cee49ab1417d7ae571b1f9a0d51a26619bc398eafefd746aee1366ee6260c3cc

Analysis

max time kernel
803s
max time network
806s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

a36e81c4ea919b6784aee32f5c5da244
SHA1

d183793fd19aa0e638ce5858483606ef074f1ce9
SHA256

cee49ab1417d7ae571b1f9a0d51a26619bc398eafefd746aee1366ee6260c3cc
SHA512

4d22c972e23260bfc6c4d027ac1aa092d78b2f35c7bfaed750b6dd136691b9dab129b49f16e15cf1d1c4dbd62c9976979829f41b3ecd5ba4cfc8681267a8c99a
SSDEEP

384:r3iO3z0DpmReVoOs4mi9ylKeGM+U8HhhbWaq76f4+o2paWhOwob0/b+mIJCgMmVn:r3r0BVoOs4mmyI1M0BhbNMeaWhOwob0c

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00070000000234de-830.dat	acprotect

Executes dropped EXE 12 IoCs

pid	Process
4664	file.exe
3572	file.tmp
4824	Free Flash Player.exe
4460	HarounHaeder@SpongeBob_ScreenToy.exe
3220	[email protected]
1384	[email protected]
4344	ButterflyOnDesktop.exe
4472	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
3240	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.exe
1488	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp
3544	setup.exe

Loads dropped DLL 33 IoCs

pid	Process
3572	file.tmp
3572	file.tmp
2888	regsvr32.exe
3940	regsvr32.exe
4200	regsvr32.exe
3896	regsvr32.exe
1588	regsvr32.exe
3120	regsvr32.exe
2608	regsvr32.exe
1664	regsvr32.exe
4840	regsvr32.exe
896	regsvr32.exe
1972	regsvr32.exe
3180	regsvr32.exe
1432	regsvr32.exe
1424	regsvr32.exe
1376	regsvr32.exe
3124	regsvr32.exe
2444	regsvr32.exe
2308	regsvr32.exe
4580	regsvr32.exe
3272	regsvr32.exe
1012	regsvr32.exe
4824	Free Flash Player.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe
3544	setup.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000234de-830.dat	upx
behavioral1/memory/2888-832-0x0000000000400000-0x00000000004B4000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe"	ButterflyOnDesktop.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
119	raw.githubusercontent.com
120	raw.githubusercontent.com

