badrabbit | hxxp://yanderesimulator[.]com

Analysis

max time kernel
797s
max time network
812s
platform
windows7_x64
resource
win7-20230831-es
resource tags

arch:x64arch:x86image:win7-20230831-eslocale:es-esos:windows7-x64systemwindows
submitted
17-10-2023 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://yanderesimulator.com

Score

10^/10

badrabbit discovery persistence ransomware

Malware Config

Signatures

BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit

Executes dropped EXE 8 IoCs

pid	Process
240	[email protected]
2448	NavaShield.exe
2244	NavaBridge.exe
2520	NavaDebugger.exe
2476	NavaShield.exe
3468	[email protected]
3600	[email protected]
3760	A380.tmp

Loads dropped DLL 14 IoCs

pid	Process
240	[email protected]
2448	NavaShield.exe
2448	NavaShield.exe
2448	NavaShield.exe
2448	NavaShield.exe
2448	NavaShield.exe
2244	NavaBridge.exe
2244	NavaBridge.exe
2244	NavaBridge.exe
2448	NavaShield.exe
2520	NavaDebugger.exe
2476	NavaShield.exe
2476	NavaShield.exe
2476	NavaShield.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Windows\CurrentVersion\Run\NavaShield = "c:\\Nava Labs\\Nava Shield\\navashield.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\cscc.dat	rundll32.exe
File created	C:\Windows\dispci.exe	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\A380.tmp	rundll32.exe
File created	C:\Windows\infpub.dat	[email protected]
File opened for modification	C:\Windows\infpub.dat	[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	NavaShield.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	NavaShield.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5EB2889-6D33-11EE-89F9-D2CD834E6CFC} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000077b58f2f3beecd9fb19d5cc43e4b67aa0e9035884f36134ccac87e3bee3cd7b0000000000e8000000002000020000000c35923a4b274ed0fc67f5545075099d792bce28b06a25d3f0f18cb6f089e5cd1300100005e5d85099404ba258204c9aa4165a6cb06bd1a126cfdb571a577bba6ca071bfafa7a13facd6ef5de9131ce7561262105bc0967ff4d2898df226cf47fdedc805d4a846d9846b6070fb284f096ecc2e594bc3c8b2183b82e5fc84dbbe14f7db9a13d4e73be0b9fcc5b61b46698dfb942b3da7fc5d47dc33ff78229dd416eacb4d15149d40cf2da83f91a6c4484ef7cf73e0ef45536b8c0d094c7f8ada96a41cb3ec5da8ef162d37eba0cd8025f1e9af055febd7a5e48ea4000e1aa5b7d1ed7299a0a648e59f25ea8763283a90537cc99f91d93231596bbd4bdfadcfe70befcc91ddaac19aa8eab1f031a50509d746f537b016f40fad02b07668aa2a7f1240cd56f2df7cd25623c6a49df46434cd03195e481913c52bb9d197a062c069f708a8469ec63052b9823418dffa0f00729c24d0740000000cb173ec9d99001d049eb40129627b1ea0672aaade953282592bf3efb7e5e76ffab78597540f213a0af7571346de20bf39db46115aa4c780f59eb7547b5bd9360	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{364DE113-6D32-11EE-89F9-D2CD834E6CFC}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 709fda8e4001da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\NavaShield.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2448	NavaShield.exe
2520	NavaDebugger.exe
4016	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2864	iexplore.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2252	7zG.exe
2448	NavaShield.exe
2448	NavaShield.exe
2448	NavaShield.exe
2916	7zG.exe
1656	iexplore.exe
4040	iexplore.exe
3544	iexplore.exe
3564	iexplore.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2448	NavaShield.exe
2448	NavaShield.exe
2448	NavaShield.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe
2520	NavaDebugger.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
2864	iexplore.exe
2864	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
1656	iexplore.exe
1656	iexplore.exe
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE
4040	iexplore.exe
4040	iexplore.exe
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
3544	iexplore.exe
3544	iexplore.exe
3992	IEXPLORE.EXE
3992	IEXPLORE.EXE
3564	iexplore.exe
3564	iexplore.exe
4016	IEXPLORE.EXE
4016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2808	2864	iexplore.exe	28
PID 2864 wrote to memory of 2808	2864	iexplore.exe	28
PID 2864 wrote to memory of 2808	2864	iexplore.exe	28
PID 2864 wrote to memory of 2808	2864	iexplore.exe	28
PID 1696 wrote to memory of 2284	1696	chrome.exe	33
PID 1696 wrote to memory of 2284	1696	chrome.exe	33
PID 1696 wrote to memory of 2284	1696	chrome.exe	33
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 1884	1696	chrome.exe	36
PID 1696 wrote to memory of 2448	1696	chrome.exe	35
PID 1696 wrote to memory of 2448	1696	chrome.exe	35
PID 1696 wrote to memory of 2448	1696	chrome.exe	35
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37
PID 1696 wrote to memory of 2056	1696	chrome.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://yanderesimulator.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6809758,0x7fef6809768,0x7fef6809778
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3764 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4304 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4168 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=1120,i,15320035761697447659,4883333867535272473,131072 /prefetch:8
  2⤵
  PID:2604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.0.120062227\718213309" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b84922c8-654a-4608-90d8-2643edfa3d9b} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1296 10cca958 gpu
    3⤵
    PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.1.581566525\1075429871" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21019 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da28a864-5ce7-44d6-b798-31b3b38bb69d} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1500 4740b58 socket
    3⤵
    PID:2172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.2.544066313\1428987120" -childID 1 -isForBrowser -prefsHandle 1936 -prefMapHandle 1164 -prefsLen 21057 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e79c1d5c-d83e-4810-9357-0cb3454af68a} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1908 1a13b858 tab
    3⤵
    PID:3028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.3.1971477009\982959236" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2340 -prefsLen 26417 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb0dfd8f-ce67-4733-877d-e416cf6163e7} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1700 1a138e58 tab
    3⤵
    PID:2600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.4.562756248\741869343" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26417 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d4af1a-c420-4540-a8dc-28a1d35ff45c} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2964 1c9af258 tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.5.2086295916\1870157808" -childID 4 -isForBrowser -prefsHandle 1156 -prefMapHandle 3548 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {931308fc-d3b4-4a42-9f92-965cfaf6d3ee} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3552 d6ca58 tab
    3⤵
    PID:1808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.7.1491992512\349042566" -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4925344c-9f26-4b52-92e4-ce8f793f9072} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 4032 19cb9758 tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.6.578648679\1745571471" -childID 5 -isForBrowser -prefsHandle 3712 -prefMapHandle 3724 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {668678e2-1557-4cc5-9168-acb0b6225b45} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3768 19cb9d58 tab
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.8.1919066079\1544888178" -childID 7 -isForBrowser -prefsHandle 2252 -prefMapHandle 1936 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3be098af-e12a-4e72-bf52-6e005472c99c} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3468 4743b58 tab
    3⤵
    PID:420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.9.910748901\1159799149" -childID 8 -isForBrowser -prefsHandle 3700 -prefMapHandle 4260 -prefsLen 27865 -prefMapSize 232675 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31f0b502-faaf-4a08-a88a-6a03f0438137} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2748 20feb558 tab
    3⤵
    PID:1452

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NavaShield\" -spe -an -ai#7zMap26319:82:7zEvent12970
1⤵
- Suspicious use of FindShellTrayWindow
PID:2252

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec
1⤵
PID:1924

C:\Users\Admin\Downloads\NavaShield\[email protected]
"C:\Users\Admin\Downloads\NavaShield\[email protected]"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:240
- C:\Nava Labs\Nava Shield\NavaShield.exe
  "C:\Nava Labs\Nava Shield\NavaShield.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2448
- - C:\Nava Labs\Nava Shield\NavaBridge.exe
    "C:\Nava Labs\Nava Shield\NavaBridge.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2244
- - C:\Nava Labs\Nava Shield\NavaDebugger.exe
    "C:\Nava Labs\Nava Shield\NavaDebugger.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2520
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.interracialtv.com/
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1796
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:865285 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1972
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.amandalist.com/
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4040 CREDAT:275457 /prefetch:2
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1516
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.realtrannies.com/
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:3544
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3544 CREDAT:275457 /prefetch:2
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3992
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.momtgp.com/
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:3564
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3564 CREDAT:275457 /prefetch:2
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:4016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13662:80:7zEvent22435
1⤵
- Suspicious use of FindShellTrayWindow
PID:2916

C:\Nava Labs\Nava Shield\NavaShield.exe
"C:\Nava Labs\Nava Shield\NavaShield.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2476

C:\Users\Admin\Downloads\[email protected]
"C:\Users\Admin\Downloads\[email protected]"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3468
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
  2⤵
  - Drops file in Windows directory
  PID:3460

C:\Users\Admin\Downloads\[email protected]
"C:\Users\Admin\Downloads\[email protected]"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3600
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
  2⤵
  - Drops file in Windows directory
  PID:2764
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Delete /F /TN rhaegal
    3⤵
    PID:3580
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 3594936721 && exit"
    3⤵
    PID:2084
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 21:45:00
    3⤵
    PID:2588
- - C:\Windows\A380.tmp
    "C:\Windows\A380.tmp" \\.\pipe\{A5F203F4-A612-4399-986C-D786C914C2FF}
    3⤵
    - Executes dropped EXE
    PID:3760

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Nava Labs\Nava Shield\NavaBridge Libs\Browser Plugin.dll

Filesize
96KB

MD5
912924f628e277be9cc28a5f2a990cb9

SHA1
13c0166469a271497043a2f13e9a6a610dc2b336

SHA256
bd474c5aafcaa12f20da5ecb29e17555b953eca46b4f56588a72672a36d4a8eb

SHA512
b33b430254f9ec32ecd6224124db69af93de3cbfbaf422a0045641f7961834a67cba1b9fd97f4e0e903e27e3360301c5dba214a6b9156c4cdf8a25115b860c39

Download Submit
C:\Nava Labs\Nava Shield\NavaBridge Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
C:\Nava Labs\Nava Shield\NavaBridge Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaBridge.exe

Filesize
4.0MB

MD5
6f89df4cde193c0636c3d497cf1a17bf

SHA1
9faaa0100195e3e81fdade11e7a476a1fd1b23c8

SHA256
e7f05380e90dfb15b91b8bbc2ae48a04ba84d573b3c9f7d81bcc12f814215929

SHA512
c31848b1dceb8f8351991051b389a38b2ca0ae7ee98ebf626576245ca1588f1f6ee14e3eff7b165ecf9879e7e11ab77888e297cc4ccbb405b0ed64ebcda304b2

