hxxps://shadowstrikebeta[.]blogspot[.]com/2024/05/alttomelu-srchttpsimg[.]html

Resubmissions

23-05-2024 00:41

240523-a2a1wsfb3s 1

23-05-2024 00:17

240523-aljcbsed7x 10

Analysis

max time kernel
741s
max time network
744s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-05-2024 00:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://shadowstrikebeta.blogspot.com/2024/05/alttomelu-srchttpsimg.html

Score

10^/10

bootkit discovery evasion execution persistence spyware stealer trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

1b847112.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" 1b847112.exe
Downloads MZ/PE file

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	1b847112.exe

Drops file in Drivers directory 3 IoCs

Processes:

1b847112.exe

description	ioc	process
File created	C:\Windows\System32\Drivers\28715766.sys	1b847112.exe
File created	C:\Windows\System32\Drivers\klupd_28715766a_arkmon.sys	1b847112.exe
File created	C:\Windows\System32\Drivers\1f4d5679.sys	1b847112.exe

Sets service image path in registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

1b847112.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_28715766a_arkmon_1FAB7DDD\ImagePath = "\\??\\C:\\KVRT2020_Data\\Temp\\1FAB7DDD30441F29683F36A228B6F91A\\klupd_28715766a_arkmon.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\1f4d5679\ImagePath = "System32\\Drivers\\1f4d5679.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\28715766\ImagePath = "System32\\Drivers\\28715766.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_28715766a_arkmon\ImagePath = "System32\\Drivers\\klupd_28715766a_arkmon.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_28715766a_klbg\ImagePath = "System32\\Drivers\\klupd_28715766a_klbg.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_28715766a_klark\ImagePath = "System32\\Drivers\\klupd_28715766a_klark.sys"	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_28715766a_mark\ImagePath = "System32\\Drivers\\klupd_28715766a_mark.sys"	1b847112.exe

Drops startup file 1 IoCs

Processes:

ShadowStrike.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowStrike.lnk ShadowStrike.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowStrike.lnk	ShadowStrike.exe

Executes dropped EXE 9 IoCs

Processes:

7z2405-x64.exe7zG.exeShadowStrike.exeShadowStrike.exeShadowStrike.exeShadowStrike.exeKVRT.exe1b847112.exeShadowStrike.exe

pid	process
2880	7z2405-x64.exe
2776	7zG.exe
2328	ShadowStrike.exe
3080	ShadowStrike.exe
1148	ShadowStrike.exe
5056	ShadowStrike.exe
5700	KVRT.exe
4876	1b847112.exe
744	ShadowStrike.exe

Loads dropped DLL 61 IoCs

Processes:

7zG.exeShadowStrike.exeShadowStrike.exeShadowStrike.exeShadowStrike.exe1b847112.exeShadowStrike.exe

pid	process
3412
3412
2776	7zG.exe
2328	ShadowStrike.exe
2328	ShadowStrike.exe
2328	ShadowStrike.exe
2328	ShadowStrike.exe
2328	ShadowStrike.exe
3080	ShadowStrike.exe
3080	ShadowStrike.exe
3080	ShadowStrike.exe
1148	ShadowStrike.exe
1148	ShadowStrike.exe
1148	ShadowStrike.exe
1148	ShadowStrike.exe
1148	ShadowStrike.exe
5056	ShadowStrike.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
744	ShadowStrike.exe
744	ShadowStrike.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

7z2405-x64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

1b847112.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\41ac199f-6aad-4a55-8335-2f76b98b677b = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{525ee992-37c8-4922-9a19-8de84e0c00b2}\\41ac199f-6aad-4a55-8335-2f76b98b677b.cmd\""	1b847112.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\60159cc1-65c6-4d61-af86-0017aeff6a1e = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{43aab99b-7029-4382-ac00-ac1d3d50335d}\\60159cc1-65c6-4d61-af86-0017aeff6a1e.cmd"	1b847112.exe

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery
T1518.001

Processes:

1b847112.exe

description ioc process

Key opened \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\KasperskyLab 1b847112.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\KasperskyLab	1b847112.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

