8244d3c049d38b92198166cd4f16d6a77f67c731fd157683c25decf4e699867e

Analysis

max time kernel
300s
max time network
303s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16/04/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dragon.exe
Size

3.7MB
MD5

1759ce8d9ba00e3da7767493082ebf55
SHA1

72ad25c40b5e4da1e7a3ef2f63c5326c3e7fee60
SHA256

de1aa6087d9d604d4b72ffe113b242d676e7a75b932906dab6a5605167412957
SHA512

11121750e9ed98a9ac023aed9ab9f46cb30281c499ee46d69e2b1438dc08b87c98b9243ae0ff1574de34a300d8092572154d87d4c1914dd36c995368041c5a7a
SSDEEP

98304:Yl35G6666666666666666666666666666666x666666666666666fwwwwwwwwwwO:Yl354NFq/wJE8s3

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	dragon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	dragon.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	dragon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	dragon.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dragon.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577700265745230"	dragon.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	dragon.exe

Modifies system certificate store 2 TTPs 15 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	dragon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	dragon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	dragon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	dragon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	dragon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	dragon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	dragon.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2964	dragon.exe
2964	dragon.exe
2188	dragon.exe
2188	dragon.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe
Token: SeShutdownPrivilege	2964	dragon.exe
Token: SeCreatePagefilePrivilege	2964	dragon.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2964	dragon.exe
2964	dragon.exe
2964	dragon.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3440	2964	dragon.exe	80
PID 2964 wrote to memory of 3440	2964	dragon.exe	80
PID 2964 wrote to memory of 3440	2964	dragon.exe	80
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 2068	2964	dragon.exe	81
PID 2964 wrote to memory of 4676	2964	dragon.exe	82
PID 2964 wrote to memory of 4676	2964	dragon.exe	82
PID 2964 wrote to memory of 4676	2964	dragon.exe	82
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83
PID 2964 wrote to memory of 1996	2964	dragon.exe	83

C:\Users\Admin\AppData\Local\Temp\dragon.exe
"C:\Users\Admin\AppData\Local\Temp\dragon.exe"
1⤵
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  C:\Users\Admin\AppData\Local\Temp\dragon.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Temp\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Dragon --annotation=ver=104.0.5112.81 --initial-client-data=0x1dc,0x1d8,0x1b0,0x24c,0x1b4,0x74dc5d28,0x74dc5d38,0x74dc5d44
  2⤵
  PID:3440
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:2
  2⤵
  PID:2068
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2028 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4676
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2116 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1996
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:3940
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:1336
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3020 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:444
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3032 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1140
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3048 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:2768
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3060 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3168
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3084 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:2864
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3748 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4392
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3804 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3528
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3820 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1224
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4288 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4708
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4292 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3060
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4912 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3268
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3772 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:5028
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3744 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4124
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3884
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5208 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4652
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5904 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:2464
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6084 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:732
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6264 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:5024
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6520 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:4088
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6936 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4804
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7312 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6088 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:604
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7536 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1824
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6232 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:2348
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7720 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1040
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5892 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3828
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=8092 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3532
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3744 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:2172
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7684 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1456
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7808 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:4836
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6584 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:5480
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5324 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:5268
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3616 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:400
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=7480 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  - Modifies system certificate store
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7696 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:5684
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4572 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:7804
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4532 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:1
  2⤵
  PID:7940
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3652 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:7048
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2896 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:5832
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3500 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4364 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=8024 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:3924
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=512 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:7164
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=8016 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:7620
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1252 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:7176
- C:\Users\Admin\AppData\Local\Temp\dragon.exe
  "C:\Users\Admin\AppData\Local\Temp\dragon.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1080 --field-trial-handle=1844,i,17708830091229402096,515839622229089804,131072 --disable-features=EventPath /prefetch:8
  2⤵
  PID:5736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2964_1356044660\manifest.json

Filesize
196B

MD5
898f5b3c1b9e44506bd7a511321440d6

SHA1
0096290f45fe065bf6ee65e535cf5b2ce6949276

SHA256
9d00037ba16af20e96e2afc34f260f0e51183904c8adfbb0c2fa96ddc7a16f81

SHA512
0cf4ad588afc6df659809325f582f64aaaf1ee3661893dd76209ce3036ac553518ee007666faf7c08a0f2742f8eb528c8cc0c181d1f62e182bdd14e1553c3f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_1397530106\manifest.json

Filesize
76B

MD5
278a5496a66161d545bd355a4d1372ea

SHA1
9d8bc6bff7e83f6f656310037dd5391488bf7fea

SHA256
634b872820f580363861531ee1ef54658920d32174c148ed47ba5cda536f3852

SHA512
2ae9f9de1f35f66db369f5220c9f4deff80e4584b3aa4803a6f4ef66f31b2c8fca786669ff8ee33c89d32130ccc4aa51f0c37a4696bbca43b651ddea553af788

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_269373690\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_271599334\manifest.json

Filesize
85B

MD5
8e98ccdf624cf833fb4a4f350d56f2a8

SHA1
5c2cf2147f09bcc575879054752024f4637877a7

SHA256
4b5c69675e95e973feca0d3d0e08e0887f43886109b1d52770da2489c548f04c

SHA512
72df04d9e611277667eb376e42a089d95f83492d67a806c9ddc8262b46458f482ead25520fd7b7294774538d6f3088165a93da7944f922e592bac56d2ae47bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_286562694\manifest.json

Filesize
96B

MD5
30844450890033feb8081780a6b4f24a

SHA1
eee93e581418758a8b487befb62975aecdac28d3

SHA256
f1d384b36014b3d3012ec1a6f54a59c8c6183fb28d9b7625c0c89dd812fda576

SHA512
32c57589d6e2b29f38b01bac88dae7cf37e8be2e8e945692a818c93abd64949a60a0c1155e7052e7a6d753898990f07cccbf33e4d772ba08a223c7ce2493a477

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_563025253\manifest.json

Filesize
103B

MD5
ea76e6fe869a5c3d054957d234aea133

SHA1
b3c3214d26b1c2c2676d22a6f2245fafc525b90e

SHA256
027976309e905dcd7731d672423f7120938797ee92047da69686976f861c4d83

SHA512
8c863d20f19adf2d75bd3b06dfb422804d8cad83c1bc5c6ecaa7afcc58a43d32c56b16235ab7712b633cff91b6984ad03a7e6fcf9cc096fe83195642bc9137f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_594431154\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2964_594431154\manifest.json

Filesize
95B

MD5
ecd3388a8044a80c190390173243ff53

SHA1
149b62264681b6b5c99424d1096e6e87daab34f2

SHA256
3d9a43f8df6f222b3d2e221307a1d7615e766083e3c50770a59ecbded5a6a5e7

SHA512
3109a536930ca24a44f54d1f609064bac838fce62e40c94deb9f9b62ec2e43c5cf6d119cb29e0f75fe964b2ad1039477f3923eeaf154b6557ed83cd4010a7693

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\CertificateRevocation\8676\crl-set

Filesize
22KB

MD5
912cae60e2110d0102aff5d37de67260

SHA1
edc83f2258fed33c7462ba9d5c39c0a68e079bd1

SHA256
3b3366db919d36ef32ab1e4b09bcf4c537e41b4426f2cbe9c37d2d778b10dcf3

SHA512
1b5254307f66a4bf7d900a5bcfbcd6c36836996b2ff9e639d8bb1fd6f0283217d33224804a0491c4970c5c8041c2f530fc8c1ead218737c45ec2895793b5466e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\CommerceHeuristics\2023.3.30.1305\commerce_global_heuristics.json

Filesize
3KB

MD5
536209da6de083160d042e5b67b8fd4e

SHA1
5a7469ec8be89f291f8e778aa5151f9e7e825338

SHA256
1f1358bd32de4cc06a90c0781c62a2476d1c90dd4812187a2acc4794c881f133

SHA512
abe8004cb81bb2816f61372acea16290fcf01703ca2a8c3512447a996a2560fb01ab23713e39a53c926d6bef40382338e1b398c8d5e189e56ffb2c5cccb4c9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\CommerceHeuristics\2023.3.30.1305\commerce_hint_heuristics.json

Filesize
22KB

MD5
032bfe220ae2cf2d9a7fa6de45eac2dc

SHA1
9f0f5b637f9344e5624f64dd226fa7ab3054d043

SHA256
47b416f0208bc1293e9c529e15ff00d1bfe5b817867b1de2cbdfca4755db105b

SHA512
33e5d41861207b8e372e459c366c105758bb08ff0dab4607715462d7975f7fe066caf94c58e3551778712c586b8d13013c576bb3dd74689860476044e1417cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\CommerceHeuristics\2023.3.30.1305\commerce_product_id_heuristics.json

Filesize
2KB

MD5
24713efdf323c9d8e80df802373aed4f

SHA1
29aee155b1dbac2c43903b6fbca198d629608e97

SHA256
09bc2b1be8537d0f40428576a907c7d12d995a80db516ae9a7c6a19d95a7f3af

SHA512
c55a4bf833e816e2c641ad7e1ecd10e78a2bcfbbeff7246c31a80f12f0cb124cf10638b2381c70baabb9813e1678e9eb33c2f63092e674088c1e686bfc610fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\flash_download_helper\jquery.min.js