Download Submit
C:\Nava Labs\Nava Shield\NavaBridge.exe

Filesize
4.0MB

MD5
6f89df4cde193c0636c3d497cf1a17bf

SHA1
9faaa0100195e3e81fdade11e7a476a1fd1b23c8

SHA256
e7f05380e90dfb15b91b8bbc2ae48a04ba84d573b3c9f7d81bcc12f814215929

SHA512
c31848b1dceb8f8351991051b389a38b2ca0ae7ee98ebf626576245ca1588f1f6ee14e3eff7b165ecf9879e7e11ab77888e297cc4ccbb405b0ed64ebcda304b2

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
C:\Nava Labs\Nava Shield\NavaMod.dll

Filesize
5KB

MD5
3d7f80fb0534d24f95ee377c40b72fb3

SHA1
11b443ed953dae35d9c9905b5bbeb309049f3d36

SHA256
abd84867d63a5449101b7171b1cc3907c44d7d327ea97d45b22a1015cc3af4dc

SHA512
7fc741bbce281873134b9f4d68b74ae04daf943ea4c0c26e7e44579f2d51883c635972a405dd81cee63079a5ba9d09328a1e26e7878547590569806d219d83c7

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Appearance Pak.dll

Filesize
136KB

MD5
fcf3ac25f11ba7e8b31c4baf1910f7a6

SHA1
fb470541f0b6b8f3ce69dcaa239ca9a7d7e91d72

SHA256
e5b3249fbeea8395fd56c20511bfcfdb2b2632d3c8d517b943466a4e47f97b5c

SHA512
47c467924d64af4a48a6e640778aca1dce379d16b06bf3f60a44025034c15ce1498ef307b63cb04e5c0cbb6c2ac58022acdb0d6efb1109c5ea31f842a320aa40

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaShield.exe

Filesize
23.8MB

MD5
9d299e41bae269641af28a6c02b80ef6

SHA1
66114e20ddf19e657d29aa2d1ac56ea93c62d130

SHA256
fce1bc05fbe2de83ee535e5ce0ceee94f2b4f917cdcbe1f1f649f44be25d4ec8

SHA512
26e01252b6caea9122734485654848d31c7f3dd06cf7fcc2806ba2b0705cb914b6b7b4e38ff1f23a5c373277e23d64320844e9882bef4ed27eb68d7ecce5de28

Download Submit
C:\Nava Labs\Nava Shield\NavaShield.exe

Filesize
23.8MB

MD5
9d299e41bae269641af28a6c02b80ef6

SHA1
66114e20ddf19e657d29aa2d1ac56ea93c62d130

SHA256
fce1bc05fbe2de83ee535e5ce0ceee94f2b4f917cdcbe1f1f649f44be25d4ec8

SHA512
26e01252b6caea9122734485654848d31c7f3dd06cf7fcc2806ba2b0705cb914b6b7b4e38ff1f23a5c373277e23d64320844e9882bef4ed27eb68d7ecce5de28

Download Submit
C:\Nava Labs\Nava Shield\bridge.dat

Filesize
176B

MD5
e66f1107f995d52bcd90421b3cdc0dde

SHA1
245acafa2f3dab3f2b7f183d34267dcd976199c0

SHA256
45fa6eacea58e682c2ef2bb9e888cb6bf396c37b957fd144ca73c95699ad3c74

SHA512
0500f9dec5cfdfb80bc5763943deb3111ccde4b35f19ac124df2e5abde2681154977f160a42e9ef50698b0ea0cc26fc09361a3917534038f141dd047f0287c1f

Download Submit
C:\Nava Labs\Nava Shield\config.dat

Filesize
4KB

MD5
697d55c84a6a21df9fe125eb42b5ff7c

SHA1
439c02c7d72a09ecc30a26b7f2d24d27f15b5879

SHA256
1c9cdba42e88b81f930bad85a135e215245e3612d67e37df8d9bb2b7e1bbad6b

SHA512
c6329c0ae0ced79f2d49525b36eb885f996fdb3ae2f978823500a9e26f0aa887b49131a3fae5e6223fedda4357d6ef3e301a6a4b6ccc2d5439b0974ee6ba6e09

Download Submit
C:\Nava Labs\Nava Shield\config.dat

Filesize
4KB

MD5
b37b2c9c365d88db567f065ad22bd0d5

SHA1
674ad2e7555bcad4fa7f99be0498a5082c7f5ac4

SHA256
43f524561e5ddea9d64848422ebf3ecc5f433fd8ab6ffaa317a4a1d8bcf31145

SHA512
0f3eb84ca992c29c6e4e5f33edadde365030d0c339c8dc8f22f51ed61158ecc99e3ccf39da97345330b4e23c99fb54a5ec5e8f21557309375c9dd45c60803cf5

Download Submit
C:\Nava Labs\Nava Shield\navig.dat

Filesize
255B

MD5
0bf850cb9d0aa0f4c778cc515b79bd13

SHA1
c0cb8a58cba046d2c7539025a39c8a1af81c3914

SHA256
9c4723ecb77e39e58eda9c60f532724aa3bf69de30047cc7b6522534cd423f00

SHA512
649c13f9f4fccc03ebd6cb2c3752434c69b5a8d7e9b94cac80cd98a7624bfd00648949b18cd720faf89fae050f6b523221db589a550c6ce4513e76ff0895da5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
3a7a5b780d37d848c059e492fd3dbe84

SHA1
47cc6824b1bd9075635fa9c05572c49f858f1eca

SHA256
2e4adb5ac4532a4f92808430b840b30b0601f61f66356cd7771b043012b9ad75

SHA512
483d632a5bfbd51b655d7d4c64e2758df095d192adf6052ca0041d15656477fbd7ac664cc29fb7b8042045881962b2b2ad5f0254e73614f04a86589af72f3dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d19bb7142a0acef82f0b7d37eea655e8

SHA1
ca9e7bb57a823f8d51bd0061024e3e853f1f48fa

SHA256
b1e51b954257a6701ba89be9ec9acf3b5aa49252fe9478a0696551c29809b48a

SHA512
350eebc969bd8a6025a57a26c64c86eb75c8c0ff8fed44480d545084b18ef1821fbc9302fe3a4f891899ebe35cea9a49ddee35257924549d1b9613e9390c44f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
0b3ababcc1f5064aff0704b894867de5

SHA1
daac598de122f48b702a08066c73b30d4eea42f4

SHA256
223ef4c9933e811095267f525d7010c40bd8a8b62825a41be02086b0d4a1cb00

SHA512
45b6b8877c3fb2894dd20d9e8ced035e5d03d103083326a70345f4100a267dab85ff2113a4e443d3a886dbf754548cd3836d4e728e1c8dbb308c822bcac1b4ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a627c2f0ae3ce07cd23ada20f0ad426e

SHA1
9b74fc42245b896234955f09415611183ffff072

SHA256
091caca52b621fe7d76d60194f4f7e0656de080e3d138bd9dca5219b76edb4e9

SHA512
2c3f5dc4c0894e0e4a248008e8b67b8c14cfd120d4776ef6fcd34e85e2508db4f1f96103e2f636d16cdeb6f77a4b569689bd0dda12dbcc7e0011e40c4c8bffea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
763a30e8b83c4fc04b70c61a63488d94

SHA1
1d95df7e203365f20748f9240cd0e6aac9d28e4b

SHA256
cdcfbae61aed7aa4e35158b42c79560dd023a6383ad4077fadd2a06ce28c0715

SHA512
ca26c0394e30fffdfba5c5ae4db84402d26a07bc78e62d02a59c1207953163ba59d9f7092861930d537d973a58453c2eeb4f9e6c65d0df1284e86abf7d100659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08528a4431f62ba5f2ed5bb0837dedef

SHA1
5ce4841acad5942b025bff1683bc2ee85c06f75b

SHA256
258e7a32a9cb50122cf68f96a9c1b9038f5ce29197190c824db0f71bd2ac6edc

SHA512
b77213ac0221b833ecad6dd6973214724bdc8e319d9fd38f912ee31fa2f97682a934595d49286dae0d10409131232df1d354bd549953c1745d8d838e52f2cf01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7802e8a9573e812bfb185f6a993efe9c

SHA1
f9537461ebaff6802a53d86c616d54a98e707b37

SHA256
78364a04c717475d5d5b77fb318b6b742648c1b79a7a7d1d276cba5793c117f5

SHA512
cf102cf952d45f018ee5795e07576618095f82045c5decd5cef5bdbf7079fab2dd8264df9fa9baa21053467e76b767e298f63f7a062582725689e2e72c29dd0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a33e2a2bb6a5aae97086bf3375bbee7

SHA1
5bc1c9f488673b38fac96d82acd5b149a584b5fc

SHA256
18244391cca06be35b84c8a2ca5aac5269491b8a64aea43567585dd5c3eb9289

SHA512
c8f3bd76e60aafc22fbb933d9ca5a7ca76d572da0b3dd221f98b4a3adb2a25eefe906c9e4643842c04a1dd1465b2b4d136907e9df7c0de29cf88d166247acd63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8237e9ef7a78bc52d9a8bcec3c15d042

SHA1
8462d5429b510dd418d30dad8ec532ff25776788

SHA256
c5d5ae54e392feda28e351ac3d466f4a0eb5937e36e0ad38e23b0f0d323778cf

SHA512
58c82bcc8ccf4e4ffc6688056606f8f6973b50b61cee77821bd2995cde3199e0236b4d4504275812fdd4af12f83a1ede32fbf6b4a988ceaf5e2fb83aa7b73ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf4bf484bc6a15867f87c99fcf6251af

SHA1
d9589368d162793b8391ba3c84a0669ecf88df59

SHA256
320f9331ac51dd5ccd25c1c6bf21d38a06c702a8a247b54feb740fdf6109790b

SHA512
c53732f205981907b85971b1ead14f25ccdfbf2bbf9b2a03dc2cbc8476e26759808a426fe19d6d2ed4f55bea810fe17c6a08c3bec6032113aa352a865f266f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b8c68ccb6cfaf82e342aaf6d22cece2

