5dedf93e5e4b63bb7bbeb4db6375ef68d7

SHA512
6948e2f96a8af42bdbcbaf772784e3ef08a8c7b487bc0944453c5e2c828f45a34aaf700ecb3f7a69565078b89bcaefc4f060f2a9cef43ed02b8bac467611c332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GNJ30TNQ\freedesktopsoft[1].xml

Filesize
4KB

MD5
fb3159646476b55f1651098a75e5f141

SHA1
c8db6660fe7d38f3d6b826def7936c000329fdd2

SHA256
29dc4852255cd45c972c610cb207c970ffe5786f07aa42efc70fdf57a53f7765

SHA512
3263ebcf5ee4e5bd1736c6a9819c2c9de426a021c1ad198ff80392678caa8b763d3c420a5514f5e54db118908c30b969f71a93e5be8bab64d9d56467751dae4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000001001\XandETC.exe

Filesize
3.7MB

MD5
3006b49f3a30a80bb85074c279acc7df

SHA1
728a7a867d13ad0034c29283939d94f0df6c19df

SHA256
f283b4c0ad4a902e1cb64201742ca4c5118f275e7b911a7dafda1ef01b825280

SHA512
e8fc5791892d7f08af5a33462a11d39d29b5e86a62cbf135b12e71f2fcaaa48d40d5e3238f64e17a2f126bcfb9d70553a02d30dc60a89f1089b2c1e7465105dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\10180c8ca3\oneetx.exe

Filesize
220KB

MD5
0f59853fb3b3a252e267e204024390c2

SHA1
e692c9d78613e7cac791559f4c8e1f7dd5c74c37

SHA256
dda2cf88b2ff2f785b1842db4e5c775f2c10b897d6e30905f1150c640f5d79c2

SHA512
1bcb63516644524c4fd9fcccfd99849f9913c501e53c3c71e3fb90657f42c1e59cc9c2f9a56f39a3f4029216eed1d11d7228b3e01433203fa71a9b0457f2d31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\50EF.exe

Filesize
253KB

MD5
059a9820a23102a7617145b1df95fb51

SHA1
a021d4d2a2862759741640132d6a86e93afe41be

SHA256
99d9c8fe03e90cef0af5d4edf84544fb27732083e30216e6c2cb80d256308769

SHA512
0e83896b170497e07ac94fafe27bf95d63a765cbdec190b3b15653c0ccf26b8f683f500e132f9133f9cc47364be36f8ae66f465ab4c8a4e19dd0840b9c9b1c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6DD3.exe

Filesize
235KB

MD5
bf0d7829650519a9982edabcfa8f93c0

SHA1
08f6fb13123cc837d4515d54d0525602052b5577

SHA256
6a31368693cd06e5311210b937e8a3921ebdf4470f9e96761738cd84c083398e

SHA512
003d981191b221b9c301be384b309e2bfde727f88f935ce046c58789e42d2be2d0f99001c513dd7a5db7cfbd63b232ce656b2a4acb598926b48ec59309a7b510

Download Submit
C:\Users\Admin\AppData\Local\Temp\71BB.exe

Filesize
734KB

MD5
7fdb0b29a5ab78f2ba34072524250086

SHA1
ad183b223d27fc95d55dfc5ef8f77785a6cbd0a3

SHA256
cdcdc5b40b686780c86942b34bf5a175ca02d0fb3e8cadee923eecb2a6be7837

SHA512
7b8c04552d4142d7520b24ea6635da7373e7c8f5c0447d26e264f88640105ab8b930b68d91c92de73f40d2a2fb32d1ac3fbdce659995d215def4ef5083e44eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\8423.exe

Filesize
4.9MB

MD5
10ec0c51d73f68a10b00a9425b0c2a4c

SHA1
3796a9eb91ee0b86ea953370de6b97a036b3b6e9

SHA256
6c2c90bb276297dac4caf0b20e38b3a828bac9c98533c36423090cd4fe9a8952

SHA512
43976bc013d6414147c2670f36ed6b0b9f7e59a1369264b7bdcb522e71fbd8555677db2b4faba59e1d6e1039c89c757e875ae7af8173518ac9e39bc8d984aad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1425.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-main.zip\memz-main\MEMZ 3.0 (1).zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KK47G.tmp\butterflyondesktop.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4MQNR75VXGNZB5260IJH.temp