Filesize
92KB

MD5
b8d64d0bc142b3f670cc0611b0aebcae

SHA1
abcd2ba13348f178b17141b445bc99f1917d47af

SHA256
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

SHA512
a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\https_enforcement\background.js

Filesize
5KB

MD5
a3b6c13b3c584a5f1243fffe2388083f

SHA1
58524379514db16bf17885eb6afbb9392b4114e3

SHA256
7699d55a1624899fd0930ee8ef6330454a710acd395360929d4e4efe87eb5c0c

SHA512
1b95f02f86c3efb73e9f65d38be22d1f082e5f65934a71d00a75482456bb7631e7bec7739bda0dbd5bbc37d8a9fb89cb4ce38f8b8d4b29d58a83a2c6cc13c16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\https_enforcement\https_enforce.png

Filesize
409B

MD5
93c83ecb5fa2f048ae8f9a69119e1546

SHA1
41acd48717b7391fd6c8b4f28636ffcd10056665

SHA256
f1a7de62a3c2eb5a6cf8a1f73cc491ff38653665263c6eb8f63cd4eb0524df4b

SHA512
c53dbf5a30fec84fb5ebab2fd8c06452a0dc005b694e3cfb36f8ca492826292ade9a617c5acbc67142397387ecc4d0f2e59ab288da86cf1f8f989d85a6136ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\https_enforcement\manifest.json

Filesize
1KB

MD5
8694364b3b1db470f9993b07cffdbe78

SHA1
45b422ae5d5b67af6a530564e04faaff950f5ff7

SHA256
bcf65a1f9b9962ec7758af4aa066fffde2c6e16f4a80a118f8b072c9879a67da

SHA512
c02baeaaebe73ebbd96357c64236946b6b4238b914f284bb847614b88ef283c29e25c2231d0a8d3cdcf22e751857932beef0015608bf2717f3395f4237cc4dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\ip_dns_leakage_detector\icons\48x48x96.png

Filesize
2KB

MD5
55687f29b13922e083b0373d83ea6581

SHA1
39087b78b8f491941e9dc36d7b25e70c36d3b4d3

SHA256
8d6e8235e7fd64b98222d8ea710ed09b10c5028409394f51ab513602d369cb87

SHA512
1d87308c9c28aa797bf98694b2a7c5a63b89fc01efe014ebe04c67b616595bb0581f7539b52cd0b6a7c9b47c282a99b0a5f4abf400a2c7270c95e56ba09ae939

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\ip_dns_leakage_detector\images\logo.png

Filesize
20KB

MD5
52a952608e9045b35893d1d289d98f15

SHA1
19155187edfa223d4e96b2e58a0ee460c48b982b

SHA256
5594f587d7b7509a6615a7fe9f6e7412c7e42fb03bd2cf79c91517317ace4adb

SHA512
d5c727e6864268807373855ea1238974c9836697dab558807c4d2674f86e452dd3aed30b32f053e89c655f3fbc028d37970875e48df8eaf2587e39d8ce0210b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\ip_dns_leakage_detector\js\background.js

Filesize
178B

MD5
1603cde201aeff82703b64bd17dd9a8a

SHA1
f469ad7d30b48aa21ceb317c400b83c61e76b75c

SHA256
4f9f0b22535c41be32fcbdd87f59fa18444f1950a22539b046d089602614f2a4

SHA512
4c3346c606a7fe192351a978385b77ee1f99518697840c4b0264f56addeffc08dbab5ae7cf56f455ea18944ab6291354338c7c0674dc913772c4ad11b9ae20f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Components\ip_dns_leakage_detector\manifest.json

Filesize
1KB

MD5
4997b70a86534c73240db83bccb87028

SHA1
fdf42e4e99130f0dba244148eb0147163e2771b1

SHA256
ede7d00dd54bc6e4424c87f9c7a0e1cdbbec1f52aa623d578bf3072743060f00

SHA512
1e2f3ef61bb65f5acf6e964c0ee8f9a0ceda53f16b9ef1f863dc74cdd6bbaddee28fc12fbb4848c2b2645ddedd6686bc9886aab22d37de490c7ccaa619035f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\3f467383-1bc9-4b50-8b4c-6dfafbe5ef13.tmp

Filesize
192KB

MD5
a83980f98b338c272451fdf6fde9c0b3

SHA1
d0f22506039219fe413f3a58c5dfc45eb5eed226

SHA256
ea106f96380175219d062479699150b7bd0e75ff06488f018f74d7cebff2afbb

SHA512
7b87842a19debf4660bb5aa87763d62f99b12730446927779168d3a73a8305f2384007ba5de1b0f7189adc0ee3aca52409d9ffec73eee4c6812edad84861fbc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Code Cache\webui_js\index-dir\the-real-index

Filesize
1KB

MD5
f835571cb13302af31bb456e47694a11

SHA1
2bcaf46c3684716a2fe93d5b99bcfa910b4e2cc3

SHA256
dba0634a15dd16429a104b10984e4a7cd17c7b763b4b51e9a8dcbf86cff708f3

SHA512
4cfca11bb450814a536872ba56e24dac99afb6df429e5ed68589bc9b599dfa0fe7f6448c2e6b8d0d681349bf04ac07a1a33293130ffad8599f0f0135a2521870

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Code Cache\webui_js\index-dir\the-real-index~RFe57e290.TMP

Filesize
48B

MD5
d4808a1f804ae359450acee6a862006c

SHA1
be77be25be403359504c3942450d30ec18d5218b

SHA256
efc2093c5b9f4462513b04892f1a72f2297abe74d4858dccab6a37d1180f084b

SHA512
da4c07826c390871b2838f2efe5f64874232ff8858c471f5644140e5df79a9a8d9085c23c6fa60bd90a1a7cc65eea5cd87e57c9f331c0619a940e5383f0fad3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\ar\messages.json

Filesize
5KB

MD5
ddfdae3f121f11b935eb30a6c2e79271

SHA1
b15e5322e15fcf9572af65a01aa534ad773e7593

SHA256
eaeb6351972c239b6bf125178d7f29b5360eae04a42936dcab8863e97d3ce3c1

SHA512
d2700f91b692d9654d3112930c98723d6afaa10df7aa25ef0d263a7c6ddbda25ef43b64593987b2829a495c7a651d1380db2a6b09923af7218e0b9aaca46a898

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\bg\messages.json

Filesize
5KB

MD5
70b6f8997dd3690b81eee1c539e77243

SHA1
610a6a71c8d2eaa2c406f5edb37dbc61a2b03918

SHA256
b8dd90f457fcc97f2f7a23dac9aa6056c40c801bce4b367c86e8ef04d2b860ee

SHA512
a6aaddf1ce2729a79567cae76f804cf1b5995eafca06af165344398a7e464fb25ac1fbea5be21ba7e0150b4f294661ca586730f81cfd7b10efd7187f099f945a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\da\messages.json

Filesize
4KB

MD5
0ef8d7ed6f0beb027dfd61c3176c6010

SHA1
574befaa2fee7d340f58f199d750781667a1cdd2

SHA256
8994f81b680543b3803c977a0b5ad270c891b57694ef8309b6da75ef6c549145

SHA512
d0b8d09247cb26fd64e7ee1a9946d7b7ae83bd9453896253f1380146b52ba21e3567bc2c7a814e4bd656dcc010d9a280242062c42516df993579dd01267ca2da

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\es\messages.json

Filesize
4KB

MD5
dc708c2f1a7e4915a8898321cbe5a9d5

SHA1
1352eed80e03d3bb315badd0e40fd14aa22403d8

SHA256
ef44a32101cad5d44372edb264f79f2f5f57eea851fc0e0e18c97ee2a8855ed1

SHA512
deeae6a429706a0a6fb3d35d734b45463eac1265cfa7e087e48fc07ffbab298624425d2a6c4ee63527113475aab44ecacd31092104467f5799780db708eb5e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\fr\messages.json

Filesize
4KB

MD5
79240400291c40b7374258cf6ee464eb

SHA1
1b7123930a390059a26af23832f6e7d649c3614c

SHA256
4d946e5efd73757d73962b32db10f534663e97cb7c7528d51ddca0bab61e8927

SHA512
2f31341f01fd52dc9a9158b25dbc87adacd4bf47acba45d39abd097c8e0f75582a8e92424cebf7d70f0a3c9b391a6bbfa0bc112a9c16aa29daabedbefefa74c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\hu\messages.json

Filesize
5KB

MD5
b0e3c8ffc2936527117fb2d9d9a906bd

SHA1
b2c5379540ffb9f28ec212d72ba96bca2af9d5b3

SHA256
761170d103eb0437f9128d88d40760e081f34c64fc1e0256eaa6ceb0c74017fe

SHA512
a3ee87f60d0a973602b045de157ef3d60ec15ca8ed7eeec8170e12846ef42de60b31f2b7f5db6f6e613caec924062b84aa7b976f2d3cb537c096b70c8973bc47