SHA1
af07952c57b3745df74afffbbf24d0b4f8cd2d97

SHA256
4b9b5c21ee2fb9c755e57df689813ce336b79d0c56534c0c6f5056d402227e0c

SHA512
06fac6782b9389758c79812ac1ac15a8955157323395d90b656c6663ad2335ff37d71897b4662bef6c96e5aad12284fda9af5c6b275be59c39f7576518605014

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e5b88400886821f9326adc95713bb8f

SHA1
406975214b4beca8cb11f36025e1bd9417ea292b

SHA256
b2279aeca898038177e776717f3d658ca056b29abc7202e36be378ae21485797

SHA512
cf01d7a4057d4a7b2da42bebb45bea88733f04d9453ca837ead8f791f51cdb5c8d330696370b1693c2005e5e1a074a2c323405a1bf75aa1844de76deabf9d66c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba612c92980ba64b79556334c7c8066b

SHA1
3e3048dc5bfa00d6ea0303f2b1577e5f07963aeb

SHA256
7fb74db8c072eb2d5a51b26533a8c3d1013ddd0b19b9aebad40e2765a82ff8ff

SHA512
3936d2ffe570d20eb26f94a74895e45d3c111170859fc9b60515efae77e047e5b0d8f201df30921a5122d0ff1a88f4399dc1991e4c9c727ddddcf4dc35f62058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1a17cc6f83d44056a17459dd455fbf5

SHA1
b83e2bc0c7dfa96148f756fd0b9de99c58df273a

SHA256
70c60951f8b4e0f2d7197a502395a992f617e719f7e1523b92ed68d061b577ab

SHA512
edcde2f41eade4a18432dceff6f2834d9017062f2e03bf133b203eeefa14ddcd0ff56f974762883c926870cd9fe44dacf57d7c6efbb621cbce177d65c340479b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ab777c84c7cf020037e40386662efba

SHA1
d83c3fac5a101da7e3fa956c115d4f764260f984

SHA256
e310b90dc6fc95b2a43f91ffedb077b7e613ceb0a316d1512d8b426640ceac9b

SHA512
4494036bad1cfb2d00dc8a4c23572a9e16500454d95ff51f9cba774efa6e7f11df0f28284b8836c3d8c9c7c0f0f58c9ef7abb7b838f95b66ccefe1b5c96c4d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f513754e503883ea928eac3a068b678

SHA1
7d1e82cab336f8b48b25a9d536f36a24beb05029

SHA256
abcc934159627f95a814c09d6c920eb3897a484c69c09b842bbd395dfb18f7b8

SHA512
97deb36c9e43c3291e519077a1257142559aa54cd4d2e9ca7507fe548431e6377b37d4eb34310f8315dc521b02899d16461c51345c517b0ae6b28f242ca36631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bc2a7fb7dcc65d7785b173d8011af37

SHA1
765a9b27eac1e004a58fb9c25063eeec6869c5f0

SHA256
04fe42aa071e7188f7aa83c071dcbd05bb0719c676401222aba1eda1c84d1770

SHA512
6c4ccd334d54c5458eca110fd5cd2524a41ff36e21585e069b5ba566a0aff38d7628e0f33c50f8af5a2f5e710abd500cc19eebebc133555753513bbd8e496911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8175d0e612ee4c6b89775e5e5b1d7aa4

SHA1
7f05a9c8c580eebf37d1eb771e72a8228b3e54f9

SHA256
602dff15626b7c14ba5ea910f2a666214c88cedf41033d77f34f146cb4513580

SHA512
9542daf8550638a4eff362825abb3a4ae57a66807c42d03c5d2c1b2221caa3408a24f821c9ef5b1831315a9d8eb48cd62d64c2f0d486fc1aeb5f4f5ebd517e47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a468a346418d65399a4134402c716867

SHA1
3f9f4c40439f2bedbd008d5848ab10eef7345bc5

SHA256
bc970eb9f523834996f57c0669b44c9b59f5042cb05bb03fde993dc88cfca3a5

SHA512
6aa8a14bf2b4b5d1647585f0e95a9f30f4b52ba640e2fc6adb7d00828cfca822b9c3b0383fa891ca6ff3a0ea20700b5cf917726344eabf2d3162f2b1edf5d0c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ed0457c68fe833db0b5b3e2d027f415

SHA1
b15f13aba6a666282759abecb6f10631daedddb7

SHA256
f18b33b1f58609706d98d6369703b052e8054eeaf29016b3172b5bdcc76d3250

SHA512
8765fef9f46e44519d070a7393e41dbef81a614376e1fe0fa7a0c1c1eb82902f7fdc4b3404b3bc3526bbfa6d018e482c4f82b04c527a0e8d6746a3a5b2041bf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21108dadc624fba83d1a2c375498adb9

SHA1
100cb4404817731f35193446d5faefea603117cc

SHA256
bb15b37a75e6606797b00661089a005c6ca58f0db4c03bb9a4764fe00249e4c7

SHA512
89eba63b201990933fcf6b06b27f5eb16a3002fe9bd7a87eca720e5151fa51b6add6d8e9becc8eced9beeb0b3e0e7135b65ebd78a91d3b2fdd24e7b6d9fca64f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c0316bd1b99a06934c37958cc1d8f20

SHA1
fc22b1bb5c44fe48699657fa9cb692fae812b250

SHA256
eae64b7517c41153d7756d80b0f9427a0f9b40680148022d361f972f7973a1d5

SHA512
44300a1d1c198b3534e26bda1e4ecda38a49bf6b966437cc17f71f458226bb6abda55ed941ac48ce218a3efd8c482c4a62de3b77c294a8c4e670d11ee6e99fcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aacf9d18f8182d04e1de86c63e47f6ed

SHA1
7c4633925b1b3d00abf797a5b8db03facf5186c3

SHA256
e7a9c3bbe0d901d70f9296fe3fed567b4e7371de11406135978011e810760f7d

SHA512
4288f3c06d3a8f3d909f2886a418d4bfe9a2c30d9d0e3c88357b12dcfbb20c02d6faefc9c66224e28ca14df4b2ecb9df6b253d7f37f93e8118e845288f5f6758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec8757dc2b68fbcfde7d2f34b596157

SHA1
e9efc0b0c8110e17cb9eac7026b017f1674b20ff

SHA256
eecf371668da87a1fd39d8a23b1b619029b2e93bfe64e22e73073e797394a238

SHA512
2486d802e0ab64424c86e9355a1523ddbfbe8e2e1cb9704b74ba921efd1e733dde8e2060639d0e4f677452ff69ff23809a8a7f07be8409992e1f3c11755cf3d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66ead0471be6dbc5d07f29a066f49063

SHA1
fb59db59b09e96700bd85e2a5df56a1bf3719390

SHA256
72855c75f48a70fa3c6b363600140aafa08092866ef32b5abd432ac947cdfd21

SHA512
914d0f1f44798fdfa8b9ee3c41e822448da189ab4cd8748cccd80caaa7838e1e1f87e0c3585aa899f7fa4f84c928ab364e083c1dde90ee9100e86305b0f60063

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ee15c12229c49cb90f3804b2200e8d7

SHA1
85d980032e08628fc125f68a6f7f9dfd8741a7f7

SHA256
ceb39f2ef9f936bb3c42a9addabaab11a891daf88c39e4d46cff3ebb3a0d7468

SHA512
da1fca59974a2c2764a78e323c55fba6ea20048bb3f6c52f19d861569d7f93254e07201102902699920be2d3172e4f0c1516ba88c1998bc9166c4b81311b20e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c7a8b3e62b1b1c54e26606de871611a

SHA1
ebab3dda20779030e8b18f84450d1eca0832eebc

SHA256
46357b623ea2b8f9a4ac359dede0f6e3fdae405d6c410ccd07341a7d285924a8

SHA512
ac6c30e83bde1cb9eab4789b615eee6dbe3ec0e2d3dc2c63667a700125329a638037a9710bd56d8e4724059c83e1a8a763b32b98c8e252a529e0e92764116143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
524674b93fdbbec08a6d1b230a3d4644

SHA1
1492ada4da5d8935356e6e98cc620070c3ebce2d

SHA256
3108c80363b243cd69a0c66ecce06aa494d96d8ba0f2c3f541396c261f9fed3e

SHA512
8a5745236996aeb9378588a9a4e884fe81b8c47f30e9ae649252d20ba3613959f0621c4bae3e49f11a4c26671ec279f434adc97aa64348f196cbb8ff66e7b32b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a06fd52664a8343d995c80b1389e2f32

SHA1
a47da70416373a7fd651e70e2985b9a4cdda8095

SHA256
68bb07710b520fc05eb435383d96703795110907b2736623162adfd61f22708c

SHA512
397408d7ca83c96c73ec79d60ac89ce0ee05666d75b0dee817e25f38178cb42df4e589b78eb347891f6ee3f4334a0f0079a065bec9b652c62ca3ab70325038d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92a37803d247519eb103e4cf0abaf81a

SHA1
a1738822bff1ae97fad3fa992376aa0abe1e9ead

SHA256
b98ff6e1b8ee513432257fc64c50b46b04ef9b87e07f0ab9e59e1ebd58536ac4

SHA512
fb24c669a35966ba6986e9568ea03562b682d847593e8c3d5adfbad7b4509bb71762c4727dbe54afb55c1f622576cedcd9a57532eb5fc78c1b91f74c38e8a922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5595324a244e4fe85ff338806181cbf9

SHA1
2dcb7fa0601b6d267a344a4311b58741b85f7d6c

SHA256
f662a2985d3f2fab141003d0761a8ac02a3a147d75135a75c8f41ed34f3d11fe

SHA512
4b79098040649032333bc07a9ad665519d60d78bcb284ece02b1d84792e113e9b2c063a63516e9e47eca60d45703d7723a42f706ae38f0419f112e8118db16c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5ef3d074a363862b13ebf78c185f5a1

SHA1
4ace5f44e9ec1e64cfb6314634d7d4a6e13f4d0a

SHA256
deffbbc7bd0d6cb0d27a47f441f1e7279c359025baaafb5853ae0637bfe370da

SHA512
b8efa91195d0fa1582857e1c61a2e41dac5bdbe2456e29cf6a18c660af522b564ebcf8aa45db506a1fe863644acbaca0a93593d31cfbbc233c372ae63dcd5b39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57c7942b5b49aa616ce9da348bbff9c2