1b847112.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1b847112.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	1b847112.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

1b847112.exe

description ioc process

File opened (read-only) \??\F: 1b847112.exe
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

299 ipinfo.io
300 ipinfo.io
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

1b847112.exe

description ioc process

File opened for modification \??\PhysicalDrive0 1b847112.exe
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 2 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery
T1082

Processes:

1b847112.exeKVRT.exe

description ioc process

File opened (read-only) \??\VBoxMiniRdrDN 1b847112.exe
File opened (read-only) \??\VBoxMiniRdrDN KVRT.exe

description	ioc	process
File opened (read-only)	\??\F:	1b847112.exe

flow	ioc
299	ipinfo.io
300	ipinfo.io

description	ioc	process
File opened for modification	\??\PhysicalDrive0	1b847112.exe

description	ioc	process
File opened (read-only)	\??\VBoxMiniRdrDN	1b847112.exe
File opened (read-only)	\??\VBoxMiniRdrDN	KVRT.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2405-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2405-x64.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File created C:\Windows\rescache\_merged\3720402701\1568373884.pri chrome.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exe

pid process

2116 powershell.exe
748 powershell.exe
4208 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	chrome.exe

pid	process
2116	powershell.exe
748	powershell.exe
4208	powershell.exe

Checks processor information in registry 2 TTPs 23 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ShadowStrike.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ShadowStrike.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ShadowStrike.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	ShadowStrike.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ShadowStrike.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ShadowStrike.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ShadowStrike.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ShadowStrike.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

5448 tasklist.exe
2028 tasklist.exe

pid	process
5448	tasklist.exe
2028	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

5396 taskkill.exe
5656 taskkill.exe

pid	process
5396	taskkill.exe
5656	taskkill.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608971471134524"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 22 IoCs

Processes:

7z2405-x64.exefirefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

1b847112.exe

pid process

4876 1b847112.exe

pid	process
4876	1b847112.exe

Suspicious behavior: EnumeratesProcesses 56 IoCs

Processes:

chrome.exechrome.exeShadowStrike.exepowershell.exepowershell.exepowershell.exeShadowStrike.exe1b847112.exeShadowStrike.exe

pid	process
404	chrome.exe
404	chrome.exe
3168	chrome.exe
3168	chrome.exe
2328	ShadowStrike.exe
2328	ShadowStrike.exe
2116	powershell.exe
2116	powershell.exe
748	powershell.exe
748	powershell.exe
4208	powershell.exe
4208	powershell.exe
4208	powershell.exe
2116	powershell.exe
748	powershell.exe
5056	ShadowStrike.exe
5056	ShadowStrike.exe
2116	powershell.exe
4208	powershell.exe
748	powershell.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
744	ShadowStrike.exe
744	ShadowStrike.exe
744	ShadowStrike.exe
744	ShadowStrike.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

1b847112.exe

pid process

4876 1b847112.exe
Suspicious behavior: LoadsDriver 5 IoCs

Processes:

1b847112.exe

pid process

4876 1b847112.exe
4876 1b847112.exe
4876 1b847112.exe
4876 1b847112.exe
4876 1b847112.exe

pid	process
4876	1b847112.exe

pid	process
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe
4876	1b847112.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

chrome.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of SendNotifyMessage 31 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
5944	firefox.exe
5944	firefox.exe
5944	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

7z2405-x64.exeKVRT.exe1b847112.exefirefox.exefirefox.exeLogonUI.exe

pid process

2880 7z2405-x64.exe
5700 KVRT.exe
4876 1b847112.exe
4876 1b847112.exe
5944 firefox.exe
5832 firefox.exe
3684 LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 404 wrote to memory of 3568	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 3568	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4616	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4780	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4780	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1424	404	chrome.exe	chrome.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

1b847112.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" 1b847112.exe
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	1b847112.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shadowstrikebeta.blogspot.com/2024/05/alttomelu-srchttpsimg.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffe87cf9758,0x7ffe87cf9768,0x7ffe87cf9778
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:2
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4788 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5528 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4808 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6064 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3112 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4452 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5516 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5952 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5032 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4536 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6392 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6188 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5252 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6856 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6548 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3564 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6244 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5304 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6656 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:3012