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\it\messages.json

Filesize
4KB

MD5
61edcd694f6cb8b064e1be02a400f791

SHA1
aa4cb37648b664d11dc9eab0022af3a6bc3d1cdb

SHA256
790967a06987962e76020a4bd0513732067e0527336e3f4ad74bc5f07f0f870d

SHA512
d8c7023c3dfdfb918672a925eebbb68fc036c005334f38c4c07d7a1d5912705eb8cfce5823649c8301a55ff5a6cc31ca2cd6977f936df8ce8eb17e2bbef50d85

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\ja\messages.json

Filesize
5KB

MD5
a04549e5aede63e617bcfdc856f64d1d

SHA1
55f36ec0dae0e23ee7060f60567a7afaacb12cf2

SHA256
c295d04ae021e80bd3121d720a8184552e80a245ad19a3cdb405a87d1aad7b42

SHA512
c3ee25bc7cf4c9f9b89d534adae2fb59f94f7bb379f1ff5144c15005850500d1f664c6bc8147fb7ed3982b4821b9d64452768bb02090e388a2fb0aee4f6d40a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\nl\messages.json

Filesize
4KB

MD5
521e8f709a4a255634589c109a0107b1

SHA1
65df91c2c4c0a4aa06d68ef40713e2211fa329d5

SHA256
4dd873890a949f5d12351c49b340539aa282d9ea34a4b9bf4cdf9a2cb5fb4f4f

SHA512
ca6e19c58573bdfdad3405043ca03d6a372e961b655ec9c95c201886ffd634b10a51e1e6c7d1ef65f7b87c5f271a759d8242c1cceb038ef0972726eba4a48d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\pl\messages.json

Filesize
4KB

MD5
0cde72b0341838dcc924e418584b340b

SHA1
d85d939566ac9ee397d48d62a9e18a21af2f7de4

SHA256
85ac9364b0fa9cf3802489815a54d8d45eff81733639923ff919d7181e00b336

SHA512
d68d093b7241451c3d64e72b1fecbf0fcb1a470588e1e160efc176073fbcff5f4c063e5fa11ca2013a14f7a20730c8a20657f72a77e52b8188d136be892b46ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\pt\messages.json

Filesize
4KB

MD5
effe7fdb40295b869475cad8c3f723ba

SHA1
aaa109c33e857d5173103e77491e0dfb9f504f64

SHA256
546a6aae3ed4670dac1b6c2d9c3396407485ec61de112e5326955e23eead2809

SHA512
12d05dd235fcfc15924af8109681aaeb6e48d6121e7514cc74e175eb184a053616bee1fee7e78fd1928aacf9987976af74f96a50b8839be0a2391ecf869314d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\ro\messages.json

Filesize
4KB

MD5
b2cc75afb349311b21a1e87e64805eac

SHA1
5c5c96047938a7cd1395444a5b9ef051bb43eb4a

SHA256
8b9d3e885f8b697c5eb1f50e06a3ee3cf2c0533bfb12a44b00bc47d64e913e04

SHA512
f419ba7c1b2ededec0a036e2e9d898d13fcca40fa9c126d8c5d6d8d935d53fc8980d1929997e8be102596a61f9f4508c498e07595d48e898a924b6641a67b33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\ru\messages.json

Filesize
5KB

MD5
fe3091bf6afd1d841e0c509caabce663

SHA1
44313611c9eafa8347ca87e680d95d26ceed8549

SHA256
432e1cb58c765d96b998432c940dd22cc3a41f01553efde61de7227649a362cf

SHA512
d4ca5ae419bbeb7a43e69cf2e021027761f2cb536197e0f20b78a079f67b36c98e142e214802206f543799c80f96c30736ff2e0b2f3456fbcf2af7ad59b59088

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\tr\messages.json

Filesize
4KB

MD5
2358225771a0f65235f4d49407719383

SHA1
761bf27243190dc064b4f36db530ed7258de08eb

SHA256
c385c7b234a3c3c920a11425f3f9162d102b9c436ec4ba8ca89dd1544c23a5d8

SHA512
957884a1ee041234aaab45bb85907f33fdfc02ef3bd49d7e70ceedc54ea2390e7271283698014acc95e6d286a6d31a218aac3dcfb1633bb8922e6facb0252b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\uk\messages.json

Filesize
5KB

MD5
c70bad2897990d38bc913a71856adf75

SHA1
036a6e851f99fb32f2cb6830785ccbfe263eb313

SHA256
40813c7dd9792ca5280b58eb5d9d749c87c7e76a36ab3cff34fb385cde78fccc

SHA512
964c26146fba01f4061d24aee76768a2393483e041c5ec933e239501e9210a8d305f844a6c97e5d32c2d29d9b67a3d057c7ca43770dd8868f96ef7e26823cabd

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\vi\messages.json

Filesize
5KB

MD5
89aa21becb98e437890b28e0d1295c70

SHA1
aa6653af12d46ba61c1a617d602878913f4501c2

SHA256
550253ff1bfd5cfd582a035c97d8313855f79f9bddaa0f15164a73a22581948f

SHA512
9a7899e888fcf324f1970611a4b513570d0b1050ecab9848003ac56ec69c4e3cdb16ec25224697f7cdd385c3ef7c7ad4e3770f36e31400c94926c1fd4b99c068

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
4KB

MD5
c05ec3e621d805bc4870c96712a2bffe

SHA1
300f00c7be0d2957d4b8c57e6aef03dca38766af

SHA256
5e0506372c82edf22b6f06d1ee0d2c9b4fe572fe3fe880226760470055d19847

SHA512
23e69107c27afc88902440dafe2c54e83818d0c555dc82ab0acb518ed682abffab1f349b0b61f71ecbd38a7ee7ee1ddc8ef3da2546ea60103a2cf8478462ba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
4KB

MD5
d4a365626eaccc1f67c7b415fedb4558

SHA1
37004f6d205cd2a9a01126ca2669691eb444b096

SHA256
c7d7c689d8868509fb5df6261a581766e97eb592819b220187109cc99d2d9154

SHA512
c14f8b7960da8ac089a067ee9600f3eb6a605204e5b66675d1406644693ac8d0aaf5f0f63f0b1efdd26abc3ac6c32d5b8227683f9648e9a1cf81432fdc8fbe34

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\_metadata\verified_contents.json

Filesize
10KB

MD5
9dd4f4d1cdad2be31f25a0c2c1026149

SHA1
de9b9afed021d135d3e8a7dd4288f066cb5e8d2b

SHA256
51f1726903622978d880ecf49025be15fe81c69e25cc23d96f86179e94b6e14f

SHA512
488a606f2fe25f87df692fc91f957056d50f4a25aa625d5df59ba4a8d6658ecf37b7175dec5ad697fee47174e53cb63f68129e3b273200f689bd9874da5b1963

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\antiphishing-content.js

Filesize
10KB

MD5
a2c22a8ecb1b64f8a2dcdc425ec32845

SHA1
a502f8ce077fd96c56abe3ec7349b44cd83b1f7e

SHA256
84ad794d2359fbf5bd6d8b9376192bbec1988637bc0830a0a8fbdee9c0cc1a62

SHA512
3ff33aadbc9836c35f76edfee1bef9f4c026d22c178ad26414e75a25aef308d28280a6378bd59d71f7f86ffafd17452c72d7f76e3ad46660d1de483471c25c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\antiphishing.js

Filesize
1KB

MD5
263bf8d5b84bffeac158a4b15dce9ccf

SHA1
3fc0a17f224ffd65e6e9ecc11761fb901abf67fa

SHA256
ed353883c08330e0911e3ae692ffeec9acd2cb096a6edb0d1cca5eb2c41ccb26

SHA512
fed5f40e0985de95b5764829dce166138ab7f5a64abdbeb013ba5af37834517320390f44218388da07a73f6f24c3e2ad5e3f9143901342d24876d39f431f9cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\assets\gray.png

Filesize
17KB

MD5
a4e4e3a62ac773e91ed62267835d6c92

SHA1
85757c62caf16cd88ae045f47e6f20878cd5bf48

SHA256
c143df32e02bf0d963e0ea1162a407af5609005074831318c3d3e78d60afa488

SHA512
45eef8e2199cd1eaff975f03b43c59eb6de10a314bc423a97465dcfc17d144bc76c4628cb8d97c740e6fb71c21697e0d2e646ffc03b9ac100e501a6083a34923

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\assets\icon128.png

Filesize
3KB

MD5
f77e3956a71daf5930610801c7aa10ac

SHA1
1c1c5e56459b257193cd79d8d972bddc3bdced15

SHA256
9b7b47c9fbd908702637d8f7f2df6fbaa0772c16b5047abb534fab954bdaa909

SHA512
868b27f17ca1efaa097b922e357aa6fe8283f0ee9b12975a7a19f16f5317b524562771d51f3ac3e286f2a5c013fab892bc39359c46ab732f2991b05737a677bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\assets\icon16.png