Filesize
7KB

MD5
5d3d3931e50d0762aab57590e7f4eab0

SHA1
3ced2c9a0906e98a7f98c5ff2acb02bba9ff83c8

SHA256
8eb5a14412887b8ad493aefe3fa2c10fdc47352f04a8e0b031122a302e93f986

SHA512
eebf0834c7b7ed9b518fd186c33d26808c52c29a7486ffaa5b406f9aacdaa83e970fd928ea81094bc157d1bcb4c35ff3d7723602c8ffb005d790b0b2206a82cb

Download Submit
C:\Users\Admin\DOCUME~1\MEMZ3~1.0(1\MEMZ3~1.0\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat

Filesize
12KB

MD5
13a43c26bb98449fd82d2a552877013a

SHA1
71eb7dc393ac1f204488e11f5c1eef56f1e746af

SHA256
5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513

SHA512
602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a

Download Submit
C:\Users\Admin\Downloads\PAVSetup.exe

Filesize
80.6MB

MD5
3d21306ac6b663baa0b33dc0e674d9b0

SHA1
31cffb600fb10e0991320ba25a37e3bf29690f50

SHA256
a01caecbaa7e3ab886ee743b31710ae628f07d5e6395783ba713f7e8705b697e

SHA512
13727e972e7483d0cf2de1c835a65439c48e985759b345ded26679085423a101f3cbe7f9c03413c6acbb84c8a20f8c779a66e36de635b6c9ec2dddd3804c1a09

Download Submit
C:\Users\Admin\Downloads\PAV\Setup.exe

Filesize
285KB

MD5
4719ed774afa76d6028dff47b7f598f5

SHA1
d1436ddb767ca049ae3add305e6fe7ed59fe42f9

SHA256
576aaff9d3cc238476d6d66190c8f223fe7c849f271943d455c897a43cf6769a

SHA512
a22e0fb37dadfbd538c0aef7259214b660a6e9537ff7eb3f53b2cfbd00b47611e76a60b370b73290511dff0699d246e4ee9a42f541605b765e5aa6dcd10d49ca

Download Submit
C:\Users\Admin\Downloads\PAV\WindowsVista\BMP\CP\Commonbmp.bmp

Filesize
65KB

MD5
b77647ed0a9c0a48b999bd021e9c8269

SHA1
57bed6d1c3493e31449388f49cee30444ad077a6

SHA256
6f63abbbae182c411e4264f92f3273197816e5b5416232efb904ce07eb3bf477

SHA512
8aec38eaa2b8bf4d6fa8670933db47941140777986ada9e74cfb747f9f0251542cec5207548543ba162aa30ae69e0e18c57e3a9fbcebce917d3ecc131dd6480f

Download Submit
C:\Users\Admin\Downloads\PAV\WindowsVista\Common Files\FilesexistsCrashProof.dat

Filesize
392B

MD5
ac570b980151c309504b894bc17a3fbc

SHA1
9a266314d27a62dc2d01ea5f358d392b50de7349

SHA256
056e87c1ff780100586e9edef2f26c9dc40d553278b843a6643bc3a79585aef4

SHA512
50c28e19c3b1cc6e6197e90194fcbc312b47d3df33d57f5829db31951f726f2453099b4aefd34e087c43bb22a42d645fa5f1ba8b327f489f41aafd82ae4cfbb7

Download Submit
C:\Users\Admin\Downloads\PAV\WindowsVista\Common Files\ReadmeCrashProof.chm

Filesize
391KB

MD5
ab1c394fa61936d144510ccf09137b18

SHA1
1b832da83e72a71036d29b12d0e348c9b6c0a611

SHA256
4528ff09bd2fbaa2ee346616f9e559f84a2b06987620eb2afce08b062758a018

SHA512
f311e7a2194e4237782ee817fad6754c3438435329aa3b6bd4e940550879d1190881c3bdf67447ba571c8b7fba69dfc7ff1e026381f931b5c40224d6f43e4e10