SHA1
f7cc175a39332247a625fcd3108adc904a625f38

SHA256
211d1ea4ec1c8c03ec18d6fa94bde42899eb54306a6b611947267b225766574d

SHA512
c266debbcb83f96ab99da586d1e5807e6c9737ddbc3d2d7a607ec0d65211cc429997fd004af2e78aec04c8f06e1a2565748f540e740b4c9ca43085970e1fe704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d44d80ef3216b6fa4bfaba47bb0ba3c

SHA1
c5af93fc5827e0c4df74682902de7787c4bf27ea

SHA256
0cffeeef79d1bfe813750d43a0bfdc5f2bda22911bbf9fdb70a355cbd58ead23

SHA512
28c1c86cdd3ed53d24ac229e70a7578aade4ae84305c9f13c3421ea382ae5ce5875e214d26dc19bb7c75a0a1147220e8e462cbcf1f9fce1943c8f990f56c83ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11f7dbceaba9dd33ac1636fde4cc0ca9

SHA1
50b73b2d7ff33c9185290e07c059b19647c510ae

SHA256
e97c8009d6349fbce5a5b0cf4cdace1996bb01a45f5692d1ad0ba931fdbd2be2

SHA512
d977697c58db48e5f60db3773b19833913ac14ac2960c4587300a9d42c42f465ce750951f798fc67f637f1eaca4ac60ff79b64b25df08d74614acbe0838f4463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566e381193c7bec2fe1711c09304f968

SHA1
10465c573b1c5127030e2b167d43a928e361354a

SHA256
8614ab6d72e2bdd2bba64216ffd45dcdd78ae3307918f88537d184d553e406fb

SHA512
b70bb3b652cf80a6ecadf0c4caed9646e20e67f70f25bf8e4495910a441d1f99dadde873df651065bef17ace764e4b9f047fb366862a51a84f975d76828c0b04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b2b823522739bb675675274db0df9cb

SHA1
385b2c4b516d8e7777a1938fb4ed9ed28bf3cfda

SHA256
8bf31323f79368f92bac20a31b2abf6013a58c842e735fe4e145a1fb06a08ab4

SHA512
80f22b8e0232835f991eef8122ce484fcbcbb4eb92a622900d7f760d64c098129343407dd1ece9565e395a410ededf079bad2adc5e92e7ee6da160e5208c7e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d146d822d4118823e02d3c28200a690

SHA1
744ead994d531912e7555f03eac578fcec78f17a

SHA256
acce146a2a78c996afc261fb36fc7905d7c3bbe6850def164c1fbadace0d41af

SHA512
dd0676168094e44e7e7fa56ac89751d3abdf6f0d4fdc46e08ebca93bdeb0c4b08517e8d9a888668c382de3aa2791bc91ce227b60410db99eeb481d3d8bb4d61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f401fdbdc5e8eb6cbb343f524261fd97

SHA1
5f033d785f19480ef7154d7e508171ca7083ee51

SHA256
c856a57dbb4dc335ba1302a1aeaa7aa10ef6ec6e9cfb0d7e95879da96c099daf

SHA512
21798a54fa531a02629fc43cc314cb27b3f0b8dac10ceaff640d0ba7df53cf39733aefc64bb173eb764f9ae2b1ba370e9c815a596d2c646c72d23ba1d11408d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b53c8a1850f9d78e077d0795adba20bd

SHA1
0d0c90afef3633c867a173ed7019b2e0de6c3272

SHA256
25e7d645d143fa706b3cb2f56e647ec4814d45d1e9e4ae792dd8f78e7d08425f

SHA512
3b35fea26f7788f5c5da70f157c95e501f1db26fe1583c5a6f47cfcf7efde4b733af2f252075092467de6fbdb35b9b27b71a1092c1f21077da7cc6e0ec9e9535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5248d74d7f7fbd39f064ec39a1903cc3

SHA1
3f900c971345847a164e9abd62c4f1e71b7349b1

SHA256
4a75b4f33619be3ae3b11c7a0f6fd99112ab333ac48daf1fbdea66c6e9c119ce

SHA512
63e9ae5a7c969e8c79c8ad7ec90163b79a9078a3dd93e05e4bb48163197f28fad8435cdc246b996a89df0018a07aaf798234bef8e2044e130bea14d3bfbb8028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
087eb0fc5f84f52773a0c5b264311c49

SHA1
928b41e3218927ac2e123df24a0068ce79118cc2

SHA256
609069f70522f40d74d9e163b3f74454679267a81ec46a3df63b32433279e7fc

SHA512
3156301860120b01a56d6d80d317dc952336e691109aea4fcc40c76401558de5ad21c79c0de4cd5f6fc34404f173b719307e2b7dbcfb1590cbf98597b009f33b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35424b14e23ffea29747afce0f8f3700

SHA1
840b568f0af20c599aa9aed26da70ac3505c034c

SHA256
8c3e4f5d68ff248e1a893e3eeaf295c601b90fd1a3a019df83b251fb02892eef

SHA512
fecc063a72f31af4839a28f87fca7472c55f113de99839532d5f3b3154b77d636a08bc580ffa840b4f9e14cba7463d614b96d6c14c94b1688839867cf573363f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
077702f35fe0ca06dac43553a0cc4fc0

SHA1
4894ad1533e29a934d703efa58dc4818050ac393

SHA256
1ec52d8210d618d2cf5a24bed9911600fe36aa2e29c0aae42116b150a375920f

SHA512
e89498781cdfc9926f9fd437ea1dc1c2c28a91bcf9800a6f2ea82ce29db35d19a08152afdbd108b25dd74328d32348ce5e31c3473994a0266658fec3c5fa37a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b4c5c713e608d2ab62522701d92aa97

SHA1
31c72af44e0fc9366cb5679d931231a1397dca3a

SHA256
1921aa593ec49827d4b0b527a25d8bc3048e71b7fecf080e50cce7d559cae310

SHA512
74bc7bc15ee89b6846e373ebf59be942ea43594f14899c1e0d69e2429ca4d8e76f4b12c20689b961f24cd2bc43125cc5f15c847c96be26d8e3ec6687e78308d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98d19707a2f000aa11b99c81600a0505

SHA1
81a1fa83f09e5cbefad3f7e05802a4f6076e9402

SHA256
4062329684ce51ae2749021520bbe814e59a61a372b38fc30346a1f0685ff590

SHA512
79e6682757bcf0d53983d543278f1156674f80b32356d333ac60b11abbd87e4a612db72c57de9f3761df249704ef34d763deaec05eb1e41900c71a01fccbb0bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec34b923a92cf4e72a73538a8bcd4dd8

SHA1
defb2ded39940ea88cb44805f1e987c1eb9ef744

SHA256
dcf15006e2e2764905830170e7f3cb879e3114f537b15c15e557a33cefabeee7

SHA512
015ec71fc34ac47bff573f4d9d35c9001e7694ec9fe5e2a5f9972b45190d283c9ce69c4c308ee6260f7c6c8cdb9d1fcbf9b054b0090db2dc7fdaefb997f4c5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10912d84b53b08fd587dbbda085620cc

SHA1
7af995a39f50b37a8fe55fddd2200cff1b2a1f72

SHA256
832fea7a6f743457d9860da1fe14cf418061092b5a804823ae570377ec8a9e2d

SHA512
2d5eff6869531a4cf4812f7591efac496ea0499f399127e264e79113d186af3e84b1ea6ac41675820eb73edf65adb99351329ecd877664e1c805982dda431017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99123ee29dc079e9c779443d3af0499e

SHA1
b997dc2544b372157e35744ef570d699c304290b

SHA256
616774aa4decd350b2e41895cebc6eaba09fb3e0f6296ff82dbfb6e26ad4cb84

SHA512
c8f9d52e9417e3c4fc898681507d5374a713a8fef414dabe6aa70ee7fe9b28a3228f55d26002c295bc1786686bb84b85c85f01574c597955326134c8f2f6c409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20a4523125154271ed87db3a9cb5a1b5

SHA1
2c31576bbb4225a82e1687cf8a3cb3c81183889f

SHA256
ae05e9c9292212de4f87246c5cb5f649e70a733d9a7f16bdcacb73980668cab4

SHA512
22290d383bb3b029f2c0e12057708d1ad9e0f6c0691fb9e93027fde00aef0077f12c427307bf417d00a17a416a0e2fdf6013b7fb5bcddb9b5f7b39ff5c19f247

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60bc6a094867716a335c3a78d20e78fa

SHA1
7df94869115f46dd390a14bc7bc8481cc7de4f80

SHA256
2196f15db63ef98d0f53cda7395a31512bba99e8ce9d280ef4806ca5b23812c9

SHA512
614be367ca5ba3c1a43956ce68079e2e22b2a6ba3520fdf35b6608487843b3b2b9f85c55d7d1d2c4c875a381259eed16bacfbd6789dfaf6947c9dd89cf7c63eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d3cc3eec82c4552a1f32a1c497e6c3d

SHA1
43402982740b190b65db0f9e540aee5d87bf5f5d

SHA256
e5acab6e318863fbec417e9546e5d6b01d594523565d47a189fd12f77ebdd90a

SHA512
9a5837c36747194824fdc40fef904291b9678925bf8204ff5a374d373feb34c76b2339bde7357691912d1a2f9ac2ac12add0acb43c6f417561ecac4f09e20d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee1bb4d42e21b69bf209d692fda6140

SHA1
ddb84b47a63b9c9df62bcabe6827a2ab3be849cd

SHA256
3b8ad79f984eb419549c7168e24aeca0eba0f2782a48c623191210a4d17270f7

SHA512
2aa7475d210ac8520f787631d6d795d731705125019c2d72441ec3cbe3187b08543e0463ac44f4f2e905715a92ded76bb2fd216ab9fedc30d4e0e435dc9ed472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e85d4547f1b1261df99d6bb024012cd

SHA1
1dcc3942ca613cbb18a98287f809e4e2052c4ac9

SHA256
bcc0ff2db26fe7e95846858bd2b8c02a6bc5debf4bfbad674157b76de572bee6

SHA512
a8847f879440cf749e249b8a7546f5b27805e354f7665a4ffe10ce383019e998e8eda15a053a0d0e7b82d8a5c09eef2eab5340145227bbedc73cfcfe2bb2d5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d3cc3eec82c4552a1f32a1c497e6c3d

SHA1
43402982740b190b65db0f9e540aee5d87bf5f5d

SHA256
e5acab6e318863fbec417e9546e5d6b01d594523565d47a189fd12f77ebdd90a

SHA512
9a5837c36747194824fdc40fef904291b9678925bf8204ff5a374d373feb34c76b2339bde7357691912d1a2f9ac2ac12add0acb43c6f417561ecac4f09e20d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
822dcf95be750236728b08aad968efc3