Drops file in System32 directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\vidsite.dll	cmd.exe
File created	C:\Windows\SysWOW64\clntxres.dll	cmd.exe
File created	C:\Windows\SysWOW64\drvc.dll	cmd.exe
File created	C:\Windows\SysWOW64\pncrt.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\ramrender.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rv30.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\sipr.dll	cmd.exe
File created	C:\Windows\SysWOW64\drv2.dll	cmd.exe
File created	C:\Windows\SysWOW64\rv10.dll	cmd.exe
File created	C:\Windows\SysWOW64\rv20.dll	cmd.exe
File created	C:\Windows\SysWOW64\rvrender.dll	cmd.exe
File created	C:\Windows\SysWOW64\drv1.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\drvc.dll	cmd.exe
File created	C:\Windows\SysWOW64\rarender.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rarender.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\atrc.dll	cmd.exe
File created	C:\Windows\SysWOW64\authmgr.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\authmgr.dll	cmd.exe
File created	C:\Windows\SysWOW64\colorcvt.dll	cmd.exe
File created	C:\Windows\SysWOW64\pnen3260.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\ramfformat.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rv10.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rvrender.dll	cmd.exe
File created	C:\Windows\SysWOW64\sipr.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\cook.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\drv2.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\pnen3260.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\raac.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rmfformat.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rv40.dll	cmd.exe
File created	C:\Windows\SysWOW64\atrc.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\colorcvt.dll	cmd.exe
File created	C:\Windows\SysWOW64\cook.dll	cmd.exe
File created	C:\Windows\SysWOW64\raac.dll	cmd.exe
File created	C:\Windows\SysWOW64\rmfformat.dll	cmd.exe
File created	C:\Windows\SysWOW64\rv40.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\clntxres.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\drv1.dll	cmd.exe
File created	C:\Windows\SysWOW64\ramfformat.dll	cmd.exe
File created	C:\Windows\SysWOW64\ramrender.dll	cmd.exe
File created	C:\Windows\SysWOW64\smplfsys.dll	cmd.exe
File created	C:\Windows\SysWOW64\vidsite.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\pncrt.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\rv20.dll	cmd.exe
File created	C:\Windows\SysWOW64\rv30.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\smplfsys.dll	cmd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-4F46O.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-SKJ74.tmp	file.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\is-FIPCI.tmp	[email protected]
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-9AOHR.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\unins000.dat	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-D8F3I.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-P1OKH.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-2K8NU.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-MRO3F.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-0LTLK.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-85TI9.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-GF9AE.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-DSAJD.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-3II7P.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-PAI1T.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-HNM1O.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-8R1OH.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-MOR1V.tmp	file.tmp
File created	C:\Program Files (x86)\CyberGhost VPN 5.9.5.3185 + Crack\unins000.dat	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-SLVO2.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-TMRIL.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-2MIFB.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-TO6HH.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-24PPO.tmp	file.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\unins000.dat	[email protected]
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-NC0TU.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-O4UIP.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-J2INQ.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-SD01A.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-ROQU9.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-O3VA4.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-E5J91.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-8G8S1.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-GVOQ5.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-IAVNS.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-NCI4O.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-B9OQQ.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-1J2K2.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-CA8NI.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-O5HTQ.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-OPKCP.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-VBOU7.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-044VV.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-JKD9E.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-5AIEJ.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-N21Q7.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-Q436U.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-0HIRS.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-5GLJ5.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-IAMHD.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-HU24L.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-2FV23.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-J5PI9.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FFDShow\is-4AI7P.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-18RA8.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-C1AK6.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-7OVRE.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-9NKDU.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Real\is-264TI.tmp	file.tmp
File opened for modification	C:\Program Files (x86)\CyberGhost VPN 5.9.5.3185 + Crack\unins000.dat	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-JPRMT.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\is-DSDUC.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-D4CAJ.tmp	file.tmp
File created	C:\Program Files\DVDVideoMedia\Free Flash Player\is-UQVT4.tmp	file.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00090000000235e8-1597.dat	nsis_installer_1
behavioral1/files/0x00090000000235e8-1597.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5044	taskkill.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597525973401088"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32\ = "C:\\Program Files\\DVDVideoMedia\\Free Flash Player\\Codecs\\MP4Splitter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1365BE7A-C86A-473C-9A41-C0A6E82C9FA3}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{1AC0BEBD-4D2B-45AD-BCEB-F2C41C5E3788}\0 = "0,4,,1A45DFA3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}\CLSID = "{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6A695A2-B1AD-49A2-AD6F-FFB82E2A7832}\ = "AC3Filter SPDIF page"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54A35221-2C8D-4A31-A5DF-6D809847E393}\ = "CDDA Reader"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{54A35221-2C8D-4A31-A5DF-6D809847E393}\CLSID = "{54A35221-2C8D-4A31-A5DF-6D809847E393}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82d353df-90bd-4382-8bc2-3f6192b76e34}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\ = "ffdshow Video Decoder ffproc"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{39F498AF-1A09-4275-B193-673B0BA3D478}\CLSID = "{39F498AF-1A09-4275-B193-673B0BA3D478}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64697678-0000-0010-8000-00AA00389B71}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{64697678-0000-0010-8000-00AA00389B71}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}\InprocServer32\ = "C:\\Program Files\\DVDVideoMedia\\Free Flash Player\\Codecs\\ffdshow\\ffdshow.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32\ = "C:\\Program Files\\DVDVideoMedia\\Free Flash Player\\Codecs\\ac3filter.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{08E22ADA-B715-45ED-9D20-7B87750301D4}\5 = "3,3,,000001"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05F983EC-637F-4133-B489-5E03914929D7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\FriendlyName = "RealVideo Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}\ = "ffdshow Audio Processor conf"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78766964-0000-0010-8000-00AA00389B71}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{640999A2-A946-11D0-A520-000000000000}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DFD031D4-4780-44E7-A5F5-951D672FC93A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}\ = "AC3Filter Gains page"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6A695A2-B1AD-49A2-AD6F-FFB82E2A7832}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5AA0389-D274-48E1-BF50-ACB05A56DDE0}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5711D95F-0984-4A22-8FF8-90A954958D0C}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A68C3B5-9164-4A54-AFAF-995B2FF0E0D4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32\ = "C:\\Program Files\\DVDVideoMedia\\Free Flash Player\\Codecs\\ac3filter.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\ = "MPC - MPEG4 Video Source"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\MediaFoundation	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78766964-0000-0010-8000-00AA00389B71}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9D1F322-C401-11D0-A520-000000000000}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70f598e9-f4ab-495a-99e2-a7c4d3d89abf}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}\ = "ffdshow subtitles filter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{F2FAC0F1-3852-4670-AAC0-9051D400AC54}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}\InprocServer32\ = "C:\\Program Files\\DVDVideoMedia\\Free Flash Player\\Codecs\\ffdshow\\ffdshow.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\ = "MPC - MP4 Splitter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\CLSID = "{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{39F498AF-1A09-4275-B193-673B0BA3D478}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0B390488-D80F-4A68-8408-48DC199F0E97}\FilterData = 020000000000200003000000000000003070693300000000000000000b00000000000000000000003074793300000000480100005801000031747933000000004801000068010000327479330000000048010000780100003374793300000000480100008801000034747933000000004801000098010000357479330000000048010000a8010000367479330000000048010000b8010000377479330000000048010000c8010000387479330000000048010000d8010000397479330000000048010000e80100003a7479330000000048010000f8010000317069330800000000000000010000000000000000000000307479330000000048010000580100003270693300000000000000000300000000000000000000003074793300000000080200005801000031747933000000001802000058010000327479330000000048010000280200007669647300001000800000aa00389b71000000000000000000000000000000005956313200001000800000aa00389b714959555600001000800000aa00389b715955593200001000800000aa00389b715955595600001000800000aa00389b715559565900001000800000aa00389b715659555900001000800000aa00389b717eeb36e44f52ce119f530020af0ba7707deb36e44f52ce119f530020af0ba7707ceb36e44f52ce119f530020af0ba7707beb36e44f52ce119f530020af0ba7707478747300001000800000aa00389b7108eb87e4266be94b9dd3993434d313fd2d806de046dbcf11b4d100805f6cbbea	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DFD031D4-4780-44E7-A5F5-951D672FC93A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9736D831-9D6C-4E72-B6E7-560EF9181001}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5210f8e4-b0bb-47c3-a8d9-7b2282cc79ed}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DB2B5D9-4556-4340-B189-AD20110D953F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{87271B4E-1726-4CED-AF0D-BE675621FD29}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{007FC171-01AA-4B3A-B2DB-062DEE815A1E}\ = "ffdshow Audio Decoder conf"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05F983EC-637F-4133-B489-5E03914929D7}\ = "ffdshow Video Codec"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{149D2E01-C32E-4939-80F6-C07B81015A7A}\CLSID = "{149D2E01-C32E-4939-80F6-C07B81015A7A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A4B11047-79C1-44C5-B6F2-8A868755ABE5}\FriendlyName = "TrackSwitch"	regsvr32.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2888	regedit.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
1972	chrome.exe
1972	chrome.exe
5076	msedge.exe
5076	msedge.exe
4860	msedge.exe
4860	msedge.exe
4088	identity_helper.exe
4088	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
5024	msedge.exe
5024	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
1488	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp
1488	810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1144	7zG.exe
1384	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4860	msedge.exe
4860	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
1144	7zG.exe
3424	7zG.exe
3572	file.tmp
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4592	chrome.exe
4592	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4344	ButterflyOnDesktop.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
3120	OpenWith.exe
4664	file.exe
3572	file.tmp
2444	regsvr32.exe
4824	Free Flash Player.exe
4824	Free Flash Player.exe
4824	Free Flash Player.exe
4460	HarounHaeder@SpongeBob_ScreenToy.exe
3704	OpenWith.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
4472	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
2576	TopicTorchSetup.exe
4880	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4728	4592	chrome.exe	81
PID 4592 wrote to memory of 4728	4592	chrome.exe	81
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 2348	4592	chrome.exe	85
PID 4592 wrote to memory of 852	4592	chrome.exe	86
PID 4592 wrote to memory of 852	4592	chrome.exe	86
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87
PID 4592 wrote to memory of 1720	4592	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed416ab58,0x7ffed416ab68,0x7ffed416ab78
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4736 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3300 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5008 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4980 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3300 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3280 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4188 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1744,i,4292234394208314512,961009938618584968,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Users\Admin\Downloads\810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.exe
  "C:\Users\Admin\Downloads\810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.exe"
  2⤵
  - Executes dropped EXE
  PID:3240
- - C:\Users\Admin\AppData\Local\Temp\is-R033C.tmp\810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-R033C.tmp\810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.tmp" /SL5="$A01C8,10831814,832512,C:\Users\Admin\Downloads\810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\is-EATMU.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-EATMU.tmp\setup.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3544

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Free Flash Player 2.6.0\" -ad -an -ai#7zMap24747:106:7zEvent8675
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3120

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Free Flash Player 2.6.0\" -ad -an -ai#7zMap1102:106:7zEvent7557
1⤵
- Suspicious use of FindShellTrayWindow
PID:3424