Filesize
622B

MD5
38260e47a821be9db95b44bf25da48a4

SHA1
7aedefb136d3b95d56581883e853de82151ccc6e

SHA256
336f2a52f18e5a225da63c4ba4447a827959761e297651f8e9bcdeee5480905b

SHA512
d4117a1bd03f9b6735a0bcc5eb950094fcc086ccfc076ea20519e72d895430906739bc44db9cca5a8d39d190e24d7155ec90bf43eda4f052761feb54e3811f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\assets\icon48.png

Filesize
1KB

MD5
b28ed42b475db58c3012fdc07041f714

SHA1
8e57227fb9726f00a77c252dd0d4a0a10a1482c3

SHA256
00cd2250bc000ff9975e93c2459d7cb5b9e25bccf84a2de90da9158428266030

SHA512
1f3da7159503fe2479cb2188a0250ce5debb00b950b6e2517bf68a143fdf44d1e080fe9f24acb4739a5d23eb89639fe3428cbfbc349714f5721f160741ec8cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\assets\yellow.png

Filesize
17KB

MD5
444e8a18eed938604e7d3a25f9fad5db

SHA1
d8dd9bd6294adec4a7468e2b16fc8ff1cb412a49

SHA256
f531a2c5bbf60202f363a7f12e5afb2580e26eff53b1d00d138f166bd9e447e0

SHA512
c2e232ffb415475cdb60f92102a8a5fcc333c3e493f6cf07f7b01cb1ae3e4942e0faf06a081cf4dd15e7808170996660a693eeced5ed2a5756841b61ee41f786

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\backend_notification.js

Filesize
3KB

MD5
8717a405e02dc04c8b83d0d7af3ba46c

SHA1
fe1056e04cca2d49470e9162ee2a94a7d1411cdd

SHA256
c385c7e9c658238420e7d6610f55a41cafd5bad613f7f74cc7f8440d7c388c36

SHA512
b5d5cefb7337240b06530016b766c3ec0685648d15f6c4de701a90fcfc6c9d5842a256363835effe459e66a60ba4ec4f4bef519ee814dee30edeea8188db9504

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\background.js

Filesize
30KB

MD5
4594f7cf5705aa9ae8ee491291ac6f04

SHA1
d82dc4502714fa6abc1a37194e79cddc914edd69

SHA256
c402920d5070186b1b55b9552df5d1e8f8e6dda177f315b802a592ef17415993

SHA512
68b0402054d82f60dbdbd06c87ccc53f2c42aa07ef073e2d24b283a13d75370d5c220ec393160ab6a011d88b21ed56a50789fa0d33b6bc23952b88f48632b08e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\bloomfilter.js

Filesize
9KB

MD5
5337b67ce61e6d5af47ccf4f65d9fbec

SHA1
8a7fe0fb7477a5fd6b3ad62c157e4e35bd14ef58

SHA256
284fd2ca76e25dbf1a45815af1d90a3c912b5693e7bf0af7306749fb111fa8a9

SHA512
cd059cdf3edefbe565f887311fcfcd81bc49181977a3f6b2678d46959a09070c41908b9f6d7733ff7ae88dbae3456b674041f1724f8c6c7ebb8f4895791d168d

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\categories.js

Filesize
1KB

MD5
875de30a84a0d5b45c497dbbb573912b

SHA1
3e55cc2fb0be692a1451d1c2a7da0b25c5740973

SHA256
5689479e2e8aa6d99bf5cd7a45b96ab3398ea25edd723212eec24c1e42853c3e

SHA512
507e0c37f809195d63bba4426ad6ca5ec7cfa6d88467208307f0575932a8dd1461c44b0b82087204d29e099191d8d57566061ec6dfdce59685a8bba9cc7288b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\config.js

Filesize
1KB

MD5
b6a161398667b3cb68c72aa025d945d9

SHA1
a889db2f9504db6a14fe52ef050778b06561625c

SHA256
83b39955f6c7235a88b533bf2e19d239368c2448728d0335e8307eded5c6e082

SHA512
fd69263c26ae06fed362b6cf3150bf4695afa60721c4354e2ff320488ca9d16f6e3521cf3354921d4b4dc93987690c881d66d66df5310eef4941dae92af52dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\Ellipse 3.png

Filesize
316B

MD5
7b4f20a6f740778b0737578c5edd9d0b

SHA1
0b52f9e056dfe9b373142dbc9efda0aa48a395e8

SHA256
adc85dea506f8b0e59e0f5cec3bcc8eae1cbce2a12d0fff1d0d7f4f464ba607a

SHA512
e823010cccff1b55f1373ee63de4771a532dd487eb56b870f662113b804c833e425cedfed29ac5e8deaa7882816d093f15dc7abad7d055aafd42aa2f49c4e23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\OFF.png

Filesize
685B

MD5
83adafe160cf1aa265c171fc19eb0aba

SHA1
3b71ea365993c2a0175d58bcaf3984f76ebdcc33

SHA256
973a99a3d0d7392b43a61d0244868078de618e35bd2216ba84cdd9dc7632f9f0

SHA512
efa36c7a1e61b8530123d9391a836d3751bbb280373ddf506bd2e23f0000dc61cda4e46101a36cfcf411b8f696ee6e9b03388d67f4872fb5a5cbd2c327d8c470

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\ON.png

Filesize
741B

MD5
abda1ec3f8fd4851e401ecaf685a2b2f

SHA1
7a6c83e90c56a041387d3521b68290784e441c57

SHA256
7aa5f51bb88c8a946d1918ef668a3603af723065cf071444d4df5990b4f30a35

SHA512
7128f3fbac8eb125dc4ec07f83314272ddde6234eb7741bc66fa99b41d0cefd7dc8f8e686f898b5a9025b6360ca1e5ce622537c5a2f52b0d3688328f7db3ad57

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\PP.png

Filesize
15KB

MD5
dda719639cc488b2ffbd2bb3de200291

SHA1
beab40c6deadc21ec727cbfd95726b17e75428a0

SHA256
5b5895968ec1443df6289762d6d726fa41acc28b5e062dba586ee5b68a79426b

SHA512
b53d26fcca518c8f0131b4f758d9974a6731fed899083156547889f333398f9e55287783c0269bc805189090f5ff95b07b85ef78a77697679d9146a200faf297

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\RN.png

Filesize
15KB

MD5
bd6763eade53cbfc0ebad349970bd836

SHA1
125b1fc6283ba3d8b32105628734fa17a7305f80

SHA256
f854d162a89fdd4ddf0b9d3c7100b5b6297440ebb6946d2ddcad38842c7d2427

SHA512
39dd960126912904904c42586b166f458d09bdd12b7ad04580b79311f2602205e86c519a3102b64aae687b175d6c27ee6e0e58263b2d646c0ea7be3fcd4f3dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\about.png

Filesize
562B

MD5
cdaf7f701fb87342ee59b8801dad0aa0

SHA1
728cfc9bc99c582c10a0cf64fd5923217acbc998

SHA256
2af39b8d5d517933c961a91f33fe86cfc8784e2ef611d8a339ef3625e8a6432b

SHA512
50bb407d00ad3b3d05acb2b01585727b8f0c87d4e311b8262650cb747b003cab6e790300779f0c1e8b58275435c07ebf36eb81cd0554810a3fd4ff818a5218d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\about_active.png

Filesize
788B

MD5
8329dfeb61ff826c3da1f65fb9a58348

SHA1
45aeb9bb98b048c4c229d80bfe47d2208ba4c70b

SHA256
89e1e8a1feb8e82a714117f319d2203ecfbada23fc6ec58cac0ff0c34cf0430c

SHA512
c4f5cd77978aa40757280b4a4030185f3dbf767bbf7e760276270fcd2b6b906e16fd63941eb2fb3d0245aefa3fc6f13b1977780c4339e50ed1807b76579900ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\background.png

Filesize
2KB

MD5
30537e94d07c3c48a03919881ab38917

SHA1
1019f47b7f4e63d63fc62498d5415d8f3d31ea0c

SHA256
8ff2ec18d2887bef9b813a572ccc73b840b8c929a0a4b35c93cda8cce0d3ec6c

SHA512
0c134e053af2b6fba1a21aca0b03b69e79a55a10185430f9cb1a00a82939c140c9bc51bfcb199ac24896f790c6c9509f55d4ad72c6d16975c886b485cc85761c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\clear.png

Filesize
421B

MD5
f4591b8414689d209a1939b077f39914

SHA1
810a739ae93cd6df9ee3c2d8027ab5a98d714c8f

SHA256
0194980f28b4b0d6b75803eb86ab61c6331a1a586b861c91a5e93d584f02a4d1

SHA512
789940e680474b818ade2f1fb4c09ded41b0eadd22a0c1dd53edcf4e168d091e07836303e27095c0d3248d9d6e98094e7c48ed242e4620b82f4193c4031e1c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\cms_icon.png