SHA1
97df00dfcc29b4acb1f2879de44ef96712e5f16d

SHA256
0b9734ff27bbf8c86a176b87cd55df2bc0e85d61d46044f48c84ad846e3ba7cf

SHA512
424e8a8dd2b2915e56b8091543c9b27671b9b9492c9037e3634e055d59186c8b3129ecc6d4a2bf62b2bb1067f07d514dcde08c6489cb7720a1a29112eac8ad44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66682ea923be0a70341e6d40291f8690

SHA1
226066062fb180907aa25df7b73d784919ff6cd3

SHA256
87a6e5ed1fe938942908bf63645732a5d8c4420d8e83c23eed0933ff1f54ff02

SHA512
81f91e5247da9f8837b35cf88042234d2619ac223d821a77416c5b90bd60aa40de05142944f85c912970b3f8cb6ec6c07c039470bb50abe07e29f13f5026a992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b88f85a5d256439565a4ee46cc783123

SHA1
9ec89128e5a7f4dd3ae21e9cab295cc22ba03a0d

SHA256
00cc6c4834466208d7efd478240a0e847685ef9e40a3529afec33bf4bb0471df

SHA512
b9e1c3303eedd8d42b57a7654581be259cdc2b90cffc7b01ab00715a337367352f12614fb29a9ecefb1cabe1678604832a87424bb320732df8a35213ba6f40cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7db80655121b44541dc1f134fd73f90a

SHA1
6ca0bd7705eef0c3724ec434db32d95d617a12dd

SHA256
3cf33d1ffeffa5c870d67a72b1fac476dd1dc941454f41669becd866e92c873a

SHA512
24d236105046052e51d517be7ed19abbc041c1868324cb05c788a5f87d93751986d0ab211c95046498271a18a83e1009bdf9dcb32506972e344de2945caa593b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdd74167bc0aa0581d9cb023c340f114

SHA1
35ec4cba4a1e4f93c2dd76c492fb534c6d766e59

SHA256
6d991bd4e81e0e1175016902b711ef8f4fcf89c94a64fbf539c5083d64646376

SHA512
1b6e51832cc4564754d94a4b3ce9adb18c10125b7229a68d5278bb08de7f2c24b9657a2067e5d21d5bada9b1686e958c6147fcda2705bdaf06d1a62d3c6d6560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39f59cc9f8aecb7cac4fbfbb71f42a64

SHA1
2a12fd07a931ce92fe7b875dea92ce8cbdb1419d

SHA256
5dd90cd0a96f3ff01f1a32c3668fc70a45dbedf93f37e936e6d86596924f6342

SHA512
7822cfa27c8322bff21ea0f12b5423dc75b7e0aa20811ae9c670c820382901d876aa739bbf59ac12d163cf0cc08fffefef3057deb53b2d921cfc63790c223dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d8f878c54db313cc004c7b5fe896afd

SHA1
6ed44c4eadddf31a1ccbcb7be5d7e740d8cadf14

SHA256
377889d18cac07a62a69806e36ad1b334418a16072f396987cf4cbc94b215714

SHA512
df7b17b86d360ba5cb374dea1f75603e83139a9b22a82ca5679d48b1027eb5d2203e37eac67c3757cf053e5690e38b97930d753641b2133899d238474eabfdcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
816c78c20c0c3e1bffbca14f2c9542db

SHA1
467ab5bce7ca130d1a1bffd33fb177b85bba33fc

SHA256
8aa4d07e32916fb928c1ef69fc871c4f6ba1505320ae3a9a0a3e0386ea84c5ec

SHA512
a1721a8d064d0eae046e966d94c125f8e3360a922025ea00b4efa1ce17409c9615007535804de79dff1fa7e772e06d2286fda8f97c1ba979e5f48d39fe470f14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04bfb70f82463fa4648357ff34ad5c13

SHA1
e443add8da97046dcea2d0d9175161cad3ae12d0

SHA256
e41cf1ac215180c2b3f636f4497103568ce99a0b67765f3753cb3e56301fddc7

SHA512
687c9a4812f91f100118df88c3889ea27a0e59199e991ceb2ec46ba5dbb77ad911ee5d3173c3c0f8e15cdbafc4bcefbae959ea0eb87b7958e854fdfe8188f326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b2fd6cf94eb0790b0b9ad773f75b9d4

SHA1
8805ff2cd05e053b3de192d73f4ffe4eb27aa50f

SHA256
ef4e12324438a1cd183a68b2e422bce5991fd8c0cd2dca228338e5e3a3e098ee

SHA512
dc91c0585b893300b3489461cf95938b755f68f64f844019f3bb4fa6c2877c00a409017578998848e8e2bf5df13cc32cdd056dc3bf2644448056516cea2e8338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ef63ac9a1c1671a5ef2fa4285783e8a

SHA1
f7c273e645790dbb2e632714254928ea24f9f74b

SHA256
9b0f50ea996c226b45111eb79c6995cb1d33ce904688c097dd7b5ce0db5de124

SHA512
78ab6c6fbc5be7f5372866bfe8552798c221ae9515a938b96a916dd7c77e954c81a9e83a1da4dbbb55a077827167efd811feddcfbddfa1f977979be3c625e06f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8407a6d43f175710e344e740d23dc04

SHA1
64afa7ed54ee06430bbb3aa434ac125e7d52477b

SHA256
5bb6e210ab9d3112b0cde841b90fd3effb6794c49368134b1e2d4dd565659f15

SHA512
f96301a6713ccb4995e924a6ddf0e19c367a5cdfb537a952aad3aa96a4f1d344beb4de3d7230b00a6d263928ad58cca738745e9a492034aa1f53ac3ca881e90e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7894f6952aa285f7d990b4896aaed61

SHA1
09208dab23f38ea695a563c7937df0bec63b72da

SHA256
70dde78613a4618a3ba76ec0dc0ca897ad2a828637e46d58f0182549ca26b9ee

SHA512
b7c991e9108aa1956771a02a751dff528cec8c9a6fcb648a4079d8e880a4dd9e1f7a1930d5788edf3a098c15c2900f511ab704321c8df709e9df4230880c6d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afb3e78925a0f0bba0f359bee0e03822

SHA1
20f7814d74142dd3386eafb23a4724534f85c028

SHA256
e5cbc9124957799e6712cf404a661c7a3ddb90125829a26ea0603da017ef47b7

SHA512
a45002e78dea7430dac19f0b6e120f8025cb2607ab9fc0027b16d5ee48b6efe9821b3d386d281bbb2a16a25d88ab63fc3d3f98a7ff09553a48a293f18ce982e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e42d7de4d1d90efe6c12f184e010493

SHA1
51ac4570583ef6241fb8b13fd704dd94638a8110

SHA256
ed75370dab5c8009c2ab0cd7cf046b59cdfcb25c8a3edd8fbae238dc7bf68627

SHA512
7a93237b6bc9ff2112acdc46864becef233b4fd8a10df592b6bd4f3ee858cec819f024fe69fcc848ca3283bcd9ba1e2e640e5fa1c82e08c5173a78da960fd77c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9517568c13df6edf27e0c402d8763ee3

SHA1
3a195f1b5802adffc1be3c4395ec2e27bfd71dd9

SHA256
bc4dbdaa192a39e8ad7c76f8fa70bf42875284d74732d5c56f48bea93c5c5ed7

SHA512
51f659a06519f34778e2ed51a23db911dc3f86b1537c90c2b59c2e73f6383fed3b79e2c7c9872ca3456d73a715a0e73c5d37f48cc0b8762a3408dd739a113c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c5a8feabe329187e263d74786c444d9

SHA1
427f07bbc016eb890e191f6b296a841b03d3f051

SHA256
adc999ec512e395b9e4618062960419dc5064a72aaeb536f784cbdf4e0dee524

SHA512
45fd5939bfc1d146e8db464c2bbaa3e5cdfa932c305930e9edbd9b00230159361323c5dd17735805b56c1a7b808c85268e198d6450f775a9515302385a0f505d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3731946141778b6548a6c150a20a70e5

SHA1
949730fe60a24080d795c80e6fd7cd324c866633

SHA256
fd96b3657db093e9702eac1f4df5e2fd664ad71b4a67fda3e16de19b3c8287a9

SHA512
0b0b05dd6ab5c4a4d08ed3e809a7e8d1fc13857b15d0a1e370de6a37248116ecb775904c23d04c0a84da0965d5b3d656d7be847270a910b5f60bb8a50322c41a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee260de82019446646b889971078bc4e

SHA1
4891a3776d450c92b76b6a9fe8735ddaa31c2d98

SHA256
4d96ce301b01e18b4e533adeac7cda5c84bbcb2a0cae16fe60ff55d4ac81ebe4

SHA512
fb426c46f2140b161b2f7c8358784a711d0e8ea026c3d64cf6740bb2d53214f1451c915acc4beb43d824d28e99e1b063c7e393e1f54de9b413b582ef578912f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee260de82019446646b889971078bc4e

SHA1
4891a3776d450c92b76b6a9fe8735ddaa31c2d98

SHA256
4d96ce301b01e18b4e533adeac7cda5c84bbcb2a0cae16fe60ff55d4ac81ebe4

SHA512
fb426c46f2140b161b2f7c8358784a711d0e8ea026c3d64cf6740bb2d53214f1451c915acc4beb43d824d28e99e1b063c7e393e1f54de9b413b582ef578912f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ecbb8c7d0a10913e3da0af0e7a0988c

SHA1
b758d68f8a0f4229e5c55f13b80503971a61a158

SHA256
e64620449a6c6b67ed5eecc7f12575d91a4e11fd4a7d71c6a354458a134e4cc4

SHA512
410b53bb00ae8d0fb92d41b4267e945bade19586817803242c3e38f1af3a92471985700a63b356d4b332c19a6fc11bc89dd57c60a99c6bbcf9b8f4ffd2e747ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
145fa0ce488167270d777090fc830438

SHA1
2a82bc505c4ab1a3a8f3df8ac2a914e80c1d8f7a

SHA256
3f79a74cb95bc70dc06ae681b97bb335be32ee7fb38786dc889c55d5789d602a

SHA512
924ed0652fff2cb75ed06203ddb9d222b902c5ff3f1aaba8318fe2b8af19c5e720b7930295ff0aa0a41e2d8a33826dc4faca19461d34ddf2a672fa2cbbb5f4d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1892707b524df5605d15d0295c0fd690