C:\Users\Admin\Downloads\Free Flash Player 2.6.0\file.exe
"C:\Users\Admin\Downloads\Free Flash Player 2.6.0\file.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4664
- C:\Users\Admin\AppData\Local\Temp\is-02S5C.tmp\file.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-02S5C.tmp\file.tmp" /SL5="$20272,12033312,54272,C:\Users\Admin\Downloads\Free Flash Player 2.6.0\file.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3572
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\DVDVideoMedia\Free Flash Player\reg.bat""
    3⤵
    PID:872
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s dcbasssource.ax
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2888
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s trackswitch.ax
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3940
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Register.bat""
    3⤵
    - Drops file in System32 directory
    PID:3292
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "ac3filter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4200
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "AviSplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3896
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "cddareader.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1588
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "cdxareader.ax"
      4⤵
      Loads dropped DLL
      PID:3120
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "divxdec.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2608
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "FLVSplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1664
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "MP4Splitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4840
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "MPADecFilter.ax"
      4⤵
      Loads dropped DLL
      PID:896
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "MpegSplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1972
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "MPCVideoDec.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3180
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "Mpeg2DecFilter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1432
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "realmediasplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1424
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "splitter.ax"
      4⤵
      Loads dropped DLL
      PID:1376
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "vc1wp.ax"
      4⤵
      PID:688
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "xvid.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3124
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "ffdshow\ffdshow.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2444
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "MatroskaSplitter.ax"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2308
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "qasf.dll"
      4⤵
      Modifies registry class
      PID:3016
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmpasf.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4580
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmvcore.dll"
      4⤵
      PID:3196
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmvdecod.dll"
      4⤵
      PID:5056
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmadmod.dll"
      4⤵
      PID:4932
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmvdmod.dll"
      4⤵
      Loads dropped DLL
      PID:3272
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmvdmoe2.dll"
      4⤵
      Loads dropped DLL
      PID:1012
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s "wmadmoe.dll"
      4⤵
      Modifies registry class
      PID:5068
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmadmod.dll
      4⤵
      Modifies registry class
      PID:4708
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmvdmod.dll
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmvdecod.dll
      4⤵
      Modifies registry class
      PID:2772
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\qasf.dll
      4⤵
      PID:4904
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmpasf.dll
      4⤵
      PID:1508
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmvcore.dll
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmvdmoe2.dll
      4⤵
      PID:632
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Windows\system32\wmadmoe.dll
      4⤵
      PID:3352
  - - C:\Windows\SysWOW64\regedit.exe
      regedit -s ffdshow\ffdshow.reg
      4⤵
      Runs .reg file with regedit
      PID:2888
- - C:\Program Files\DVDVideoMedia\Free Flash Player\Free Flash Player.exe
    "C:\Program Files\DVDVideoMedia\Free Flash Player\Free Flash Player.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dvdvideomedia.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x124,0xf8,0x128,0x7ffec10b46f8,0x7ffec10b4708,0x7ffec10b4718
      4⤵
      PID:4200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
      4⤵
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
      4⤵
      PID:3040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7704262667075461475,607275686759091740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4088
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c taskkill /f /im rkverify.exe
    3⤵
    PID:1956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rkverify.exe
      4⤵
      Kills process with taskkill
      PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SpongeBob Screen Toys\" -ad -an -ai#7zMap22136:102:7zEvent29464
1⤵
PID:2052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SpongeBob Screen Toys\" -ad -an -ai#7zMap21073:102:7zEvent27707
1⤵
PID:4852

C:\Users\Admin\Downloads\SpongeBob Screen Toys\HarounHaeder@SpongeBob_ScreenToy.exe
"C:\Users\Admin\Downloads\SpongeBob Screen Toys\HarounHaeder@SpongeBob_ScreenToy.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4460

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27534:100:7zEvent25716
1⤵
PID:3112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3704

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Butterfly on Desktop\" -ad -an -ai#7zMap18614:100:7zEvent17246
1⤵
PID:4320

C:\Users\Admin\Downloads\Butterfly on Desktop\[email protected]
"C:\Users\Admin\Downloads\Butterfly on Desktop\[email protected]"
1⤵
- Executes dropped EXE
PID:3220
- C:\Users\Admin\AppData\Local\Temp\is-S1KPK.tmp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\is-S1KPK.tmp\[email protected]" /SL5="$C0322,2719719,54272,C:\Users\Admin\Downloads\Butterfly on Desktop\[email protected]"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1384
- - C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SendNotifyMessage
    PID:4344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec10b46f8,0x7ffec10b4708,0x7ffec10b4718
      4⤵
      PID:544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:3632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:3636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
      4⤵
      PID:4348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      PID:992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18351487679257646399,2879735759040245919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
      4⤵
      PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Topic Torch\" -ad -an -ai#7zMap19616:82:7zEvent6852
1⤵
PID:1144

C:\Users\Admin\Downloads\Topic Torch\TopicTorchSetup.exe
"C:\Users\Admin\Downloads\Topic Torch\TopicTorchSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4472

C:\Users\Admin\Downloads\Topic Torch\TopicTorchSetup.exe
"C:\Users\Admin\Downloads\Topic Torch\TopicTorchSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3929055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Program Files (x86)\Butterfly on Desktop\is-EESEC.tmp

Filesize
698KB

MD5
1fee4db19d9f5af7834ec556311e69dd

SHA1
ff779b9a3515b5a85ab27198939c58c0ad08da70

SHA256
3d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36

SHA512
306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\AviSplitter.ax

Filesize
370KB

MD5
3b5104b2ca92134edf9a86768810d998

SHA1
2e80a3389d10dcdee0037e9323238c79eebba8c4

SHA256
f9e12224a351e16e65eb018b765898a83cf09ba646402564e1ecbcf2d9e793ab

SHA512
2d03843b8f62257941ce5551c0c1cfee193670b79d76f81b06789c5cfdab643643ce554230442c2670d174da11eee4d2b8b4dfb6c08d8fc1a4705f1bcbe18a19

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\FLVSplitter.ax

Filesize
341KB

MD5
3c56dfaef39180aa2864a7cff338e207

SHA1
053a20ebf02dcaeac3d106855c1c2a91a490273e

SHA256
b5e34073d2281bcd19b0f6571a051b167e5b2333a51f27848d92efb9204239c6

SHA512
2762d572fcab31bc6fdcb84ba585f46715a1b16bc647f1dbb700aee098694a59ad845bb005d809e95092ee2611c1186a98a55c0525b1c134a5d1a94dfbd1dfc6

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\MP4Splitter.ax

Filesize
509KB

MD5
85c8834aea35a7a820a7b26a64cd2ee9

SHA1
13f0cd7a1ab9c5938c326af95aa5570eb0de0b67

SHA256
a63f604ebcf8ff8dcd2270ad2642bf27c05701982aa53281412168321e090189

SHA512
8897bc6f311715051a93a240a250a315964d9dd3dfb174c9ed6be1dadea082651d6151c310a02153c10f359b84b406073c886648e0d6d8df8a281a1fea90000b

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\MPADecFilter.ax

Filesize
973KB

MD5
b199366972ddb6fa5b484ea30c432ef3

SHA1
ae6c1932c7e980a02718ef190c79fcf5570a106b

SHA256
48bf883bde4c6ffb3c36b97204a6bc99866693985790648b03468df53dc0dc66

SHA512
b98652b25f76f765f6c3468f31d64d5bd7fb635288a8e01326f45b217c1cfee7c9a651de20ad13e18e8593c1524c63b7e0f5859698f270142a7ff4ec0e2c869d

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\MPCVideoDec.ax

Filesize
1.4MB

MD5
30117202404c402e233e9d0f0e2006b9

SHA1
f8ecfdf9155a86d28aca9aaaecbb6f9b10621096

SHA256
b097aeba86aec52bebe1dd050c46a0164efbc733e4b11eef91df49821168d644

SHA512
d9485062bff65eef5891a4df97529d4eb54811b2638d3995854864d223e9c720de82c76cb45b285720ef09549ac911a912e042f0b56159645f2a29d235957b6b

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\MatroskaSplitter.ax

Filesize
424KB

MD5
ce5cfd2aef0c019fde0ab0bafa28fea6

SHA1
bec73a5527655630f9099988c49364b70f4af31a

SHA256
f81b09b42ec13b62e4b76e6c869a6bee41e37fba37f3eca3f3b754c4a841f367

SHA512
18343820746706131ff541e60a30fb8a48509ab324bbf6d7a53ac6d30ace8f8e14927ef167b1c2251f44cc04384c7f71766bacb04e994e2b9d22aae2eb7b372d

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Mpeg2DecFilter.ax

Filesize
442KB

MD5
d371ae44659a4245da234872645fbb5e

SHA1
04592447ceb2043ddcb8537ac12412199eecd9dc

SHA256
0de8ac691ea301460d328092e484c3e92fa2bf23fa7fd2ed63ea96f8c02294c3

SHA512
9e523f47506a17aa00e0882b2115d408f95e24e9c55f0af80d93c71230f82e1fb1aedffb69cacc7e9ba9ec44cdade3754d520768529277539ef47cc0a6fb8a7a