Download Submit
C:\Users\Admin\Downloads\PAV\WindowsVista\Common Files\RescueCD.iso

Filesize
900KB

MD5
2cb647f93acc7a32529448ed7c5ab87e

SHA1
2e71420402de9bad9910ba4622b9ed9edd8d4ebf

SHA256
f3a9f7fa4c851680cced1e5ad45e3f8153a0b0817279437ebbaacc1becb7339f

SHA512
fa2e838421a823074e954fbe7ade9cfc05013e43008ef343d8ef1c4e87d3f1ff235c969d674d28b8748d363f879b27712b5daa5c249838039ef7153a22705b1b

Download Submit
C:\Users\Admin\Downloads\PAV\Windows\BMP\Common\ProductHelp.bmp

Filesize
67KB

MD5
28460433633183f45ab536cfc5835cff

SHA1
e463a5d9790de48b6e442314410a15e3a07452f1

SHA256
24b263b68ba31a2d6127eff47f0d1b7d792579539c2203fdd014e662d30d12de

SHA512
8da8aba03bf55f9fe4b0ae054a071e59c5466f2ea54089b5ffff9287d2cdb1f4899aaadd7d78bf32bd0a5ceeb0b8bdb61da6646982a78f5308e0a7d04b67a8d8

Download Submit
C:\Users\Admin\Downloads\PAV\Windows\BMP\KeyNoCommon.bmp

Filesize
65KB

MD5
32b015c5cb274c53137ef21b5d003096

SHA1
216ef9c2cb6deec47ea4067bac419d05b9310907

SHA256
ef9afde8416aa9e433dfb788aef7a89c4d6afed486b455624e37b45d69036ddb

SHA512
ccd0ef99de50a1518dffd9a30a5b6ef5ee296a5c84e875c4f399b43844abf6dd564d51a6d49903f174fb44be6fc6bbe3a247960cec86b3c2b86ed182e6818a7b

Download Submit
C:\Users\Admin\Downloads\PAV\Windows\BMP\Renewal.bmp

Filesize
99KB

MD5
75e7c82def08d68ae8899f8188329b7f

SHA1
604af89f8cc5fc9b367f7648db90bbc0b3b8b2ab

SHA256
4bc667eb5a7f106817a8376c8af1c0543aa5b14daa416bef3513268681c731bc

SHA512
00e7c880f126cbc608a437a24db34c60d952722a919175b5d2d7f5808fe3dc09936ed752101dd2ab3b4ab27d90205f6991f4f98b54e7bcda2f175f98f87deb72

Download Submit
C:\Users\Admin\Downloads\butterflyondesktop.exe

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
C:\Users\Admin\Downloads\butterflyondesktop.exe

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
C:\Users\Admin\Downloads\butterflyondesktop.exe

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
C:\Users\Admin\Downloads\memz-main.zip

Filesize
16KB

MD5
103fbf0c1c832fb7893471f0fb8afe26

SHA1
cfdc1a5ce3864e0049ca8b1cbe14f221aee5f9b4

SHA256
7a80a9cbb48c81b3bcf3a4482acb3af6f5cd2318bfbaddf9d9581d55b0540bf2

SHA512
48316225933b9fc92eee25013da06d4ddda454a0ec00e2d1dfc0af3fd31df26e6bebe49119b040449c970862794ebb9b4df460343b863a986858c957d97dd771

Download Submit
C:\Users\Admin\Downloads\memz-main.zip

Filesize
16KB

MD5
103fbf0c1c832fb7893471f0fb8afe26

SHA1
cfdc1a5ce3864e0049ca8b1cbe14f221aee5f9b4

SHA256
7a80a9cbb48c81b3bcf3a4482acb3af6f5cd2318bfbaddf9d9581d55b0540bf2

SHA512
48316225933b9fc92eee25013da06d4ddda454a0ec00e2d1dfc0af3fd31df26e6bebe49119b040449c970862794ebb9b4df460343b863a986858c957d97dd771

Download Submit
\??\c:\users\admin\appdata\local\temp\is-kk47g.tmp\butterflyondesktop.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
\Program Files (x86)\Butterfly on Desktop\unins000.exe