Filesize
1KB

MD5
0870e9481108613d120cb8ce776483c3

SHA1
b42a08c2f0c3d2bcaacd21e36b71becea05d9d4b

SHA256
b4238cc9b8e0b41a42e2fc39962ce57d396e34b8cb514e4c2a1e3cfb978f45f7

SHA512
8e35a9d1c1ff090578d7928d4d6dee73b83700db9af5943cbd68c52e768ee3d2e2f39d6fc65ef299a062384c8b792fc5cfa028161eefb1bc2e65a02adbfdb01a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\empty.png

Filesize
1KB

MD5
0a5bb793121efe62aa38a56d8a7e3275

SHA1
f27686d256c47aeee32b49fb00e6d8774ef5409a

SHA256
e7866675dc5e40c4715fd8b03e2e5582bc86a6349dd999bcdfef195decf2dbdb

SHA512
c3bfdbce5fa40b6aca253031a5f42bd43476c070ee6668d88cf06beefb7ad78f98b50b13fc06623af2f51a056c1c952b9a416cd826489e3d50862d3fa012604b

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\exclusion.png

Filesize
536B

MD5
69d98417d393332ef23ce003e58f21fd

SHA1
dc5f59e2bc1832c6ac7ed4cc0e062a4064847e8f

SHA256
832ea3ca796f34dfabaeae581a01dcbe28bbf048a8690c8df398cb3347d20430

SHA512
61317c9b4f2cbb6731d7835e43a421b623d02a6e9726d722ba05fe998ed26bdbfdc459b61a5cb556464a1061bdd3d5148a25dea4cae04a289ab6ef1107e93fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\history.png

Filesize
733B

MD5
21c48f0e7e847f60a08236e15260ab65

SHA1
be80af0394e09be4085c2e7a7a333f512ad76421

SHA256
2c6360c537d474291f95302a86e7e1647d782e8801948fba10c908347a0bc3e8

SHA512
17056cd6b5e0e2e911e89c7bbfcf46ceb42163f87dfef28f9143d91988e025be5a85376a10eb9799c0b9a7bfe435ed57262cdd51725fded41089b07659b80c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\icon.png

Filesize
866B

MD5
e88fa0eb894ab4880559acb75083e558

SHA1
c6ccbe1a4c420ec4f8254b8ccee45b83cae21218

SHA256
4e727cb2a28c9dec9e2740d822fa1f647b7def88fd646b8ba11ccd3b40e75a71

SHA512
22c6769e846d00c6a800b040759884f0e47e1c4108b39572c6f4cacf1fad14b036f7456fd973cc03299e110dce44499e08c85fd0348a134cf25fa64a6d5ba04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\logo.png

Filesize
2KB

MD5
5a53d007b3484d74b6c6a247dedb4509

SHA1
1565c174d65d4eb3b41db81ae346ca50a42b9de6

SHA256
c7566f4a1a8cf596dc4293db2420da7658fc091f5ae27e64809f18864ad367d8

SHA512
acc12b784a6cea1162ab6148b80460747468ef18782901d43d578f8915e7194d8067b7d0f3aa909f9b9a36a22e90abf9478524bc7a14b508a197ca056058c6f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\noticifications.png

Filesize
506B

MD5
a0b95a69918570c163944bf2bbbde0ca

SHA1
e8eb35ede54fb9fdea5a95b5d86a6e10f3a47679

SHA256
c12b58e79c00735817b74079418ab2dbfae8c9d11c493af16f912b3b62320839

SHA512
9f754b61092eb2d2ad1836d16167640fee551919b635644917719ae86cf4346e1619f2e6facd8600ab1cb8be8583f503ada1e8b123f3d47ede73165c6227554f

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\rate.png

Filesize
497B

MD5
6e27b488611b745cc70d9fa267aa8e28

SHA1
d7491be8d817f9782e2ac52b90443fd80214315b

SHA256
f8b3242852c0bdb38437f6532ded6667c730bc85e3a632266df948eba72a94e8

SHA512
03bca236e3e00d25c310803727a24e73fea6a0533f1aaeb9242c46704235a6371d94b9023156a0eb4c71d7851cf6ecc64f60edfafa8aa1a22c347819080a5e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\report.png

Filesize
366B

MD5
a438e8dc6b821c6fc3a6894e76e70036

SHA1
382184084f3c88849bd1ab7594f9fc2b2adedc54

SHA256
f3e2ae7307a86a0aba575b3eb8ca0db8069b7801030c93a1ef0c3de3eb1658df

SHA512
6b1bff1177ef569de17ad15f587cc7340bfec541f700d2dd71ff17d5ec55e25acb2baf98341c9a1471dc85aa579dd3425a2d85763335b6f9eb2b6e3ecf047014

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\right-arrow.png

Filesize
195B

MD5
e37b3c568896340961fec1a737a8f07e

SHA1
f17c33eea7cbbaaa47a6ac35e42cc2b7930f2a13

SHA256
ccbc7f960d5908fdee0862195e16ef026511a525733416da19e626f4e164e8e1

SHA512
2ab344a84564daedb19cf255005b6a21661efa8132e7ee8ddb4a3efec2f5110b83a0cb7858cc6724df39dd7197161ff10d55adc0620fd9414fdc8a0adba0ba8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\ring.png

Filesize
478B

MD5
faa75747efa29871d8dd160a51ae5594

SHA1
ef1e20353c3efbd274af414a5528d11993e93f0c

SHA256
b1d10c59f1f383daceb399206f2df982bd663465d9fc6be3b087b02e4adec24e

SHA512
1f88f580450da522b5a9e011d9cc8207ea8c5fb75822eff6a83c63163b9590a0bc9a17101faf74b088eee87984c7a6041166102cddbd7673b8d28df57e9a2b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\ring_active.png

Filesize
681B

MD5
feb3601efa03f5f7d85fc3e5e87eaf1a

SHA1
05063a46b6ce953c1892b022c861ba28f76a007a

SHA256
9995443b8b410b221673fa85919e86b586bb22bddc6e4b6750a4c9dc5afe7336

SHA512
622b08a7614a0636f516ed9807cd6163c14f47df56911a9e11c6ac914863824fa9e52328d8238da0bb5b80f35c720df873ba57468d1b7c8f318693a876b3d1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\settings.png

Filesize
452B

MD5
8dc8ed0038b075f8085fb9d6ebe8f9cb

SHA1
bc6c67300d73a270a246e099c5eaabcda88077de

SHA256
97be3fee9706fee084ef2e4dfac381408e56414aea829db13083a3f835295a6a

SHA512
341d2647c0787d2bb5d72a11f04c5ed3b5945ec1c62bc7ba9e1b39e86793fc1e8a0b696fa242ed964e993ad904dbc29fbd2b12afe922b3e882cb093a0bd2470d

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\imgs\settings_active.png

Filesize
625B

MD5
44064d0e1a997c668696d9eb4c442686

SHA1
4cc1b1a556b1d13d2e552261ee0e1f6c14f123da

SHA256
448ba0ad3a472c54ad2cee3eaf1079969d26fa73c84082e3b6cf8d018f3d053a

SHA512
475a2b837ce475f8a7d57c835803955210ba298fe302c181ff351f1e47d713e540bb0139ac116893098e5ccbba3d1d596933eb6c41fe344115e417ec8d1195ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\libs\jquery-3.2.1.min.js

Filesize
84KB

MD5
c9f5aeeca3ad37bf2aa006139b935f0a

SHA1
1055018c28ab41087ef9ccefe411606893dabea2

SHA256
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

SHA512
dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\libs\jszip.js

Filesize
366KB

MD5
245f1248b467170305daea093f396c31

SHA1
d71af9f414a3b63fabce0986d9b32342a4c9147b

SHA256
f900abd90b351ec026fa99b59f926e8a54205ac34f4b56313143d5a9808bdc93

SHA512
4c016477fbd6936e36df42437bb6061f676529823451a8b1a506d2a3bab9a0398d9ce63122aae72103a9019438c007b2c61ea23b93ff22d13ffb9a2d9e125e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\libs\murmurHash3.js

Filesize
13KB

MD5
6878b94098dcdca19d979b459078f1d1

SHA1
3c0c415aba0db6f381b52ed01eed5931d636c4d2

SHA256
6fbbe89823b38dc1b75e3f16002247937145091a7ce81c8e337fcc98bf2edb13

SHA512
7b2fb9cf62029aedb54e61409293c3618d1f0f85af55a93d7d696f3c51ebcd19744eb45112004f270198a4ac2e2297a456878b1b82684d723eed41f7a4b1a43b

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
e514260870d75fe368d08867a62901a5

SHA1
74dc39ea14517c2d6ae015f94153b4dd7d456d80

SHA256
4b238613ca645be94b104c647dbbd6e83808ecae3f8ec3e7a2c124e58c0e22e8

SHA512
7745c4bc9de083672dfe9f3f85861b161f41285ddc853fd8784215811ace011e5a1f23cbd33cce2eaeac30c700a66730a9857416f71271c400cba231d26a778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\css\bootstrap.min.css