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\MpegSplitter.ax

Filesize
395KB

MD5
2ed4a6137aa628583063e803c8ff439b

SHA1
d98299ff816997a4eaac35d6df00d0ad57dd0eaf

SHA256
a466b884aa706991896be1886c48daf5cbb1efdbcfd05add179c81b45dd3f9c7

SHA512
5448a9b379f9b081a535b50bc5f09cff3fc3893b9defbc4c808f18bd2323fd0cf87d9c14282ec6de32b6cb0a516d31ea4e907e1ae9789fbc5fb4483361999ffa

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\Register.bat

Filesize
1KB

MD5
ff333e62d6c0bc062e39fdb1a57cdb54

SHA1
fcd1b22d82ddedccdc7e775170b0750abd661bb7

SHA256
5645f99605712cdf246cc4411809b6e5d613ce420892ec192752f4b80321573d

SHA512
1cc3b5df7c20a43c852f7acd69983dab5ef9894007e70a22448a5b963cd3c969dc15d76c65b7325b42adba19858b8e40fbf6fd041b3837ee7f3b54550c5e6ce4

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\ac3filter.ax

Filesize
616KB

MD5
49f30b0dd73b8f138f477a633575bf3d

SHA1
2db9803c27469d00a77cf6f97eeefed62658a177

SHA256
13867e7f06ae11841573ea4661f9e112c7079eaf9ed6edd29b882bfbd4069f26

SHA512
96ac2479fc2b6b391b45d47d70ec8ccfb2b97196d0f6930f02418838b33fbf6db338b103b46b2c14d71c8aaacacf47419e6c2df8c5ce402e5bf999c2e115e8b8

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\cddareader.ax

Filesize
260KB

MD5
094ad05e1f1afb8d3a563b4f76f7373d

SHA1
3b79ebe945fa8bf84b4d9a831dfae80721bd3fdc

SHA256
d849009293443aee4978276a07b3554c5283a222ee3003710f4c6cf289f6c5fb

SHA512
d9aef5a3eae070286736a1095346b6db1612f01fde0c145cf4c5fd931587620d1510a3cb2242f3939a5b9cad9b19b9936b01517d28b06017bbd6303aa32b424e

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\cdxareader.ax

Filesize
276KB

MD5
e88bbcfdcace98dac1e82bd4ce4f3725

SHA1
4fadf959c505408ed5fb140062cd2fd5854141d0

SHA256
9725bd3c5316f2466f8e6a4bb1c0094bc47f4fbe69318d14b127c1efc5b01c31

SHA512
7480483f8c578e602474250f10c90eed06b1d5467329691ff2c7c11723c379bc2e3fccca8e208d7caa8d5eb2538cc40fcfa1b8f0a522970c1fd6e03798951ff0

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\divxdec.ax

Filesize
712KB

MD5
8d4ae6d727a26f5ce5bbe224bb017be5

SHA1
3307eb5f3deefd80a8012b219fd02a504d8ae6c9

SHA256
24a94ae9cac79f6bbe65020099a26b9cd06018306c6561a907b8e2e99989884e

SHA512
4c55d7388ba7e2063bcd85812ced3f3c77a65e73997de558284d19175328ca78ef45f86d2e232599e57fc4c586911fa07d7ff4fa457a7ae066a4dfa1a0f706ab

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\ffdshow\ffdshow.ax

Filesize
3.4MB

MD5
08a57870a58a89244e1e53801007d46c

SHA1
cd7e5750d378a47d754a0adcaaca6214d9d29452

SHA256
d10d38aeaf430550cd1c0acef04fc4f6cfcfc7b1c284aeff1f1772c4029f7f6d

SHA512
6e1da1dae2d526bc5142d5461af53ec9b8390b78c9f6ce3303ebdd0791ca314619b989e1e8a58fe0e9e0c47f8b25a1dc69fa14990de41159d2eee7b0eadc11d5

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\realmediasplitter.ax

Filesize
360KB

MD5
2a6e15711bf2fb67b0246cc87c22b736

SHA1
a22170d1626500caef77afd3c57b80c3e55a5542

SHA256
bb8a060fc44603044f60475cd43be01a363505a370f247b4e2df6f157e039190

SHA512
534e106c3f6de7518cfcb4c9540878bcafdbc1747e27d338f7ea9f128264f23257972d0a5af14faba6b13cd8524c589813a17d2a5c54f6f4bc8b2190a2c3d1ee

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\splitter.ax

Filesize
524KB

MD5
674fb3d19ec45abdb40f03659c781f7c

SHA1
9a9e00cb31673f2d7363136df11e89836ca042a3

SHA256
b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3

SHA512
97fcfd94dfbb24cd65fcfc321b75f86f078065c8c960fba2d722061de758fbcb182904fe466ad84d609f1a88738c78cad94fa56c9da7a796f22ea9db70a0d33f

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\wmpasf.dll

Filesize
132KB

MD5
c63625b0681a5b92e9d46d9a7f0dee41

SHA1
fce07dc10b19dc8ce57f0993a961da138daaac45

SHA256
5abdac3f17d922c344162de35e2923440353acde7c1e9d131ac97d3fd4add5ee

SHA512
85c2dcc24e23f5c9ab73cb2acbe1f4bd9effd497d1f9d66e9082ed7d762e1451ec717a7b9d64b91513eb0ca580854c22d1748766cafb45877623af0fe1d5a02a

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\wmvdmod.dll

Filesize
874KB

MD5
998243a6149ec5c136776a32e099d25d

SHA1
4375cd2a09246e0480f2ae5fd18c564a3b01170e

SHA256
aba89c4e50b1d9e6504e4246db7256d09887590faa5e9db7a03bf58950922dc9

SHA512
6055fb51b9f4ec86e3c964fb061678e55b62d8e16cd41b778523c9ff84e9e2b96afeca12d769052241b4541ddfdb972b35bb41afbf40c118310d968d9540e73b

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\wmvdmoe2.dll

Filesize
979KB

MD5
4e5e11219178e1409adb86d57ecda93a

SHA1
dc124d73a8b6bfd2aaf5177b7c1f26be78a9cadd

SHA256
fdfaf0776cb5d377978ab91cd6c4fca4d2fc58e683c9907e6dab1496255cff00

SHA512
636c768f3482c7a2b0e5b1d875bf1a385fa1204ac477d4dcbc8f5e92a498f8d0a3a5eaa15456694b868e6ff51752be8259cfef83bc69f339cdfacd74f7a2712c

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Codecs\xvid.ax

Filesize
60KB

MD5
f392ed792f8b974a65d721b1238f3b01

SHA1
496b9be46eda80d0cd75cdd6713527b7d41fa401

SHA256
6a462c43ecb3c1c9fdf66c802818fb849e6ab7a6bd8d0d87c9ecbeae035d50a6

SHA512
70df700d7ceab5a16c77baffe2c71803f247b2f72d7b97a40a6102981c5008284c3bb99b5b7c1ee7fdb1823695e5267009175fcd8e07d0bd52e673ee7664cccb

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\Free Flash Player.exe

Filesize
433KB

MD5
b2fb9a2c9795bb388222500683bec69f

SHA1
67a1236628ae7d86f89243d6094ab8446704b3ec

SHA256
3de3e2df32c62220441b420bd1ab575ace69f9f5ab99996bc3398a454f6c3ade

SHA512
7b1d9e2ca2ce4556aed0a7ef7e171118c4c9b009b44daddd516cec14ec549c178efa8e76bdcff0df0bbb58917a3fc1fe839bdd4f0ed28ac56237c3209ec3d64d