Filesize
698KB

MD5
1fee4db19d9f5af7834ec556311e69dd

SHA1
ff779b9a3515b5a85ab27198939c58c0ad08da70

SHA256
3d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36

SHA512
306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65

Download Submit
\Users\Admin\AppData\Local\Temp\is-KK47G.tmp\butterflyondesktop.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
\Users\Admin\AppData\Local\Temp\is-R19P7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-R19P7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/844-3531-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/844-3600-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/844-3550-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/924-4685-0x0000000002250000-0x0000000002258000-memory.dmp

Filesize
32KB

Download
memory/924-4923-0x00000000025C4000-0x00000000025C7000-memory.dmp

Filesize
12KB

Download
memory/924-4623-0x00000000025C0000-0x0000000002640000-memory.dmp

Filesize
512KB

Download
memory/924-4924-0x00000000025CB000-0x0000000002602000-memory.dmp

Filesize
220KB

Download
memory/1044-4576-0x000000013FCF0000-0x00000001400AD000-memory.dmp

Filesize
3.7MB

Download
memory/1356-4386-0x0000000002860000-0x0000000002876000-memory.dmp

Filesize
88KB

Download
memory/1356-4497-0x00000000028A0000-0x00000000028B6000-memory.dmp

Filesize
88KB

Download
memory/1356-56-0x0000000002220000-0x0000000002236000-memory.dmp

Filesize
88KB

Download
memory/1444-4498-0x0000000000340000-0x00000000003D2000-memory.dmp

Filesize
584KB

Download
memory/1480-4592-0x0000000000220000-0x0000000000277000-memory.dmp

Filesize
348KB

Download
memory/1588-55-0x0000000000020000-0x0000000000029000-memory.dmp

Filesize
36KB

Download
memory/1588-57-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1800-4461-0x0000000003340000-0x00000000033B8000-memory.dmp

Filesize
480KB

Download
memory/1800-4423-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2064-4492-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2064-4378-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2064-4275-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2064-4490-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2064-4274-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2064-4277-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2108-4472-0x0000000004360000-0x00000000043F2000-memory.dmp

Filesize
584KB

Download
memory/2124-4471-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2296-4122-0x0000000001290000-0x0000000001770000-memory.dmp

Filesize
4.9MB

Download
memory/2372-4271-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download
memory/2372-4118-0x0000000000240000-0x0000000000276000-memory.dmp

Filesize
216KB

Download
memory/2392-4256-0x00000000001B0000-0x00000000001B9000-memory.dmp

Filesize
36KB

Download
memory/2392-4387-0x0000000000400000-0x0000000002B94000-memory.dmp

Filesize
39.6MB

Download
memory/2452-4578-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2452-4493-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2452-4491-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2508-4567-0x000000013F8E0000-0x000000013FC9D000-memory.dmp

Filesize
3.7MB

Download
memory/2508-4489-0x000000013F8E0000-0x000000013FC9D000-memory.dmp

Filesize
3.7MB

Download
memory/2528-4616-0x0000000002320000-0x00000000023A0000-memory.dmp

Filesize
512KB

Download
memory/2528-4631-0x000000001B1C0000-0x000000001B4A2000-memory.dmp

Filesize
2.9MB

Download
memory/2528-4622-0x0000000002320000-0x00000000023A0000-memory.dmp

Filesize
512KB

Download
memory/2588-4273-0x0000000002C20000-0x0000000002D3B000-memory.dmp

Filesize
1.1MB

Download
memory/2588-4255-0x0000000000240000-0x00000000002D2000-memory.dmp

Filesize
584KB

Download
memory/2732-3560-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2732-3540-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2732-3578-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2732-3588-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2732-3599-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2796-4382-0x0000000000820000-0x0000000000D00000-memory.dmp

Filesize
4.9MB

Download
memory/2800-4457-0x00000000002A0000-0x0000000000332000-memory.dmp

Filesize
584KB

Download
memory/2872-4621-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2884-4750-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2892-4463-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2892-4501-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2980-4504-0x0000000000400000-0x0000000002B94000-memory.dmp

Filesize
39.6MB

Download
memory/2984-4588-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download