SHA1
57a6c8d23031e266aa629d7467479b0b8f4bf1f3

SHA256
95e0cb34f88316af5de8d9f4a4316c154c2b155b8108b181ab2feea56a9e1cac

SHA512
4d3fe1e4de28888192f923154fcbc9170b2f8ef2860cafa79f5fdcbd1f1d73d6033721dd78c8ffbb1594c13f7a13a57e1d890c3efdbeeac0830e4411334843c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02c4f780a81fd0ef936b537a04c97b55

SHA1
d3f5169b8790b251b82720f61089845f5781c1cd

SHA256
98ab1b10761a93017165b66dd1142667b8181742a5bd8f26370121eda8927076

SHA512
29abf82beae71fe1939c09b22eaec45d67f7bd8b17fac3cf2bfaede9d103c01dfa40b7f08b92cf58b5f6850e16f3347c1e37e26456ca109a93564d2b535a3cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ff9e8381b4347acb86c0f080182b5ba

SHA1
6ea3bb0171917d0deadc2e9cef729677cf5bf989

SHA256
79d0802c277b583883bf36c8ea232efd006eae12011e8b273d2543b996194059

SHA512
f771d08b8c9eabdc768808a97a89575018f426ca99336865f0e00fba501968096856090b83e65c0b0e00fa256c68f69b6a3e097bb9c1f214262ac7790f52c825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
391d307505f9ffddc1964e79ee54a2f0

SHA1
a14e404b9dbb1a633fbd4ca4ffbd17cf55485d45

SHA256
491174ad77fd388e8e739432592fd8332b9faa1d94b0ae4174725d048fe13d04

SHA512
70041b281e09b94ef1383fb8a0c0a2829fc0e38e9273bce4efa57f19e028f3af2e61d25b319f2d91a5a8737c53be26564b49b565b39a0c43f7b4a3de4a6d6bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
b9996934a6a019966fed1e76f87b17db

SHA1
911c1382fce42fd9df68f21d457232582dd18eeb

SHA256
5f38707b3a460fae5a395913ed67f233bcee89a1c1e37974d743bb6b61588937

SHA512
a7424e06429efce0e5e180e663cbdd6dc3ceb0cb64d75d3bf182581a17d6468381a279cbec1172389db2cf7abd7b700032bfb575b01bf0e8ad7f93c6a281c8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1e563b2d3db22fa2717e989ce709468b

SHA1
3b6bc5603125534970b9aa6fd676d487d1664afa

SHA256
1af44d09b0d5ee5308a6bd2119b0f15b6d268a8b34f2030101d25241c74aa877

SHA512
80f46067b0cfa6df94ee4da5a3ecbee535e5b6c608b8e1ac1d37d1902a84ed171d123cf093b0cb81303a11a7a21a404390ec484a2aa821a0c4452ec4cc32a063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4fddad7b-b824-437f-bd4c-26a679405d22.tmp

Filesize
199KB

MD5
9ed6a3e019ff141676765c556a1c1d69

SHA1
5c0e9bd26c9c3d80795c0b0a2f8622dc75283640

SHA256
5943a2162536b13a3bf39826855046401bfc817159e1974cfbd69ed599c26bbd

SHA512
27fec73eba8abbc281100d3f06bb97ee22b5e201002c2724bf2f07313ef13636beed67de54ba4b3ff38ef769720c5e8bba0fde67e5f05a22beacefdad1dc6ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
200KB

MD5
96ce3a8272bada617db5f367648dd029

SHA1
179967bec100966f31d23b2f580a3ef7e2f59185

SHA256
33668b2dd2274baf0280e96ecfb7f65a5e04336ac888ea88e63243b7eb170e03

SHA512
f8a1bbf349f5d661a706efff2570170e81f45f227825ded858ddd6a45acf973ccb656eab444f7defb1ebcb5179c466b83eed64a435926bb9a177212cfaec1708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
aa943137e412bd539c2d91e5188d24b1

SHA1
2276ee7429d43824576956d81ebf4573d4433974

SHA256
f9b06fd1eb0d11c19d2e8b819138e77c68ce5523322da991a7b41bb787b3402b

SHA512
ce73a39837db2e2307e97e55c597ad9dfe98b032505a831e72f06c8f1526f0e0a2f20eea4ba15b8384202ce31f50e074ef0e271bdf2ae14a5d40222935e96404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
888c7f9d0df960e0b8a86e0c1484b6ec

SHA1
fe67fab65af62fa08df37035a9f999d76ee2b68e

SHA256
97ac93b8291546faa2369e96394239585aedd5203e82560c74b12c350743d855

SHA512
0e19d3807999c7b67d8f1a8acaef95ec17f684e9e6eb176a1ac09cb0af8c8e49319703173257fadb7282fe8753ff5f6619464bd7ee9eaa2ec9a9d681d8c015e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5ac5f9017d761a8006b2b5c3786fb38e

SHA1
03710f931a73a16c0e38c56b311f18888472a3c3

SHA256
a8a8007b28f0189bb034dddaccc63477d5ff44d99ed0ec9c6efbdedef66c0b9e

SHA512
d76807e9aea68d3c6b2a707a7e4e66a7d3834317dc4d4afb494cd4d1cf14c7e6e73215c27bfcf08757605c82d72eb3053182e6cdb3df4909896846e49b7fc2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f8d8d483ab40f2effe0f7f2bf2912fa

SHA1
b66eb14d0a7ceef10b078b58f759a61431a5507c

SHA256
16be14e57145cd0263bdd4e4c5079bf4b00221b001e2ae731da62e1a40ae4aed

SHA512
f8ba0661e59852b9520511f92c4c1980d14279d49deec9aed0734d438259bb433a0bca159cd5a824b6b4bce062ddc8fd7f42625cb337be2065c2a790c70098e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1371f47c36fbaa4b81bd5001901540f0

SHA1
84e1537c200188c2f6d619a18add5ed20eb9318a

SHA256
a17267db470c0e0b5eba27e5025597368aeb7cef145e95e7ed6a58a51778470f

SHA512
17952b08f7cc98252c46543a87d82d77e4719bdec6511bba1ed1ff5f941a52d39d9f49c7cce9d794df509b57ccd853d3e3a5ac0557d39c8e899ce526d78b0e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c4ca26048b0f420381013a6b15e2460e

SHA1
1584271bee0c8a4f2c80d4c722a74022d255c807

SHA256
4ac26234c22c21eef2aece5deaa0d9eecce6c7458e4f9bf4cb2726a5ac46311e

SHA512
c8fef80c332e12778eacaee3d180b50c1216b4169530d083b7039cacde9e9c153c004af3874123f8b97400d51b8a1365a48b35a657bcde12d9f0b7cac5cf0a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pucq4vc\imagestore.dat

Filesize
96KB

MD5
13cb73f3e0f7a2126cce8e7407ae1b13

SHA1
6dcba65271208d4008f87696e67549147a88ff38

SHA256
053618691c11a0d48c89cc4b7b6dc0f04816da4fdfab819a39183e9eff328ac3

SHA512
8d45b79bc4ffaec541263073a1b51825f90f584b9f4cf6ee66488a8236176683a2ae9eb83c0fc7a0ef17c6126ac1dc53fb9364d998fa39d9a7d7ce890e7ec45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL78BP4I\hop[1].htm

Filesize
1KB

MD5
1df116e39d6a796704910c5bdfba6d15

SHA1
709fd3e7bc927b36dce8e3d19a73dab4a38fec5f

SHA256
337eb18b6a6eb35e62a21c517ac80bb629bf99ce7979b859fe0d5bdd1331c5eb

SHA512
f3f0bd97627c9f310b8bcda1ad28a1a6f4233e5ecc76086960b32ddd84b69ed5f112cf45dae9de309d10303f36ec5472a55688548a2094bfbf6206bc5d918df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL78BP4I\vb[1].js

Filesize
1KB

MD5
a344f7d51e539e1076f73bc74472d97e

SHA1
f5eaf4accd7d2c36b320d1440a83b9f52a3ee108

SHA256
4d0278b28475abe16ff14c8639aef6121520fcbe5b8703a239931863158980a8

SHA512
d6a44366b2f98cc2a908462c8714efb6a8890fb22b5370dda8706dcacab25c8d2d94c7cbabeb89b1db8111c9a623301c9af0bdcf5270cb4d99aeb12c8a86dccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1YQ38W2\footer_02[1].jpg

Filesize
96KB

MD5
e451a6e0020094ce3bb753c33fdff58c

SHA1
3841d816a8adfb22be52aa892af0210d9ab8e36a

SHA256
bf02fea4323e6388ec88b52e3903ddd17eee800457815fae1909176c7ec8ce0e

SHA512
bcaddd71ec2bc526c13e05ba30d9976af8d8f6e4acb6d67c7be8d6e61e70e7a55b96e1beeb146ca51bf4a072d271985601dedeac2b440a23eb783fa74341c197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8E7WD55\jquery-1.9.1[1].js

Filesize
262KB

MD5
08c235d357750c657ac1db7d1cf656a9

SHA1
9257afd2d46c3a189ec0d40a45722701d47e9ca5

SHA256
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

SHA512
d62700e7a1ff41f9d6326ca024ba2be1d391bc8fbb2aeae0f427d74837899b230940bf7c2df3d193f5300a68bb3686706d4c31328234b5cda026a1bf52ef9e70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
2dea9c202b1c066aab13285fd49d7d7b

SHA1
89ab8db965924d1b9624bdb088b9d435aea036fe

SHA256
eb51343e794da99b510b94456af2e46028aa8d6b6d89515d4916ec8f44e95490

SHA512
189589a23a5c36a5f02358d4cdbf7d047c0910dd43b686d00161395f5f8cf53141a5b1880132475187ae8184b83e2a129a137054630b12064e2a08103399629e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\cache2\doomed\2137

Filesize
13KB

MD5
2beeae91a813b09e4b5b7ec33b5f5b3c

SHA1
115baf3cc9efec86874859d6a815a504bb04f8f5

SHA256
9761045b68dc2b7f0321b270fe250ee8dfdcf06de24aa4894d6ec2d7ce93fef7

SHA512
8add9e287fa96accfaba40ee1872bf94d3718ef6d4a12f01d8bcc3a1d5d1c91f2681797a0fd648446f54e960057e349a3d133e88b7e213676434d3eae8317ccf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\cache2\doomed\24382