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\dcbasssource.ax

Filesize
240KB

MD5
157967583347549671ef8ee77a469890

SHA1
00803e1761cc54e7b797c52a4b47503f59f549c7

SHA256
78d5edc5406881ae9b997e5d0b66ca71fe330124593ae1af19e6ff5d4a8f9514

SHA512
3ec97db832012e2d0c5ad4326ac8b025bdd4aeb1ee54c0309e10bc7051cd5ceaf5d06f494a57a97e31e68dfea0d321de50d6ee42afb80889c3250f6bdbfdc0b2

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\reg.bat

Filesize
55B

MD5
1d917d2ff04cc24926566aabbbb6a31e

SHA1
285c175b87d83df6f3f211edf27d583647b09243

SHA256
7b2e9221f5111e592696f0199dfd7739b3ba83f7ee4039130b362293d666b9dd

SHA512
8f0e07251a71f512ba0dfe4f45f034d948a3bbb766a99bb92767de9c30e3bb760c5da523689278e21b57a2f6bbdb08a675b38a1392484fd97c2c32b06c8f9220

Download Submit
C:\Program Files\DVDVideoMedia\Free Flash Player\trackswitch.ax

Filesize
96KB

MD5
e9cc5fefe9f5eba71e3f52f296ec678a

SHA1
36c8d76d8e67612c366449508e8626030a4571cb

SHA256
2dcdfb8c5efcdd54db624ed5e6b111a3e8193f29abe5fa7ce527f42a48bfae5f

SHA512
a4caee82b969c764dede1b64855d6672126efd1d3c591dcbc826b6d0fd1e52b5f096279825dd531ac1a9386a18bb37f743f58f9306fdf74fc57d93bd1241a90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
de2d026858d2ba57b0feff048087d84c

SHA1
3c3e63ff6a6dbc661b2a44c9af4892233f472dca

SHA256
8a98218e4c0dcb2e5cec28038c44f23ee607dc195e6cf927a44fa5e468c4b20c

SHA512
0b4e765de3d97fa98f90b2dcd8601660e7a1b9177103edee3b4e3f9bf51390e4fc4e2f7371f5d81e14795eade51d6c78457d80bb874119c329068c8c3e0c0f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
74e4c8affbf48309e451fd12cca9b673

SHA1
65cefd9e0913f22a59dd5590672e6a8b3cb0c986

SHA256
1f016e53a340e270d8930a6cb6f0c039c5a21c04c259668671cf1bb4e7c8f103

SHA512
4697448f440c13ffb55c94239c7b725df7bc11f9b2ff0c0f3e278171f117c375e3c1f2556b593a88160acb5e26b80fa98d0dae42cd1065684bc9d2a0ebfea1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ca2726a9b2c94bdfb4560b265dd5cdd

SHA1
9e954c01858e0e4f2ce3bd25c2e53d79defe469f

SHA256
a29e0b6b0fcf7869e701ab600d625eb94e4eaa57b419744941b000945d983a8d

SHA512
664f8f1f227af004fa5751c5a247295dab7103fe902778444434995c855d50f228f3e5db25e31f9deae3362acc69cbe8d62dba26489b45ccf22df6a83619d400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2bbce6e90ba62b7361898035763b09da

SHA1
a7e0e1471caad8b3cba47dd3e08b4c9d522246f9

SHA256
46a046821cf9b1f01cd08b4a21fc70c6358337047ca8528c4b5f370216a613a7

SHA512
0f2e197b6983cf0136137ab842d74e0b975bad8b1bada2c94e1fc060f2bd2679e8e8bd1db8d7f4ad7d5ad0b24daabbe75681a473dd1a82089ec0d7113037aad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b9594d25dcd8822408cf996fa4b73f63

SHA1
3e8448863ec3da128d503d7ef1d7d7b62803485a

SHA256
75fc1dd4d7de47b7598599604b6071518cef05802f66c845fd7aa03fa694f42c

SHA512
ae00bff243432d80c0b9ebb912c169f8e63b2bc1393dae5c61bacfae90f70ee0488efec29116ce93a210cfd80482aaad678eb1cb87d7e065c2d4314ab0709efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
830b796861960d58e4ccaf9c6a3f9fa3

SHA1
21e6a2b6d1257d6497779a4f7eb60b8d03f65a07

SHA256
e5e900a3e6a565243b148e7b3524548e92bad43b8e525d9772626247331072be

SHA512
69534f5990a49eb7e0ba947c7e11e570648e819ac17729bca82d3b14242b5f6f0c2cd2eb6f1bde59165253da9decc44cf567a9ad0d45711e94a8a44b9f8784dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
54226ba132570d4f1f3594f43b070236

SHA1
751e34e1fad7d01ba208a2d34890c92c526ce8be

SHA256
c82c2fc46f70187271ddf0129f39521cf5705ee2430f07d9b40e2603cf96a77f

SHA512
f6e7a7ac30284dd626065ed76e47459c6bd9684d6682bf4d738c389fd6b5cddfff4d2ce4c5fd73382ac8ac4a8f11447530559269209dd85bb13ef8b172619ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
699014c31964f2226e9d544d698b1538

SHA1
37365095407b9e4e70553d04f2c7161d77f77f38

SHA256
80b02163f5b1311816a28ba1804f990a3b1c2611ed73de806972e9eb01f1708d

SHA512
12d216018a16ce8e4b7d3c4c10df87657ab409349273fcc5e48649c0f5debc4bd5cd9ba2f794cf78d16a030cd84e95674bc14598f79383a4943940a6c6abbc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
98d554632c96f3de199560b7987fbf3a

SHA1
9496db1300eb57db022b91acab7e0ccc3f884c5e

SHA256
8184615b1b880f7542ef9e41aaba409aefda5a73aaad7bc59ee8d05e06345951

SHA512
cfcddf9d7f874442a3e56f34df939b2417733b3702b31753ba5e71ed35f610ca2b742cf4288eb8a743ccc263ad830103fff815d21d315e2f6d7549d55dd20b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6062ba069ee32ab3ccb8d194880a9e46

SHA1
abb61b74f9fd33854ba63cd55831b8f9af7cb644

SHA256
f8de1f6b3a7c6ee7959f6572e56b71c58abbd8f60c7478d78f1716a61d45fd3b

SHA512
a229b4342a1a08395da5c310f2db9c9b3fd17ed6b696c47651039294bb490e6adcdb04276fe2069e063d2f49a15b9a8a5e3b63b3d128fe13a11b9579d3767b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
38a9fba5f5c55925163d081caa8208bf

SHA1
e7d807cd9289528dc19c499accf3f8ec8c7a699a

SHA256
3aae881d8ec48978f1f0e3f5799d979e15c3d1d1678e4cd37a706f5b34b8e83d

SHA512
f5241a772fa7f7e4feaef604a1406b83a367f1948b4cf11c16974c3ecd13736f26501c61007cd3c6be15b0b07aa47027d567cbaa91f3fd5adffaece4a7d8ce8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14af8da4b54fa17e93b848681169d1b8

SHA1
d95e96cb0919a1c6e28fef1a6ce902e6c2437574

SHA256
b763e0da6083d8bbff9d0a5e5ed639e8a012ba54891fbcb662f0d4ec4f73d0b1

SHA512
8da507ea9e69e4ae001ccf74ddd4f9377b0a3914ef764149b8e3d40393ea1dcef538f29d7ff3d52c7a762886946135475cb52f752324c57e933cf1131d2cc099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cd43295b378ea33c9ed64a9887b60ce

SHA1
3ef7e124c04cda02d7875b437509f939c206a411

SHA256
32406ea2dc62dd663defa8dcadba6b9a6dec8b34347df06d953310bd4f13a7ff

SHA512
ac2ff2fbe3bb2fead5a8eb424a8c687ed96128eee3473905864c94d78c4ed4a8f4932edce479ca54c32c681ee0cfee1589cbbb56532247c5155b6fa2b31a94a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1404424523691b90d4e50b466979c103