C:\Users\Admin\Downloads\7z2405-x64.exe
"C:\Users\Admin\Downloads\7z2405-x64.exe"
2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5200 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:1
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1892,i,7330014506358224008,10072837740038450368,131072 /prefetch:8
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:312

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ShadowStrike\" -spe -an -ai#7zMap379:86:7zEvent21075
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2776

C:\Users\Admin\Downloads\ShadowStrike\ShadowStrike.exe
"C:\Users\Admin\Downloads\ShadowStrike\ShadowStrike.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2328

C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe
"C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:3080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
2⤵
PID:2716

C:\Windows\system32\chcp.com
chcp
3⤵
PID:2112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
2⤵
PID:4628

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2116

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:748

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:4208

C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe
"C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ShadowStrike" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1804,i,9864739765792589131,1939912591027320662,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1148

C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe
"C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ShadowStrike" --mojo-platform-channel-handle=1972 --field-trial-handle=1804,i,9864739765792589131,1939912591027320662,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
2⤵
PID:5272

C:\Windows\system32\findstr.exe
findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
3⤵
PID:5304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
2⤵
PID:5356

C:\Windows\system32\where.exe
where /r . *.sqlite
3⤵
PID:5388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
2⤵
PID:5404

C:\Windows\system32\tasklist.exe
tasklist
3⤵
- Enumerates processes with tasklist
PID:5448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /f /im chrome.exe"
2⤵
PID:3808

C:\Windows\system32\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
PID:5396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
2⤵
PID:5472

C:\Windows\system32\tasklist.exe
tasklist
3⤵
- Enumerates processes with tasklist
PID:2028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /f /im chrome.exe"
2⤵
PID:5532

C:\Windows\system32\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
PID:5656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
2⤵
PID:5552

C:\Windows\system32\where.exe
where /r . cookies.sqlite
3⤵
PID:5836

C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe
"C:\Users\Admin\AppData\Local\Programs\ShadowStrike\ShadowStrike.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\ShadowStrike" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1804,i,9864739765792589131,1939912591027320662,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:744

C:\Users\Admin\Downloads\KVRT.exe
"C:\Users\Admin\Downloads\KVRT.exe"
1⤵
- Executes dropped EXE
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious use of SetWindowsHookEx
PID:5700