Filesize
13KB

MD5
b5f0fdec32b6d0c264bda047e9ad77c9

SHA1
eb0103def83fc4bb3fe4f2e831d368f391bd2d2f

SHA256
275102f5bd8fb91f2d14a768616ece0e7c1f01b32ff1bab4f63550b193ff3302

SHA512
f2199c6b96c1cff0f8e72ce1293e1da25a6501ecf83924bb608982cfe13b65d84dbebc37a98304442889311cf030d9cfed0f5c69e82be96c37724abc82cfcd8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\cache2\doomed\392

Filesize
15KB

MD5
ad11d44cbc059d8f06acf8c0d2d2558f

SHA1
a7fca8fc87175724bd530e559d5904c35736d4ff

SHA256
19804b8ca34830d270c4ab3bf70872e87c5ecb9a627026985f92f831fd8d9303

SHA512
fe92f7cffc1f6168ad03ef3ceda1440d98cb666b030c1f740dbef0a75e6e7aafb0b41d555bf1f658afaf608f540f7c826a6ad9d5473ae35dab77d4bd52121755

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0

Filesize
13KB

MD5
00a99dc2ab5e5e401ca4ee8c21a95a8d

SHA1
c5ea61d2df7586fd5cc0858b1342668c36c3da4d

SHA256
fe56a42c4c66bc092e1d346a422cbfa43edff47988c15e10daff32dab200038b

SHA512
267302c0c98ff44d83bb21fd3e6fd98770a0df09a23bcd8c1705486af8b6d7c87ba193021d9c5323d98af233732a2679947197dd35b54abf79ace5736be75b63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2hawuouz.default-release\jumpListCache\rb+gch5xcXjoRNow7S36nQ==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
1.2MB

MD5
f96faa6ec671eaabc66ef44d5a715db2

SHA1
71b08ba07e5cea3490daeb4b75b4262b1e8a9821

SHA256
6beae61ac55708892f869336fbf24f5987b433d3abe54f00bb69a098715caa1f

SHA512
ab02f785eb412004de71337a016861e790c643bffb7b1ff87d3c7f62e9ebe139fb13b04c4605ff8f069e9e0eb032427e864a6d98af5b8e25fef770bb84272838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4397.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar43D9.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
9.3MB

MD5
b05e1b131299f3d57323bdca54b00570

SHA1
82ebeb46687e7b285f588c056e52ccaab87e464d

SHA256
3adb8147e461a11add25101d78205b61b54b6993022c8014b9a55b3197ca39c9

SHA512
35580e1580cc2dc5a50afdb1e3453517fa3955f7737c177a83bf2bbb9d000a7a5f060b032200e0440c4478400ac8b1788e018fc7c88ed150b96282146e2f2457

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF1315D569993EB7BD.TMP

Filesize
24KB

MD5
0d27e993d9a310dce12da1c3774d0fb2

SHA1
1169f0fe4c08ce398d1837ee43eb8217261b5c60

SHA256
b03673920811e81c448969dd7c99e94a4e533700b69e2cb7af80c649221562bd

SHA512
6c0df35c843eed2d69d41e345950a9aeaa6d59671f03f708feace8807d60a414b7a28052852195b59b95244257045ff057fd439afb65d6358b35426ab6992a53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
23de407f36c297e0ba01f11b4ac771a7

SHA1
33fb5880fb20be7fb037a685a282c73b85db8934

SHA256
f6d9c506e5915d2438bf5637a410db867456c6c5e53233238d34c1c9921b4dba

SHA512
6abc296c3a10a334103f9c192cf27e83a3e46f691165f9eabf134fee7b474f46c469581942bbef614047600df557a7ef8ae81c9e126470bcd66bde5553c737b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\prefs-1.js

Filesize
10KB

MD5
1f3d0c9161ef8fc6720bbfb52595fe0f

SHA1
dffa6c56897ac083680b7c69efa5ea76dabdcec1

SHA256
929440806406c8577c9cbcc1b69bec49073db0d9078eeba844c7d77c0bf9b268

SHA512
3d349a5a4b5e12917ae7475c25aaf5f52319b8d2f0fe66074cd287ed12ef48c875b87160592abe773be06dcd980dcb341377e4f8a64572ed29afd8d493b23817

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\prefs-1.js

Filesize
7KB

MD5
65771243c29b07c226529b26293dd016

SHA1
f562d97dcdfd318ab39079c4b28747d450707b15

SHA256
1c5867e1baa385e96d4767945cef7e0b28939d7407338d9a5366ef3546fbe6a1

SHA512
f84458a46857bb104b57e09950437e886c3575326472f234138e5defdc91ce04c810e4e609a473024ef3a5d5999c239ad1870bfade5c73d6c625d11d9123eadc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\prefs-1.js

Filesize
7KB

MD5
62cc4805568fbed1ae5f1078207dbc33

SHA1
33d6c17f3d3ab12a11b4afdc205bf34386330d88

SHA256
912b0cac06b3050d82035969093e986d92da7917684ccf9f1f9a55023dbd40fb

SHA512
2a9dd0fbe0c10881e44df8f932c8ac52c2e1ff674401a54b74b16e54d5e6560dd2edb82700bd998f2ea8818ab8c77e3e0a7a97713cce10bbe32bcccdb5a6c6aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
dab43fa1f39b810f04dc461634fca6d0

SHA1
6af0a887184d9f04b50686b3637dd350443edd00

SHA256
6c531d89ce490d8116d26ac72d110600c67b5cedb4d65d0b8367f71f45b7e577

SHA512
334e0454436a5fe623d013ee949a8d6264b6a2d8a6cb35c9ed34151f800d8771d5ff7f26183fb360a7f869509adc9c890ed0a33264578535ce8bfcc847e51480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7fea0e3bfc828b828722bcb4f8e3ac55

SHA1
5d4623c8f24fd5015ebeac4eef524bc814005dc3

SHA256
bcea7223d7cc933ef1dd4d949dd44bfde7307ec5c13a30943e77396a9e4cd477

SHA512
036f80907a62e6f87f9cc84572ea2ae0dcd93b7b1d00990e5e1143324fd8780eb18ff7fd15fdb0b3f4c8f7ea418dbdfdbf06fd917bd4bc4e6dceab865e604e90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
142f9e0e4b7e331da8f343d45e29eebd

SHA1
983cba1eb5114a6939eb5eeb2aae2078dc736bf9

SHA256
d6f9c898ee9bf8e1ca9d70eacecc3f166a619f227b7bd99d53f17e41794c4791

SHA512
3d301e744c6b7cd37de575866737fbee0860369873e8a4c5e71041ff3cf99ea0ce6f86d7da7058887a73fa42fd1b83cde7d010a247786923678050950854e4d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8c30e55d087576ebd6c8bc429091f522

SHA1
c76aaccd8ea84033d9b2d96988cf290b6501db8b

SHA256
6e4970b9c2bcd8d5587142f4e485a445beafd1e047448a4a5228c1cbe8639abb

SHA512
783576262acd50da87658ee40950fd6f1033d152b2df7a7661f123c4a2c4129743146d5e43bd215f9d44f56943f5ea57f2883cf2fe3f1a2b3afc0a487a837b90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
eddfdeca845de598ab7a14a215bcae06

SHA1
b94a1b613894d00cbfc8d434f17bd08571b57fd7

SHA256
388b533b0a72a578b6df3a3a6580827ed1ef75caa1f822f1eb0292bfc218ab64

SHA512
726e68831b9a22396609ce7e8884227d5636f69d365ecc43ac282f494618f8869c928b6e0638d47d04bf10719989aedbfd2495c7839b05832bc49ea94fb7b260

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
19a242cba0209841f4a5d5193a85210e

SHA1
d70f6dbafc16c541e626bdfcc506d953f3d92c8d

SHA256
edad1a2afaad348728214bb6433e9112e802f7cfd0efbaee4cfbb9c12c51f22b

SHA512
cb9a73199f1a67651ed7191bd96f1d92fc45dfb32c3a0a7acd00dc4833718c0d0d2e4b64350d37d64f1e1905f10aaf6a91c5b90bc70e6cca8f619c4eddacceaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6363c43e41f9d4cce3b7eed65d283e59

SHA1
16eee0cf696c951d2f19b1045877e88e83a6df35

SHA256
c81dff487c3b4bb28505cdd1e82cbde7e8c96964f571c99db10dc62d726d2aa4

SHA512
5486b1114fd53d65515941de4beeb29a786b36395ccb57946ca2bcfb920a5721a59dcd2d17bdb6416049d8e1dc1e60f785dcef1b79d615abf4733678d250c570

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9410957459edd39e76a16a0f12508cb3

SHA1
d404aa19edf3761f5f0d19caf6d25d7c29568b43

SHA256
4590fbe88591b323d43f97ab655b1318c0701ff95b18de534aa5ca01d0eb2725

SHA512
90f8db5e39106cb5523d68288f09510ae76ebe454d845070908e1a6c70828aeac6a2f59b76e8723d3cc74c860cbfdbbe3806dc6274d3eb7af552ed135fd8e42a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
203d872ce96f1e08e83b6f7761e70f3d

SHA1
19fa884c847f6963cc5488047bdbee64b81fdfda

SHA256
ee5b80f7a60196f54f5baa6b9599cfec3fef80b64cf615fc70b0e6b9e1009fef

SHA512
ac4edb4972f24e97ce90a18efa648cfda384efa3bc3cecceae091e59e93a716ef432a90366408e68b039635db7bb0ad47ab9cd7abc2e7d6f9ef69544a3ec3415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
68e2bf01ad0cd9e800bfe17bb2cc0e73

SHA1
50d9c2151cf740722fd1aca6b67ec6a076395f08

SHA256
1a743a6e454d53a86e2fd4f224baf331521a647fe5374b97a6ac6eb2f8773f02

SHA512
99d62b2fe971fd7c5245b3cb58a44bcd0c11ee61e3a2807ef40fd7f2748bf9867ca2af033a2139181e9709fd99a5b40e4340abc620fb1298e118303bd89e8e6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e6546c9a8a793802856b4015d86a7c14