Filesize
114KB

MD5
eedf9ee80c2faa4e1b9ab9017cdfcb88

SHA1
ed29315e0ffb3f14382431f2724235bf67f44eb3

SHA256
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

SHA512
ff9296270da6bcc3b664ce5f9dd5715109a954fa9ac59c9845332b5edae9aecc90db3334a3434c8d4d3623c6495de04fb6b9ab3cee0803208246cc9d1b4049a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\css\font.css

Filesize
11KB

MD5
db6b3671dfdb099d860b24e3525393ad

SHA1
8eddbb3d9ecda28c89e3271e4657236e42dc999e

SHA256
b0317f00ee315ea08229e49e104889f44da5910ee5041cf6373ae3943061db73

SHA512
157ff84d60a4d0b0b99587c1e6929fe3e585ccc0310d80db8685ffecf5a5f04a5e3a7dbc1f8c5e56017eb07946efb88ac302f201203b684175b6b3ca90182026

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\css\style.css

Filesize
4KB

MD5
77071d68fdfc21d659900326fd6377bd

SHA1
e083e98bf660a4568b3f08d53bd8699f83725cac

SHA256
9c193d5d8d60fec1026b12062da4af87614a0a7bc5463cb525be6e9dc90acce4

SHA512
81070255874716cf9ed89cbd66642fb81ecaeb92ccc5c8af579acce9ba8f0e685551786cbf25fdfb4ba623382722e3a9569dd42f1f2e13e3aaeb353d550c9d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\css\tab-css.css

Filesize
1KB

MD5
e22d4c434fa980436e83729aa6298d75

SHA1
4967659ba684bf1cae1c9546a223d73301fb422f

SHA256
db4b3632462d4a8110c8da47d1c11b8283b028c47a5663bb4aaf6e97ff622785

SHA512
f65fbb5f95e0e3f72cce1aef2912da5c8f9e32df5fa07c68d97570e962aeaa6c2e4a28d6992a2cd1535a37aefd49f30e979dfefedd510104e6240ba3074b87d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\images\comodo-c.png

Filesize
1KB

MD5
d086a050711148b86ee1ea0480dcec9c

SHA1
06a09487478ba4649916e929120e426f789776b7

SHA256
d53692b7697620564b1f054f410b747b859a686a899ab6539f797a552169cf46

SHA512
12346f9b688eb91f470642a708cfedbb731a79c381ffca0533d210caccc680bc8ff6b34686d98712a72b76bba22fcdc51fde0bfd075a72a6671e441500a37b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\images\input-bg.png

Filesize
1KB

MD5
81f4dfba9399a43b9e0233398fb17a1c

SHA1
dcf5de5109fb6cba6913eb6805717a151e1039f4

SHA256
1b36f46f2c3a1d2474ca02e503e3fe41fe9af7e38aef579045008b719400944c

SHA512
731211bb423665bf020b912aa4b604a9bac11cf42a373fdbd20734b7e34ca0170fbf0f0d57f13b7895f90b70501a706ba9e7ac5c5cca23548074b5ce58c3b2f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\js\bootstrap.min.js

Filesize
35KB

MD5
8c237312864d2e4c4f03544cd4f9b195

SHA1
253711c6d825de55a8360552573be950da180614

SHA256
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

SHA512
e18a5959736a9ceef67b40daf7964c519c678d680bbda8d2c7679281f5d349a286c99b96ca24e7a8e64ce987d372d74ae12da7255c606ccfe27ac13a35b5a3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\js\tab.js

Filesize
13KB

MD5
4a8e3d473d588e814cc8b78cfd2469c3

SHA1
f8336c48a2a1b316fcbf4bff3034ed62a29d4e0c

SHA256
ba96531e06e383f27cd7e16621b080b1960a4c283d6198a4b337b91826d05de9

SHA512
6cb4653a757d815d4e11a505a911ea500e89aadb19b9118fd838a4eb5ba0c2298550ff51ad4c5b552d3c354589c1ba05262d5e17c59bd8164e7137250141b365

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\options\options.html

Filesize
4KB

MD5
7c4d557c77c356605a2ca933bafbbf2d

SHA1
3a657aed4b40b58d98680421b960859a3aae095c

SHA256
97e1aea7eb5c92ce825297c2d9ecabd7b5d26a19862d6a2a91332878601d80af

SHA512
f81b6a8bf648b70289f7a883c70c414cd15fe4d1cf7bb83d87300eb26bc6fe33b41d1f2ff9ad1c4b84f496ca1ea0525aa113b6ffe95753e303a547b119f0e934

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\popup\popup.css

Filesize
4KB

MD5
7040cb8010803f5e324e6af2aac0d74b

SHA1
acfe9425460a1db017eb52c7ff0a7afabfa093eb

SHA256
abd6f3859747973c4bd5bb49a48fcf3cc4ff12696a9e63b834987c5ea6151a26

SHA512
5f5813f4029afb118520a0682996f1280dd9ca2e558c850720832a1159ec6264c2a8aae6def60578addfb783a6839f428c8f47a37550dacd3034f4cc729dba15

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\popup\popup.html

Filesize
2KB

MD5
f2f4d8dd4e307165a7708dd99dfc7b6e

SHA1
9079ebe1787d80b3f6ff6128997cb935bd3b2a97

SHA256
d4fc485a0f657f12cfd10b3373620e8f0a6a47a0cfedbe2d6a3163b96a7554ed

SHA512
17bde25cc1c3cfff68afe0ce5360b1b103db0c47c01f0d752753c16869da7dcdfa343a45d31b3ddf97c4b3e1bbea85681b7fa62811f4c4a9f63eebc13242fb30

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\popup\popup.js

Filesize
8KB

MD5
6fdb8cc4eae07dccef624a820d01354b

SHA1
a7707ab814698baca6ef85b62d41f847d2b6a00c

SHA256
2e39fb9a6d47de917043eaff27354e90af8a254e523fa8d57bfedf552c6c7809

SHA512
e461c80501ffecbd5363d84bc04a261489d8cfdbe3793507f7564b61f1f5b6ad621ba066f36658cceb2e7adb790efcd8468e4edaf16ae67071ee9546c1ea4e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\speedDials.js

Filesize
6KB

MD5
6856802dadc73ec7e581a907477f24c4

SHA1
98b0573987c971aa024ea94432d769b5b7515e72

SHA256
3ea3f6f6264f603ce6cddfdde3780f2ad03efa7cb02eae7cdd1836be78524e07

SHA512
06589ad9dd0881e16755faf1d522208a9feee13ea9bfb5ecfb882fbe5f7fe22db38296fe83a4e531d6ab99c8da27b492bcfe01db58bd3816bc89bae0c9e0fa3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\url_loookup.js

Filesize
5KB

MD5
69e58e78d2e7b35d5d4bbeda3a1db615

SHA1
c1519d9458e4c6aee706d23952e42195996f16b7

SHA256
69dc3a6fff1f384b99ebd9183563fc76c5bdc0491458eb87a74e2fcdf11e1fd3

SHA512
bd276f13314b3ca776f6387fc33be87970f19a4dfba634fc7a88478143bfacfbb0c15d6e8f9bd538c5533474eb472e231abc5ed520a51b0141fd22950c749952

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\utils.js

Filesize
3KB

MD5
e5c9bb6348c25febaad007c01438f298

SHA1
300bd90c82cf8099c9843b22a73cfad5942cd672

SHA256
7bc12c2f55effbf7512d00cbf5f0caecbd4021b1105ce4143d67b706f6be9db9

SHA512
1b87cc4415bda5bba917006f21d798c86ed5669319c3a941a030d88b5ba1efbc98c74c2aa5a032c2c5c794a5fe1e7abcebfe1565e00f4b55b5e52f90840ec583

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\warning\alert.css

Filesize
1KB

MD5
3206064751ac2357e6d4fcf871a88134

SHA1
eeb5d0ab7cda34d9319c969da97a64aafb4891d7

SHA256
0266461a85d39db5a9902ab13e588ce63ef9be23b97c645eaa390017465f30cb

SHA512
2de8c82e0683ce30a838a1308ac000d1f0cad55a555e0c8f8b9215cc4e977407d2f9598b8f4d0afc36580bf53f548c0cf46340d58d1df9f9ecd5463573512096

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\warning\alert.html

Filesize
4KB

MD5
aa1623e0c98b221ca91bb3daa7d037fe

SHA1
1d60924f5c2c47e3aa040c9a8feb1c1417f8c6e3

SHA256
04af8dbcad3a3ec4d687750d4653fcc95183e0d60915e10eb01269d90818aef3

SHA512
38ed2cc4919cc65df822f2e55e9a37fa0ba53fb141c3ce3ea80f0fcc88081f9036909e11d217703b822250c3766e6d571470a12c55be3dcd166c959fbb7bd155