C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\1b847112.exe
C:/Users/Admin/AppData/Local/Temp/{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}/\1b847112.exe
2⤵
- UAC bypass
- Drops file in Drivers directory
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:4876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.0.1929547628\1192041876" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {303537e9-ba02-47b0-b9b0-2173f0546b98} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 1780 1fdc1bd0858 gpu
3⤵
PID:6068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.1.1496458839\1124482519" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a0b19d1-2f60-4d52-b337-7e18db094353} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2136 1fdb6b72b58 socket
3⤵
- Checks processor information in registry
PID:2644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.2.1437355943\163971283" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d63ba468-0868-4ac4-b457-83f67d2275d0} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2812 1fdc1b5e758 tab
3⤵
PID:1092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.3.1359201856\323601533" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32062909-1683-4130-b740-9e6393003d80} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 3476 1fdc6b95158 tab
3⤵
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.4.392014007\1280294060" -childID 3 -isForBrowser -prefsHandle 3868 -prefMapHandle 3804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c117282-b172-43c2-918f-864c9cdfa6ab} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 3932 1fdc6fe6b58 tab
3⤵
PID:4920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.5.933344796\863055860" -childID 4 -isForBrowser -prefsHandle 4740 -prefMapHandle 4728 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a7cf2b2-628f-47b1-9731-4c979f2405de} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4900 1fdb6b30b58 tab
3⤵
PID:3728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.6.1828019037\265868639" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72d1be8a-857c-4750-9c37-b1808d7871bf} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2632 1fdc7efaa58 tab
3⤵
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.7.1180628854\826246312" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e3a1bf4-0d4a-4f38-b698-81d72aa76aff} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5184 1fdc8e15258 tab
3⤵
PID:2340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.0.1765676447\1288718942" -parentBuildID 20221007134813 -prefsHandle 1608 -prefMapHandle 1600 -prefsLen 23541 -prefMapSize 233876 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3597bcb-be40-4afb-9cdc-14a06e02fd48} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 1688 20c7ffe7958 gpu
3⤵
PID:1856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.1.1001260699\1893539735" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 23586 -prefMapSize 233876 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a1e8ce1-6fcc-426a-b350-010b9d3062d8} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 2004 20c799e2658 socket
3⤵
- Checks processor information in registry
PID:6064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.2.1228779351\1990295182" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 24047 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca47d5e-0581-438f-a96e-f78087581dea} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 2716 20c08437758 tab
3⤵
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.3.260061350\1765251959" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3100 -prefsLen 29225 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d00f221b-31d6-4b62-b45e-c851caa28f07} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 3080 20c08bfae58 tab
3⤵
PID:996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.4.295379989\1613617767" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3764 -prefsLen 29225 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd18478-f512-4b44-98e4-d47ade45f3f9} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 3784 20c79969358 tab
3⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.5.726047054\1353798807" -childID 4 -isForBrowser -prefsHandle 4492 -prefMapHandle 4488 -prefsLen 29225 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3c947a-0041-4dab-9623-6b67270b2136} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 4504 20c09799558 tab
3⤵
PID:696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.6.1489835732\1958247075" -childID 5 -isForBrowser -prefsHandle 4656 -prefMapHandle 4660 -prefsLen 29225 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e185d8-1ae2-433a-92c5-6ec4ce7f938f} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 4648 20c0b03f058 tab
3⤵
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5832.7.2111008692\1356657037" -childID 6 -isForBrowser -prefsHandle 4844 -prefMapHandle 4848 -prefsLen 29225 -prefMapSize 233876 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a08229-d3a8-4e9f-884e-f8ecf527a2c4} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" 4836 20c0b040858 tab
3⤵
PID:196

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a81855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3684

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Process Discovery

T1057

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\KVRT2020_Data\Temp\1FAB7DDD30441F29683F36A228B6F91A\klupd_28715766a_arkmon.sys
Filesize
383KB

MD5
1fab7ddd30441f29683f36a228b6f91a

SHA1
2d28d18023bd7c8064efbb6561743f77b0266159

SHA256
261a8df7079628e149a5735de1237802c4d510d986dbe8ad243d9004a4544ea9

SHA512
0c2f717b5db0e0278fb5c0bf4aa87597fce0a62c7a49455bb0fe56f8421912a4209441a9863b7c2ca9aa503624ea8182db716bf9f2988793a4a59c441c2ab57f

Download Submit
C:\KVRT2020_Data\Temp\ioc820A0E6F-181A-EF46-A745-805B4E96B5A4.ps1
Filesize
630KB

MD5
3737adf7e1082ddde2b0af1d6b119efc

SHA1
35228d99bbc1437c71b6a6307b6ae30692277fdf

SHA256
baceacfbc0dae0198dfff141290a6568cd203ea406efb6453a8175e99cd8b704

SHA512
fc6ed0108b3d940365dfe5de2247636f55561f0d8996b0398ecc98c3b0d275dc9562aab403cefe48e029092e698b17f97413c09e520053fa51f78ca3671d33c1

Download Submit
C:\Program Files\7-Zip\7z.dll
Filesize
1.8MB

MD5
2537a4ba91cb5ad22293b506ad873500

SHA1
ce3f4a90278206b33f037eaf664a5fbc39089ec4

SHA256
5529fdc4e6385ad95106a4e6da1d2792046a71c9d7452ee6cbc8012b4eb8f3f4

SHA512
7c02445d8a9c239d31f1c14933d75b3e731ed4c5f21a0ecf32d1395be0302e50aab5eb2df3057f3e9668f4b8ec0ccbed533cd54bc36ee1ada4cc5098cc0cfb14