SHA1
31868c08fc8d04be542f3631e012ae1f6ed2ff5d

SHA256
85a9c10c4077a45fc5fabc5d1eedb28dc2075385a8b794d8756a8e59b3d1ecf2

SHA512
f1437e8f40f56b3d849eab55c2c7cc99b5cde5168c666dc6ab5ffb2cec95ad81ba8305e7d7c1f55f82a5296e53ba5d52d4f213283c4ead62cc888a0fcbeb842f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
972f9ae3bd077581eebec41f5849e946

SHA1
433071b8e5fc67722cf50dd76c547ffcea3da445

SHA256
cc028a41c11151fb316892486ce155a08524b171c4420893c5cb712ee4247c77

SHA512
105e62b4cce80daeb27fc572c5df89bdf74624af2a6e2b94702194cd349d804ac7361f4c52a5d58400290ffa6f69a6ceed42f504e12c82032dc12623a3eb612c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0b531d95ec600f86e0fe609ca140529d

SHA1
6d1fcf8183844d37a148a827ba13e2a30d9609f7

SHA256
8a1d39f635f05a7777a9ccec9e7d7d01e5fb42abcee29752d65a58f2baa60f50

SHA512
ade05360f3d3b2e80240912f358254bdef4c9c4c35a9f49a1eb28e0b5c2d2460cd1c846a73499f440ccb59b3351f34793a840c7ade239fef531af623ab4b689c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
61aaba1838776d133081697c3ac453a2

SHA1
af45468aefa9d2fbc8af24e55080709a0e2bfa21

SHA256
990b900b1878e4a6ebe6428501d27da98d1a193e4dd94f5618c58380c8ebdb96

SHA512
780a46b3ccc70d2420b8f7ecfaa690902195a4ef78eb9520b93d2f7c84d32af055d2edc3142aa5c8d2fb3b777f3f4b727e72aae15bd26cd6e440fb8f868b67b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9b24dc6a79554ff3c21ed11ddd531a8b

SHA1
464f46201b539f238ef5469428c82c04f2bff46d

SHA256
16df9660071850c29ffa5252449d8f26fe4521871e11f27fc7e672bc09465190

SHA512
25c4b2ccb804c0d737df8881518010fa0d6a5e769bca1a18ad2a7976fd38daf030c414d50354b9617beb04802a9056f90c617304e58bca4a3d57875d1c0a7321

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
838172be71dcf57ee5553b876c4ba8e6

SHA1
a0d247b865fe125581d139f5bf1d585222567ceb

SHA256
81b3e9293d1e83729f0df518bfc30315d661a9e28ee545a053f4aab54c831f92

SHA512
9ee3044353ddc498f5cf47df52145cac108c536df30b3278b2af77e2468e54111d052f70fc781178a8f7b915c2ef0eeecda64d683088c04da561b99032ff063e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0400756b711fe69bdba52029f7b11d3e

SHA1
32d0a11678cb6de4958351c44537fb3f12321a87

SHA256
ad269f7f7832f0a642a8309379ad912719855a23bc5cd96623de9ea1df6b39f0

SHA512
0f95beeb740a4f6bbd9bb9993b57e7ae6ccdeb645741692221ad3e927cc6fbc37d6e177d87bb0627f6300252540c2a3f9183104c56f5ca7d5b26664c4a08f680

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
176KB

MD5
1a67bcf10d858dd20e018ed11d4a0c94

SHA1
cdf26fb168c171b71ca7eb53f108f437bbb26d8f

SHA256
a9040ff479a155689856b4165723adfaa5bde219261fd7f48bd4b25e1bacc014

SHA512
807b3467861af27e4632ac717ed6bf7e6ccf05e601a2c3608e2a46666e48a2efa6b2e9bd05b278ba4abd6eff278d8069826abd1a6c18b3e6b47634ee77da1f42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2hawuouz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.3MB

MD5
317df4537d73472fda057053bce53fc1

SHA1
5277ef4c8afdffa81be40977e5d6aed9c9a9b2fb

SHA256
013186677a247e8322799556506cad5331798a34eb4104e472cc8173bc23eee8

SHA512
f76c160a3325ac1541796ebff8f4f3f716c48c6fe567501ca2f9791fb1daaf325d3cb7ec17598971ebcd1c0cf9a1634dde7ab6accbf5fe0cee201c2fbeb479be

Download Submit
C:\Users\Admin\Downloads\NavaShield.zip

Filesize
9.3MB

MD5
b05e1b131299f3d57323bdca54b00570

SHA1
82ebeb46687e7b285f588c056e52ccaab87e464d

SHA256
3adb8147e461a11add25101d78205b61b54b6993022c8014b9a55b3197ca39c9

SHA512
35580e1580cc2dc5a50afdb1e3453517fa3955f7737c177a83bf2bbb9d000a7a5f060b032200e0440c4478400ac8b1788e018fc7c88ed150b96282146e2f2457

Download Submit
C:\Users\Admin\Downloads\NavaShield\[email protected]

Filesize
9.7MB

MD5
1f13396fa59d38ebe76ccc587ccb11bb

SHA1
867adb3076c0d335b9bfa64594ef37a7e2c951ff

SHA256
83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d

SHA512
82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc

Download Submit
C:\Users\Admin\Downloads\NavaShield\[email protected]

Filesize
9.7MB

MD5
1f13396fa59d38ebe76ccc587ccb11bb

SHA1
867adb3076c0d335b9bfa64594ef37a7e2c951ff

SHA256
83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d

SHA512
82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc

Download Submit
C:\Users\Admin\Downloads\u9IqcQWc.zip.part

Filesize
393KB

MD5
61da9939db42e2c3007ece3f163e2d06

SHA1
4bd7e9098de61adecc1bdbd1a01490994d1905fb

SHA256
ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa

SHA512
14d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e

Download Submit
\Nava Labs\Nava Shield\NavaBridge Libs\Browser Plugin.dll

Filesize
96KB

MD5
912924f628e277be9cc28a5f2a990cb9

SHA1
13c0166469a271497043a2f13e9a6a610dc2b336

SHA256
bd474c5aafcaa12f20da5ecb29e17555b953eca46b4f56588a72672a36d4a8eb

SHA512
b33b430254f9ec32ecd6224124db69af93de3cbfbaf422a0045641f7961834a67cba1b9fd97f4e0e903e27e3360301c5dba214a6b9156c4cdf8a25115b860c39

Download Submit
\Nava Labs\Nava Shield\NavaBridge Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
\Nava Labs\Nava Shield\NavaBridge Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
\Nava Labs\Nava Shield\NavaBridge.exe

Filesize
4.0MB

MD5
6f89df4cde193c0636c3d497cf1a17bf

SHA1
9faaa0100195e3e81fdade11e7a476a1fd1b23c8

SHA256
e7f05380e90dfb15b91b8bbc2ae48a04ba84d573b3c9f7d81bcc12f814215929

SHA512
c31848b1dceb8f8351991051b389a38b2ca0ae7ee98ebf626576245ca1588f1f6ee14e3eff7b165ecf9879e7e11ab77888e297cc4ccbb405b0ed64ebcda304b2

Download Submit
\Nava Labs\Nava Shield\NavaDebugger Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
\Nava Labs\Nava Shield\NavaMod.dll

Filesize
5KB

MD5
3d7f80fb0534d24f95ee377c40b72fb3

SHA1
11b443ed953dae35d9c9905b5bbeb309049f3d36

SHA256
abd84867d63a5449101b7171b1cc3907c44d7d327ea97d45b22a1015cc3af4dc

SHA512
7fc741bbce281873134b9f4d68b74ae04daf943ea4c0c26e7e44579f2d51883c635972a405dd81cee63079a5ba9d09328a1e26e7878547590569806d219d83c7

Download Submit
\Nava Labs\Nava Shield\NavaShield Libs\Appearance Pak.dll

Filesize
136KB

MD5
fcf3ac25f11ba7e8b31c4baf1910f7a6

SHA1
fb470541f0b6b8f3ce69dcaa239ca9a7d7e91d72

SHA256
e5b3249fbeea8395fd56c20511bfcfdb2b2632d3c8d517b943466a4e47f97b5c

SHA512
47c467924d64af4a48a6e640778aca1dce379d16b06bf3f60a44025034c15ce1498ef307b63cb04e5c0cbb6c2ac58022acdb0d6efb1109c5ea31f842a320aa40

Download Submit
\Nava Labs\Nava Shield\NavaShield Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
\Nava Labs\Nava Shield\NavaShield Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
\Nava Labs\Nava Shield\NavaShield.exe

Filesize
23.8MB

MD5
9d299e41bae269641af28a6c02b80ef6

SHA1
66114e20ddf19e657d29aa2d1ac56ea93c62d130

SHA256
fce1bc05fbe2de83ee535e5ce0ceee94f2b4f917cdcbe1f1f649f44be25d4ec8

SHA512
26e01252b6caea9122734485654848d31c7f3dd06cf7fcc2806ba2b0705cb914b6b7b4e38ff1f23a5c373277e23d64320844e9882bef4ed27eb68d7ecce5de28

Download Submit
memory/240-2627-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/240-2605-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/240-2489-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2244-2670-0x00000000002B0000-0x00000000002C2000-memory.dmp

Filesize
72KB

Download
memory/2244-2673-0x0000000000310000-0x000000000032A000-memory.dmp

Filesize
104KB

Download
memory/2244-2667-0x0000000002470000-0x00000000025FB000-memory.dmp

Filesize
1.5MB

Download
memory/2448-2592-0x00000000003A0000-0x00000000003BA000-memory.dmp

Filesize
104KB

Download
memory/2448-2610-0x0000000069F80000-0x0000000069F88000-memory.dmp

Filesize
32KB

Download
memory/2448-2589-0x0000000000380000-0x0000000000392000-memory.dmp

Filesize
72KB

Download
memory/2448-2584-0x0000000002570000-0x000000000288B000-memory.dmp

Filesize
3.1MB

Download
memory/2476-2809-0x0000000000370000-0x000000000038A000-memory.dmp

Filesize
104KB

Download
memory/2476-2808-0x00000000002C0000-0x00000000002D2000-memory.dmp

Filesize
72KB

Download
memory/2476-2810-0x0000000002400000-0x000000000271B000-memory.dmp

Filesize
3.1MB

Download
memory/2520-2679-0x00000000020E0000-0x0000000002267000-memory.dmp

Filesize
1.5MB

Download
memory/2764-6488-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download
memory/2764-6541-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download
memory/2764-6500-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download
memory/3460-6489-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download
memory/3460-6505-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download