SHA1
d7cf63944c02f144b4a34d6b14063aae3e4ccbdb

SHA256
6f5c2359d1098e28c3cb31fe8f2950d655fcd1188e8db50d39ba7674b470698a

SHA512
fc5c3fd433d8902c684a9aa781dcac7a87d69cb3b704fe3c3831002e1f0689dd62d92dd60e643cde72cabb9e063d145cf3b56c6fc41951ec12d346931d48a682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f09c8b5b4ea5d5248e288b22977d262c

SHA1
ead4224a3e8ea408a429970a36157a83178576cf

SHA256
d481993c2978aed64c924089b7b9116f6ac2c3a8c515d7abcc32d029cb4aadb2

SHA512
00b6c0d48595348bac412fb8181919b147d10d1365cc534cf60c154f6f2b840d421d2b42c46816aeb18045e553ed41dd208ba8503759956ce3be956d3c1b5734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4e7cc49f4afb311be9a6b2a7880ac88d

SHA1
7809def3fc05c8f585a1baecc921e60708a3f1b3

SHA256
c4077328d3435ff6d009522fb59413d577e8857c58db255d45ff3ab644bc787f

SHA512
35ecdfb75d103c0830da34bb8091ed569d57d3f460d021a0c56692ffa8e23dbdff18cd91d4b2976afd56b36a3c469cf10a8b9523a2bc4e3904edcdfd8d56e6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
899bf7988190f92527c683c65d827e1b

SHA1
2976c71a8fc86bd840f5dab7c817874aac7aead3

SHA256
a6719ecd419299e6c0af984282f8fc6c12cfe67566f02ea1550ad0950c031816

SHA512
27da15c8ce429463b8e1a40eb2c1a999facd99c9eb50c2770b79c18d56766a58796b798d831eb8f19d0c02b5a5fbc7578df188998913c9e8576f313633e5862f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68e6485c892f6116a0426301b9cfd1b7

SHA1
724b82b76d80712bbef5122693ac72916a36411f

SHA256
ca7ca5d4232bb09a8659260b429b6b4070ce9de5310b9c134417962714b00082

SHA512
01e0348c6cfadac4fab7eb9679f9fd20f50806f5381510eca7fa6a0904b45ccbd9599908e467b409d6b07db5a9261b34d57572de950cd1f40b795c89c812d3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61dba6f47bd3a0b9bee1c38c1ecd6b25

SHA1
55757b8268eab15a32e06fc64806cf2366139019

SHA256
a5b943e6d9d0ebee76823efe9ecb2a3ad89b94b6cbdf8f9bf0ff8973c5d51ab2

SHA512
ace23710b478123bc8449e30eadbd6fe8f581eeae1711b3ec2fc24872a5fda8d1ed42bf9f426723448c9e7b812fff9a695466b6528d7b86d22841dd90cf7fecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
30afc8cadaf857b24920de589af078d4

SHA1
4f9503fde8d661be8ff9ecfed8aff10022f838bd

SHA256
a4d86dd5c1a7c65fdee1ab0c40e6903cfada45cc2d49a3e0f4a0af092271fe2f

SHA512
119e786abc7b26c3e06f6e8a383de444eb9c45caa80d6a77e8d158c045aaf6550e9f6f0c93e04d31b4cd1a04749d75ad73d43c13c5623207f6ea04bb7ed86345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be7278399039c9e70b42818c964ed89b

SHA1
7940b1d11f73eefe402bd6393081611c9822beb1

SHA256
63252e8c1106890359b2383e5c040373c8d6915131385e48edba6bab5e4a3426

SHA512
dea5ac96462f20c69eacb7db2adbd2d54c4a88ee05bb322f18a249eda710a82c1d14fa6ac6e667734bdea4e5b24cf7e978e97e80638aa7bb027c03c9ec5f965a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b0a48c6c2eca09f4cbcf14e0219e3367

SHA1
b087b555f93d0d8788594fcec3135f74df8c570e

SHA256
cb091542aa897e72df7e2322d428b75ce8528c69f3120a53997dd967f1584ea2

SHA512
1942569eef91b083cd91a593faa7097441e8151834042265fa5745166fa8cc140311ff3c53a783a4e0c9121cc9d424273b84376e52ea6cd84b6ffe76deeb88e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
790a50ec3ff3bc764248f7d68cc637a0

SHA1
dc108ab141dc0e035c5f7b19b901895feba30ec0

SHA256
f4b40cfe52adb8ec99adc5aca410abf820b51d3298407202df36dfafa4bab0bf

SHA512
e0dfa49cf48f27f93f83ae5b3626178992c6b694f1d5718117cfbba8644e513c6d05716ba70094fb7e82a2f066b7770da2ffecc62d948bc34dc04c69301fcec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ac00c62e25ad13a48a23e73854d1972

SHA1
749116fbe2f5510c891bf607ecbb12d32306ac42

SHA256
b91b268f0a4c94cf395e290e885711891d9b88f5eb2fc72cb83af44f5a10f5ac

SHA512
42ab1f1b3aa026a44c55ae371cf06be4c7f0775112d65b6ec7b8e098b3b7f87ff462825c98b18dea03e1fb160e694f45728ec3d5f7c85035eff2edd80441e73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b8d69483fa01c5c999520a9dc4e096aa

SHA1
c8a0a3855328c3e3a1eb099c63b818ba62737d6d

SHA256
e691ea8e73bfff8285bedce15bda0cad36163db791d9dc5dcb9de3a5173b97a0

SHA512
f5661d309757302aa9280931a4869cd466496ca0be8d4d7aafc87e0925be209256b2e89d3b21b22bddb76f745050ddf9fd89b8c54b4efc15866d56d20158302e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
21f9bf8068f716be82da1ca381ae0729

SHA1
7697ba5d8763f15abb02dc5d16899f8d84906980

SHA256
3254909e65530b820cac43d2560690b0e7205562af4fa364ae36e1dd89c75e90

SHA512
bd00c09c8dd8e3c70a5e79f1de863d65ca39cd47aacd153af18cbbd59ca15503f088aebbf76a0fa76f02ae03174a5ca63cc427a59ccbeff5cb54d1a8a06dc881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
25f3d1a76f18b929a2d04b303fc28b85

SHA1
7016f7ca02cac957fd5ec137cb3748d4dcd564fe

SHA256
cb5c71dca07498cd495cdd908a5473f7b995fe35360bbd4bd90620abff287748

SHA512
9455c0be96b17c4b4cdfdc6cd0d6642f9526f239657316a9514fbfb8ac58852d4c7f1cd0d1b35e6a80c9e4650aefd515fca999e51d684ac0fda78e8383c06a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4d37e524bb1b72326e971d51d8b8630b

SHA1
e0395ed50a2660808286752ba99c2c8e7d61e7a9

SHA256
2da20f6d1562b7142c03054136bd010bc2e70a9b066ad64db3389c9cec0ed7f9

SHA512
1cc81a4f64ca37cca2f64befbf7eb7377ef15f9d114d2cc695141ce2b9476cfa9760e9bfcbb75c08b3746fd33df5e968f2584983ba6df6048ad72a6d8397573a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ee44e8f67b5f1cd3f75a71da9b80616

SHA1
1f0611b10070278ed470d1d0075e74dfa2d0cb13

SHA256
8b625812a42d8980fad90c59a452623f37653d49110d6c28f31e7d4cc4991763

SHA512
7a4f14390d82fd58c45c59f7eae494f74ae267fe81ee87a872c822c926ead217bd61d48219e3f360d8aef117159318b0c3c97eac2c3899c0f803a8669ce9eaa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
62e852052990a9537bf153668dd32e82