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\warning\alert.js

Filesize
2KB

MD5
40dfa037fa5a8c45bbdd696e54901c9b

SHA1
b993b3194c545195a8ada605a2978f34ca4b6854

SHA256
03d98d63584e3eb4137f6bc3b15e810418eaa9bb47ba0199c16424ff34ff8ef7

SHA512
de81fb1e3e8dc883c4365cde5b75be59c815d90725aa60147fa7fa76e443e5d107934a80571b6d7677d9a2013d7f2c4a0f965be5825240ffdf9bab38ce79f4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\warning\imgs\comodo.png

Filesize
7KB

MD5
be2c7d0682173dc14bf411e9b2de0467

SHA1
015bdb6a7cd9917145381d354434a5c926c17605

SHA256
cc1093df7cd1cd5abea9f021fecf340d8ff0098e3a02558f0d9ff99f8ea63597

SHA512
de8694963a323da2d0d39b9d738f5040a8642f4359487cb6f6ffa159dd032ed49e74834fbbbf71964e41d152d230bf0d3f0a6f0c10bac5e7589afd32edc7ab3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\warning\imgs\logo.png

Filesize
6KB

MD5
d8254327dfb2be04bcd4098032c99de2

SHA1
82e016aedbe9e5559896f4f2a03f4b125f85cd22

SHA256
4d6631eb6af9229a75c2e1825a69fdcdaa9a35417ca6840375644d433e271ffe

SHA512
fc539eec5be8b07599b726bb46e22fd5697468f0d31485373b6e9386205232b67c961aa06abb400012ada68789a1375691ec9678a7b18ccef647c45c293b1ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\Temp\scoped_dir2964_1758821776\CRX_INSTALL\whiteBloomFilter.js

Filesize
9KB

MD5
1bbaf127cbfe52af0ec1675663f1b80f

SHA1
27f03829b672be364e9459fd1c346283b3934c03

SHA256
91f570e8f7131f95576fc99c8057411f27b7c56a44232f60065a00b0efe30fda

SHA512
9b2af4d085356f98c100fa03a3644d855eca937dfc2cb5d8840d73fc734404415ba8a5fb90c7e55712f2a689e867ea1d2a2938d492d9c6f1e2e709692f0e2cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo\2.4.2_0\images\16.png

Filesize
306B

MD5
742a1fd7a3f727b0dc6c3595e05a709d

SHA1
b702fdba112a0537b3fc2df115f20a2d7fe31c14

SHA256
9705c9104869e321e7d4ab8a519c03c9fc000bbf0d6f0e5bcac4e350dcb8c893

SHA512
a6b55ef18441e60f975fed4eb7f94ffb12a82d1a6c98613520cda28bcdc9fab64f9c4e3ba3de5c69773f27ead9331b8d5981ea06b3aabc7b40527f9ffe8addc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo\2.4.2_0\manifest.json

Filesize
1KB

MD5
d9fe92e670b3da608bee9ce1a18048dc

SHA1
b5ecea1b90e667a263a450ed5d5bfcb02620e9a5

SHA256
290fa1046d53f760df245a49410ef76d72e4cfdaf661512a54789358d3f4d269

SHA512
9b13a4f641005776f3f2514915da3bd8a8ad267f51daa62d7d5a286a81ac2b50390f6446ee7feab164bd7f83e9809d0ec13ea2bf6e6dbf54abee730953544483

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7727315fa4c5adea5784b26f9933a3b5

SHA1
68268e6734ec2ffa58d63def7112a714e5586b23

SHA256
bfe1368b0e5efe65e28eda6f9257dbc138ca609a51a6137d637eda4a3dbae28c

SHA512
2dd2c7035695cb640f6fb4d3a4ba13cebc6baad8dc6d8040708e9c4f5bdb426a305234c0c9fc0275aeb6e8342a1ea73f02a7ee44ea055340af194d652940fd2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ebce35b5fcf010ffd8a71a06858c6d27

SHA1
9be9a449b3bff3a37c5193b6a75e2125876a952c

SHA256
b048c5f6a0948a4a70ca27114cb65270efb0930996d34cb2ac031e222781fcb5

SHA512
82c84be3c60d4feb0e0c3f37ddfccc468acaf1b07229b8f66bba639d1f285077830c052533ce6fb4b0453eede071ad3e70161a4efbb9ac28fe85f46c5dce0897

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\Network Persistent State~RFe58a803.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\TransportSecurity

Filesize
370B

MD5
657013edb5b7294462f98af8112d4570

SHA1
0befb82caeb09600e12b265069dface0e73a30cf

SHA256
1c057dead5017a50dd95e1862deb794716c3f7c745c887b194aa9761377b416f

SHA512
dea4e4376c852101ab02065cce170d13d074ee653d9f52cefb4488c1dfdde3551fac9393938598eebba3baad7f457a91ab04c3d2abeb8e294d7cf3ce57c629fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\TransportSecurity

Filesize
368B

MD5
f7b5c65d449eb2b9015f6e781d4abbd3

SHA1
e43241458791ff0cd3a1037e95862ccc2b4da530

SHA256
0cb7ba1291f1a435c26f241ec8ddda35c2b0e42125c864965d9fbae15d6205c6

SHA512
b781ec31a6c983e98c6f1c872ed1ccfd0a21653b5be9d57f33bf060e7c814469637c15e398326d3d2298f085575fccb8a9c6403f91962eaebe1db2b88b07cb82

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Network\TransportSecurity~RFe57eacd.TMP

Filesize
370B

MD5
e23bd526764ad5c56f9c9790e7979088

SHA1
af47496164dc78af5d84ec6976a4fea78c63f27c

SHA256
0d62a121b600c59059102acf306ecb252c51d5e8ab75483e393548d4384ae05f

SHA512
d357af6fcbbae46d72cf4443c77079a969212b6bdd9647247568aa6fd8c44baa697110c0359fa2a745efc68c2ecafa89224f0dba1cffce570ecb7338b090ff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Preferences

Filesize
3KB

MD5
64b336428ebb618f364771fc58c4c2f4

SHA1
d81871d409d87c583f041be768fe712f9f835d51

SHA256
80637277e607a7e011f76bc82ede1ceb3b8a253df3a77d1001ea28c224ad249b

SHA512
67ebb8277c96c34f3243f4544f141652bc895fd1c4116a9976a1e11009a052032d1cb6a7cf72d007cd8b71e8954cf620052731c2c6087c2427139d37b400dfa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Preferences

Filesize
4KB

MD5
cdb7f693645f6460ad8be22ac9efbe5e

SHA1
cb7c6240e101f867d766f25f3bf1d5ec3bdb6999

SHA256
04837c1df3958736d4b40fe4a0a3527c108b5a95011e034d26f67dbfbe72d51f

SHA512
b19d7a8976fb9fdf21a5bf0d7f85590ba68e0ead948b78b277ba5d181238ae8291d216d379e4173c4756b467d77fbd32af9266d1c43d43ba87f2943583a4c562

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Preferences

Filesize
4KB

MD5
e7c3141185e5fb4b0d9b4f36fb821bae

SHA1
f52cad5f6ae10c62802b3d776e19a682b6548368

SHA256
b02d14cd7e7df61f7255ced0ed35863b3c4f3e611e8689ac5629127cbb006f16

SHA512
c6550a73bb713c93da4b9f7b9bff8822085f715d62420a1b23146590e9adc5c794bdaa8ab9a406e442aa8a78b94dd3daeac7fd272699f375018901e9afde645f

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Preferences

Filesize
4KB

MD5
1db9bd8733efc92675a609e5d5b436b8

SHA1
9a8b73b3a1bde34c95bb673f6c24c051d7812e15

SHA256
79040639c36b63b2e1db9f342851eff834fa8524e64c74475cb924a12513be2c

SHA512
c28556a2067d0cfd1c1ffd31303be57fd60fa9c078db940a51351f9b07dbdc0d5e380ba7a02f8a2d346a2b858555da8681f1bd9c0c5a3476a977197618dc678c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Preferences~RFe578aac.TMP

Filesize
3KB

MD5
614416055bfc48a5d9da5fe66d7407f4

SHA1
5b870235fda3d5c63ca443594437571c7936b578

SHA256
54d6715123b1572bf5a767683ef5859a115fb6f32f0f3fb59bd7a3961b1ec9ca

SHA512
81da3ba415c21b54b662705a85d3f784e9a7e0ca2800bcd54bdf10458534c26f9278193df914e6177b98d2d4d25c6c1b5727abdacf7a4d51e4819bda526041b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Secure Preferences

Filesize
19KB

MD5
e92ae9d96805966620cb161523a24e9b

SHA1
d4426920fa031209b4cee3bfacf4480b7d678f86

SHA256
c8e714669fa37ef7f988aa0224d7379bd7f671019abc0851b22f548c47048221

SHA512
04b6014c0a4bba4e64ae66be7def225f0eac2ec9159166efb03ab9ed1de7b95d877d27abcb2a027eca41e2a8ad59161910deebbf05688451476cf2d2a1f1993a

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Secure Preferences~RFe57b4d9.TMP