SHA1
153cc11670ddccffb965dd453edc73c3dc25178a

SHA256
69aa998738e3f6020cecd14f841b778b6991fb39302f0caa907e29efba5898cb

SHA512
608843d0a85f4b68a989f33e28cd0704ed3b6cfda5db3f18d54fe6843c45058509c13a083964001443e136ae9b3d6bcb5eeb9d26a6a7ad3b9eac809fdd7ddd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
f72c2fd907093e5eaca546109b75c215

SHA1
a3f1e42256d5af5b86490fef96321266c7a0534e

SHA256
8e737d4af6196c92f158985527d50d1e2fab79f33c8056b71442b053a5de6406

SHA512
9a8929c5e3c80c3d000d59b5aceb150f9769686c54fc4fce898889af1b9a60bfbd54c97c8f77d14a3fb26d22ea6dab6c606ae1423b1e555a96a41b51b7a4059d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
33e6542a7c09b610be14bb2d9fb8a954

SHA1
2d70d2d328d9891df25c8b87bfdb3d42bbb608e5

SHA256
ec736986c807186214b74766fe1fad96790387fea208b8ffbebc5f97b25f052b

SHA512
ef60ee0b1c7abdd3159944422d47f3fd1626b01df7ef916598a7002cc71c4d620e78de7c685146f66347c7309ae70bf61dfd1779b0c86405bfc8d4d2bb62abb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
700ae5ddf4008cac458c2d8eb7714ea4

SHA1
f70e929829501e8e22e330973b4471a480cf643e

SHA256
fe76835b9ba640e06b55b3ba129be82e756459e2bb68e28dc169a6161b895ed5

SHA512
aa57ec5e6585ed20fe42eb1ecca4b9aee6f4c880b30447cc5df5ca1eb6c2f6d6babe8a186c40a8107879f31f968a9e4dcc1da19f96c72f7d15601d88f64bb95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
00bb6a9bee0c46526fd60443659f8704

SHA1
569ae0446f056493076916e6d6152f2239a1b324

SHA256
31c8d9297279b26433b18aa720985924ef72b93b8d07492579ca9fd3dec6488e

SHA512
fbdef5892123d2eea2972530508884262ff18a114792e4859d8cc6e3fa0624af913797997d18bcd9b7c9119e3b703ff1583050e342e0b64cf70e3d20fb85aa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59b3a6.TMP

Filesize
88KB

MD5
946fd190ef1d3b816f0edd794e239129

SHA1
2ff878f78023aeec32c748819638e5cd3d208eaa

SHA256
968edd4136f8db727268da07ff64a4e4ae1af06458f136b1ab73e204de19ff95

SHA512
1e7b94081e72668d1ba82c4749ccc95d88e7d953de1d6ba5f3e98bdb297efe5a727f6bc883652868a7f9763ff29a1f70ac0b144ba167080122d5a5fafa43ecb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5972f2b4a2012efd0d2dc230074abd33

SHA1
3425bc896219214ef3bc48f167760ac828f9f79e

SHA256
0b55c9de70d444000cb6d0c9117a9fe7af2beb0654e2aa2a8ccf2ddf7ada84bf

SHA512
71fe4271bea939055dda814c49e5384994f03aac4b2d08cd4ef24c29b89d4c4df964f3b2139ac570bc8acb475d4abdd920da444c7286713f83d9376069c53f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25643af4c3bf597ea316f3e0c9f6d27f

SHA1
b863bd684e9ee958367c338510ce5ef75dd192d5

SHA256
3a49dc590224c34dfa3a4230a077804671d9b6b0f8d3f429bb5defd29c02c84b

SHA512
6e7e1b838ad3db3189f424fe91a58df4f5ef0e2389dc50173c59785a3054537042224d1c286b450426b8b5ad1ddbf349fd9f82e33a08b2331255bdc0ed276851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
26238f21d6ed92b74772ef695908dd38

SHA1
9795b31f760e973fe54794dd64b6df824c32c9b1

SHA256
daeb4d023960e18ba3aa4f1d6ebfe1fa368c7708bdcd21f1a7f72994e2c9746d

SHA512
8265df5905d054eae01faff87fb2f6adac65e224a73677dd6d962588f0910ae619d8b0ef3aad08e2a4eec32c828e2d9da94a086c4a6b522b87e09636efc22035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
85a7a6d2e76a043cf8ed6f748c3dfe35

SHA1
d6ca8eb060ff40ecae75ee83958dfd313e9b51f7

SHA256
6d338f4ac00178917d05137ecdb0f01ebae578aa9753da888091d88b676b9717

SHA512
65aa995587f18ec9fc45a03f2b0e1f9cf3965da2fc318480057abe1b9c8529696e49f1b90dade12eaad253bfde4ee9f306ea5ac5a8b6f37d3fb6414f9258da7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3f991a71de7428d998757e40ed37349b

SHA1
f1ffa23a48611f0c72d775be55860d3380617221

SHA256
8ef49ef96d3339de282a5d152f11b80ef05106a9e2e731c58be8e5df91bb940c

SHA512
751298579d45c3b648808c1b32057763ab1d371dfe27a287552e13894b90f023ddb21450b0b707680878eb4bf1badafca52c8c41aae0644486eac5daf47f46e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
611B

MD5
ba6ea01290bb74a8fa0988d3ab002f00

SHA1
2f196b2832a0ea61696ef8b326a70622488dbccd

SHA256
9eee9cf0d180804fbc7f352e7626c9af1c55911218781bee09b9c6a9bfad9cb9

SHA512
e808146df23661c9fc98f22c35de48bad6d358b829e946a62327d79efaa40b3717a89b904f4c6ccdaf27fe921e736f86f983a66066b1ad56b373d46bbd9ac58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4dcd5f6d4b12a0bdf90730753959770

SHA1
95553408c51bd5eefbf26b1a6e5e2f9be6101213

SHA256
7ab55f12c7dfc8e1a4e0245ebbc5d80d656f6365e915ae9ec632145d7702bb80

SHA512
271309e4ae8a44c22507d38683dfc7a4aa38bfe63c9abf6c0abfb29255c10a615f5ca5466695f20a5e8babfe27a219be4e607bf4a6f04e56bd507d62c37abab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d683ba3e0abe9182a5927fbb8561256a

SHA1
77326beb88d71e279639e8aa56abf9f281e49627

SHA256
250848efd8b546feaf0a37685d9abc219bf43122c1d2124b2b8f3f34b6688308

SHA512
4378e0d9f5059d8ecf44952e89ca0a36cd0ece885c4af9106d9c14eeec1252b6bd8b3003865049f3fde33ffcf97ca63a1bb902088d84272960d7526ab19aa946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
154d705d47b880be89f30d824f93f5f9

SHA1
97d4910983eea8b42d089daf15bb507dfbec35c3

SHA256
c1a6a9d3cf478694ec56f3ae6d7e97aacfa8adf6e722181b772a8c00a7c20ccd

SHA512
a86139f8407d00ff0f2fc2598f8405ce596c641771e1c0162a3ef5a621e8dff055d7c0b6096166cc62e6feec6b9d83c7930c3bcd309072c79e665e2257ed1aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
82eb315511513754b49b329336422044

SHA1
44623e46c9461ef81d23f2b2b85944f73f73e590

SHA256
5f88751a889eafc11fb02633ad5fd1f4377417f53c3cf51c265c1f4d13ac5b8a

SHA512
9a55182b263b1379a512962511f8e6c6c06e9db23c6d3c8fffc64327d71186f43766278bd8b5a85c59f0904c632066a0ee77c161e56171873ef9f4afc8d6a3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a3243a88af583be9b8710c473448b757