Filesize
7KB

MD5
921204e7f456b6ad709f9411cb667d05

SHA1
2d6ff70236c9b2488186b5741acec6b4d8c74666

SHA256
c2e503ba6faaa48b3770e377a690ce2aa6e1caa44bd00db0bda3d3632710a2f5

SHA512
53a0ca6494544bc35d8fcab74106a261c57736fca41d0ab9bd37f220e1ef62fe0a7b824ad00d78526cb701c4e26ef4ffb13c4b35475ff595e12ce3408886ed53

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\FileTypePolicies\63\download_file_types.pb

Filesize
7KB

MD5
b8eaf02ebf097cbe05ce4eb62629205d

SHA1
dd0277e97a272535c703ed88aa908860f728749b

SHA256
05137351a83270e31b0c657fb70df9fca7c9e1fbcaabc1ac07bd57f03ffdf179

SHA512
7863a5c9c154e8ee90ca88ba928faf06d7d2a9b7ead64c6eadef9c74b2f698f93238e1e070fca21c621e277424bc0bf3cc26f0573c07ebd76fe79060466cecca

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
2KB

MD5
75270cfc3ccef3c5bba13aa58d52d35e

SHA1
aacbd488535dffbd65c9f8f661617776db286d7d

SHA256
422e09940e7a876ef2d98a434320db7644f54d58fd42814fbff5902a6d875901

SHA512
c0b4a5a532dbbd27c777c1be318eacee6663e6b65ea818e9b2a578184126800e9f10e2f64d80bb4afddd0255ba115ee647a02a6148027a482b125c9272316027

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
5KB

MD5
bc3d8ce4578b76b566f945b5e14385b2

SHA1
7693ea7b8d04c79cacf55837f96e048a0bdc4eed

SHA256
c9fe23f7c6e1a2af958b099636245ed1155d5673434110a8c9feb53a4b027ba1

SHA512
dffe4a80301dc70f2500a0abb26023aaed6dc4596bfb4f5963ef1dd2eeb044dd6add872e9fff32f1f8b6f19b25b4fbbba1e7949694b5967c796abe4b96e1f0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
6KB

MD5
7b15e60e241f5b70b4bd4e203edf6b34

SHA1
3d37f7a8336c9bb26c003286c432f717db8283f0

SHA256
fce3871d15c8813fbab3c2c1fe1d53f2b7ae6039b44633add5b594e02b159b80

SHA512
d0b1ab8b3123f2c7b21c43855e97234620d756f199707d4167e3757a1cd7e7e5a0b3e95be5bb8628dba11074ad4f85d7b238b5641f5698ba6a95a8ec0d4cb618

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
5KB

MD5
746bbd88e7827ded1a04ed3de80094c7

SHA1
c9b3b2fc275a65ec66f4558a81a01d1425ba3ca7

SHA256
96f0eb75bae69499c3d39888f48238c4873bfdfc5a3960918cc5c9df7ead16e2

SHA512
014e0b52e0ad79b45f2648e91deaf174799aff025fa3d562c4708f9cd57336bb3c8ac3d09087fde480e9e637b296c17bed25d89c7c503f72de79981214667c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
5KB

MD5
88fe546c9e021be92ac844379598b8b4

SHA1
a7274876ff7e2ebad43a5ecf5c8cb42e1396374b

SHA256
9ccdd6768430b9dd51cefa1f65fbb83cc9e39417aa94b3b05a72c3340e0043a4

SHA512
4eae5717cc5acd41d3280a7b260abf49f12f5dd2f9e5babd60c3b2a07a265fe1797d844af1f23c1e222cc03394195023656697ee094526d594bd3921ffdf96be

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
5KB

MD5
1396a768e3ff51b2f87389508a5991ca

SHA1
b1ae2eacb84ea79b8e73362065975b21e6686b30

SHA256
1c20ab5b6a40f2374380f0d751648d68d1b650b2a5305ac5bbe623d2d7188c2e

SHA512
f66601b9290358dca7cb11b814cf7f92e665c7b258d262f5032b0a7f1f913655ca4f5766fdbdc6e319601b204fa43936a27465a716308384eef45eacb0aaea9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
5KB

MD5
8d8553b52d701822c1fa0a7dd3b77b9f

SHA1
0219c9f005e1121e5a5a2d26d82fd2934263520c

SHA256
d874163c10e3852fbc4128d9c9701c6cdfaa832fa8f884cb7d45a89acb9f4cc2

SHA512
38a9042dd9237ea6724fc288e33aef0d87ac2c4ad42720af99238ef6e8aff793c9ca868d791becc5a784ae34ab458edb3f8a98ce3ba0dc40f01d652213b65675

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State

Filesize
6KB

MD5
e1b9cc0b75fac673667b06e5e508b0ec

SHA1
11302c0ec34a0751621d4901fddd20255f02a98a

SHA256
1d512de59d68100eb5df8c2ce79b789a36a99f4224865077c4335a4bbca6da29

SHA512
b7950e2a8dc1a76bb1d15a1171e8185e623c4c35a9edf62b3eeb0b540875ddd4f6b139abd234e41330932756ce1ad82ae74f9de42605b46a07bb68fe0fab89ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Local State~RFe57ae9f.TMP

Filesize
1020B

MD5
49421d16ac8e83c1de7379c86b20d4b3

SHA1
e2bc5c8034e99cb4ff69c4dec1311afb88ef16a2

SHA256
19542f7cd9d870eb7661a8d3c01d1fd7b36f086889ce722eac373f2dc4f13c21

SHA512
38d6622813b47eac15912603a55798f2c8d1da34901776fd810e356d50366662d4b3ab48344500ac173263979c70940f7482b0612b0cf4cd47cc479266fd5d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Module Info Cache

Filesize
97KB

MD5
cf6c6f3c3ca52bf4c19782dc51951243

SHA1
29a9f7ba1aac5b5036c45ff321a8cb21902359ba

SHA256
4b166315f065d81738067d863f92cd2f23e34c96c3d1cb044b4b70793f0bfd6f

SHA512
8476b656b6959d54cbe15e693591ee1ac639173c67df409605af1f23c68a21bad40c98da34d436260d7dcb82a87cb2b33de409e359951b048abdd7f5fe3fef62

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\Module Info Cache~RFe58ace5.TMP

Filesize
97KB

MD5
d9e9038b3384be087ce83c37b11c2477

SHA1
b50278d058fa3aa68061f231a5c2df97e5810e25

SHA256
677753ce4e358f49a3d3e9fcc7cb8161e30a10ecb0e2f9f097cfa2782917ff83

SHA512
78dad5eba4b3e10d8e019e14c52ff81acf6a08cd943ae8b24cef76e6340ab9d49cff9c2bcf9e2964f2e743829f808f9fe19f37cd6ff0225592852044a3800136

Download Submit
C:\Users\Admin\AppData\Local\Temp\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\Temp\deab4db5-5133-4798-8630-292e97b6b8cc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_1730989571\CRX_INSTALL\comodo128.png

Filesize
1KB

MD5
71261019def4e7369a766ba8e0a1e393

SHA1
100bb08be7909cedba3400872ee26da858c70163

SHA256
70b9599cdd1991e32af16ff4e1b67816d76430e459594b5bd16e787ff28ef02a

SHA512
ba613d32c234f5f056e4d71d587c84b339e4fd87af1437f18be37adadc656cbbb4e55db939e0029d7f40dc337ca2e8256acea093274def60e38be16137cf4b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_1730989571\CRX_INSTALL\comodo48.png

Filesize
787B

MD5
f59c4139b50a2b26efa7df26658b226d

SHA1
9aca146f6983a386463668585ea29e2821f62df6

SHA256
dc672433c582455124e78a95335b5aaab7de0138e9a66dbe0ac2358a588e1891

SHA512
d312f5f9d9333dc4db505018e6e8aa8511b7731ab44f736cd81fcb99532218bccf3fd49a7654092c18dfb09d6e13cdb35b38ab37ee80fc2f621eb66e20f1f95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_809595482\CRX_INSTALL\_locales\en\messages.json

Filesize
4KB

MD5
3ba6588ed776a2bace8839061c945e5e

SHA1
a216b92e8ed05c58569d9a8a9688009a42bbf608

SHA256
23973dfb6b8b56cb54bfc86330dc9f86065eaa9df7cdd4e0122bc071f1c60127

SHA512
e107e93dab6912d498502f18b79728185a29b38bb2422172073d7bd4e8f074e36e0cb68cd1f6b2f80ced68f5e2b1158bc9ec179a4f138036e6c469ef0a864957

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2964_809595482\CRX_INSTALL\warning\font.css

Filesize
7KB

MD5
6de3e9f871151e812801158add84e7eb

SHA1
1cc590ddcf29eacc88f81a06761318913b818d07

SHA256
d2eb3e3fb19e902a9a1e79f5feb28adaccbd37d0d4ea5423970c80a57505f837

SHA512
0f16814e27b3540f35cd635aed58d6645c32139b41ae868ca40d3ea1e397329f20b15fa2f0d33b5c184cf937c1942c29373d195626a91792ca7398d5609671a2

Download Submit
memory/2188-1788-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1779-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1778-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1780-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1790-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1785-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1789-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1786-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1787-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2188-1784-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download