SHA1
6842f823211d31c07be651bc25912e507ac0f0e3

SHA256
a2d7976e1df9434649da1888e4e8e13280e17a01cf43afea0323cee37a749de9

SHA512
1309598ad8d91426dcdf11f9a92e150ed8d3229643b25762fdd1a9c9c96b34ab5c413ecdc0b27d2ce58caa4f0c856e00875dfe7aea58cfb552fea0e4d9d8ee00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d65dae3e-33a0-4296-8d0b-1c45e8e08ccf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e692caf6077b4f9bff99948bf48f5f6

SHA1
53c5790ea2353e779096a3c5bc7cfbc68530081a

SHA256
c8da6239ec556ceb38e827395c76dd3a1c682fd0e746a1b4538cba257ab7d362

SHA512
19695a193e7b12936e41195d7b90c8b36ed37290a95bd0b129e30d146b7a685c3502476f7e221de6f3635133980810660a88e8c0858d06013c7e9f3567531fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
542bbf0530b74ff9ee37088735dd16c5

SHA1
442da1c3b4f118cce16614813185d548bb01d817

SHA256
4a82072cdde6f720b8f7440c8fbe05730e47f4501b4c7746d1d2a68e8f42e701

SHA512
354755214a54f9aa08269ff55e61746035ff500a06180a79a7fb58f73a8f99fdc5168f0d097d354edcb1c6d9cbfbf821c65c2bd4243b151de725bbd91383a780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\lod[1].php

Filesize
2B

MD5
444bcb3a3fcf8389296c49467f27e1d6

SHA1
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA256
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

SHA512
9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-02S5C.tmp\file.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EATMU.tmp\setup.exe

Filesize
10.9MB

MD5
9d988211cca0eb8d17c7f7f5d8568052

SHA1
8e88bdcd4203fbca1a5e8ab116b21b234fdc824c

SHA256
599b774cb9465d267ca8ad59a5d77ef006798de9bb1ff6bf2d81f1d8e952ef85

SHA512
59a76466c386c346b333378997c26acc2948868eca958ce2733c13d594d2f4d04bdab3ed8d5c9af5f1f165e2f091135d36a43efe2a37b741e522e20e1d826774

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EJ1H5.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PE0P0.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4732.tmp\inetc.dll

Filesize
22KB

MD5
cab75d596adf6bac4ba6a8374dd71de9

SHA1
fb90d4f13331d0c9275fa815937a4ff22ead6fa3

SHA256
89e24e4124b607f3f98e4df508c4ddd2701d8f7fcf1dc6e2aba11d56c97c0c5a

SHA512
510786599289c8793526969cfe0a96e049436d40809c1c351642b2c67d5fb2394cb20887010727a5da35c52a20c5557ad940967053b1b59ad91ca1307208c391

Download Submit
C:\Users\Admin\Downloads\Butterfly on Desktop.7z.crdownload

Filesize
2.8MB

MD5
70bd4ebb133be5949a45a057ecacc482

SHA1
2632e0f916a10c625c3e88bec30a17c0a56839ce

SHA256
21ade86035c56d9364d8c7abdfe06e13d3776e2649d649ef10acacc98e10cf3a

SHA512
f0274b05e4a97a211bec0838541e9c674ef08b59ad184d64e1cdf6a12e27946b33e886f15437bd513a4158b41c861404e7e5d1c2782ba234be5220033006f53e

Download Submit
C:\Users\Admin\Downloads\Butterfly on Desktop\[email protected]

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
C:\Users\Admin\Downloads\Free Flash Player 2.6.0.7z.crdownload

Filesize
11.7MB

MD5
d4fa58b5a7c9b0208dc11bc6c52699ed

SHA1
2d6a41c01e70f306e9314f867678cc906b1e1891

SHA256
df011b573908759fca751c9ca09358a883973c3ba864f15fea829b38602551f4

SHA512
23301ba6d86bd98023e94cc6a06f65c588cdd718a1171a2ecd058d31fb386af5e97cdef23e3f52c816837586d0aad00477ac1b4bd160ff6a03437692c9fda231

Download Submit
C:\Users\Admin\Downloads\Free Flash Player 2.6.0\file.exe

Filesize
11.7MB

MD5
7832ef2b3e8bb6b3e8d00c28830bd808

SHA1
cd24da94e55903038030c71d99c807d392424f48

SHA256
302d2e320faf6bcaa2c3c427e84f48a1f73fb77e9b3a4e5b8a9378a9124bfe54

SHA512
0f4a99f145576874ada21c78d1106d037651bb91b97b62755fbc5e34d65e0b40d120444dc07c1370740db6eb5fe77441e640c74e151341a88cf10892e61ac54e

Download Submit
C:\Users\Admin\Downloads\SpongeBob Screen Toys.7z

Filesize
30KB

MD5
caa68c86d28a767336a6971fad962cf2

SHA1
f6c6255110fa64e742e5071435f81681d580b700

SHA256
5f480c6fc1c6b9d4e879ae5ceac9a189d4fa6799540d758a4d918619576183f3

SHA512
0a9fe3d6449ebebe3af51061a272a68a040cfde8d036d6d8b77f9c1ab04e7d436b3e4b3d00582c22ac42a37359208243b8e28472ae2d865f37dff11f1501abfb

Download Submit
C:\Users\Admin\Downloads\Topic Torch.7z

Filesize
197KB

MD5
f1c4802a5a8d52fb2d87739ae8663613

SHA1
90af04fef0546d61d05ad0d481e21bab42a48768

SHA256
95e9ac0b0e094716d7d6520eb1ee8289e0f6c4f01ac826f4b0942445f10fbe8a

SHA512
95b4d860697acdfb4d3e9cd1ab7b484fd6598443adf4920ddc0b27a12e5379ac6c6d914bd00f02c5ee82458ab93a5b5d085ee345c8622a8323c587bf6d7b41e6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 282943.crdownload

Filesize
11.1MB

MD5
3cfb210488e1baf82ec8bad3df208bae

SHA1
046d7f48a58cbba63c4d31524ec8fcd0bb5ae17f

SHA256
810c835ddb5d947c36fabf44c05c1e2e47e7a097157845196b9d0d34cf7dc58e

SHA512
6a855341c8dd66717380696f439e150e333e8a4992969ef0e389d5f90347aacc2678d9d0405e20ad163217d1386249f479825cb4a81e3a0bf6e4f6df4919f4c6

Download Submit
memory/1384-1215-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1384-1246-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1384-1217-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1384-1219-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1384-1241-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1432-858-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1432-860-0x0000000076540000-0x00000000766E0000-memory.dmp

Filesize
1.6MB

Download
memory/1432-859-0x0000000076160000-0x0000000076375000-memory.dmp

Filesize
2.1MB

Download
memory/1488-1587-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1488-1581-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1488-1569-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1488-1607-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2888-832-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/3220-1247-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3220-1214-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3220-1205-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3240-1568-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3240-1542-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3572-634-0x0000000005090000-0x00000000050CC000-memory.dmp

Filesize
240KB

Download
memory/3572-942-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3572-887-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3572-642-0x0000000005090000-0x00000000050CC000-memory.dmp

Filesize
240KB

Download
memory/3572-641-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3572-639-0x0000000005090000-0x00000000050CC000-memory.dmp

Filesize
240KB

Download
memory/3572-638-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4344-1501-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1574-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1458-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1477-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1547-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1478-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1450-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1479-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1440-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1570-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1573-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1510-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1577-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1494-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1582-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1490-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1588-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1488-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4344-1480-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4664-637-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4664-619-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4664-943-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download