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
691KB

MD5
ebff295ea5bb139eb04c699e1a52c286

SHA1
4d71053397304ab545f246ed6676d5927691b833

SHA256
835d114678b311e938ee235519be252b38f14f2c5117d3ee3b905f09f0615f94

SHA512
4320277436d737efb3ea04515a52ec86102a02f840b2f16d8f27673244124e149f01eee15870448710ec015c103a83f8bbf491f9928dbc1bc1b55236da8473b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
162KB

MD5
a88871184612cc87873657ab4a085912

SHA1
70664d463b60bd543bc0ac709ae522ced6d055de

SHA256
4f0445e20e763a159025f94d6dc4a9db1d805909381785c6ad3bb081f62d89d0

SHA512
dac82f6d553de9fc6234809d32d34a73c0cd018e29224e5b2eade63eda313ffddc081c72a9d1d8abf251e5f5c4f1867708850c3adf8132b2fdd9099d213cbc32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
180KB

MD5
0e640cb7389fb390d7cc04a37174e627

SHA1
2d7bfb8449a71714f8579894da21a1be05bd01fc

SHA256
a34a1c173964563e8b2e85b9d60359d09146e573c503db7b0dfd9324efcd1bcf

SHA512
dd35bc49acf11b5c79352226b1e1a6c2d972d12e835f3277f682b9b515ce289b120ca8097e108011a49890d6af8268f3fe41d6650ae40b3a7aa11c6d0ac37fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
668b33bd27dd6ec7336ca24e68b5b3ed

SHA1
30b4f99f327916ff1db70e58c538cb3e8d584d79

SHA256
00b21324bc6b6acaeab06617510e0af0ca0d9b54e341b4e9b6f09a993a21fb8f

SHA512
62f3ff00d682de4e00e8ee2f09f7a270bfa239669d9377f1ee19fa86772127f25adaa2b44f8ecf7cfa7d9fa2be3c6068307ddf17d30b83b610ceeb0836c8c699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
c16da5ff127e475bcee15836282bf491

SHA1
b14da90302d65c96415fc215c09bd5f4527df7fc

SHA256
8bb1806631bdf77230b70b51103ce60a980e8d9f234588df52cfc31129fb7083

SHA512
5c7339165956a3dad655a4dd8aea61cb64ef04b1ac07c4b4c0e3ca0757740f74f2559934da450fda1f1a5c162b43f2637dfe9caf57156b7f384e5f6614000843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
aaf2c0a927b23da2e11c75ce5cd568e1

SHA1
fb37af330d0a775bda19dfefb8368ff22b71f70c

SHA256
c35a9856ec7acb6308b71ca5d6ffef5a09ec22a26df2f465ada9ad7e529d3e74

SHA512
e994bb93bf73166933bccb56b9b2920f5462ae6812d84ca6bd351e86cd5164e2f515f00ebe85442f19d4c5bdfed5b5b18c566b6f7af38bfe0dd0e67b41c48439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1e743b3bb51d33c97613cd736309a738

SHA1
ae1d0fc1945906ef791ecf5de9919a8aff027075

SHA256
e843ec7905a80760b3ec45b476ad4c1b1be2067fee1c9a640c5abf20d3dda95d

SHA512
2a06ead436dc43c3a0107c96f6a81858d549ba4a02b67c10c1363800915e4c42b9188c04d49f975c8555c8045641f23f51181d71895756fd61c1f1e011d98fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
81796d91b2dd23f2b08e9e2ae7f673c5

SHA1
47d0d53ca48271e5d60533f14b82113fc5ef1753

SHA256
bfbcd6c67fd8d2834594767aec54951c3fd5bfeadcad8a3605f918779c3357bf

SHA512
92c800053af0bf1960baba88940ce1770729b40accf342a2cf4acc32d387a481a6351cabbdf8456a09f19a146910aee6d8e664dd8ae82f2903d5b7df5febdace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
adbcc84c0183a0264b4f2d1ebbefd9be

SHA1
5a49d5f9a9c805734accf7bc699daf779f2c32b2

SHA256
8f7799f72d7849908ae17de01198e147855db124aa9f883ee3cbbc726ca36379

SHA512
196433feaab410c9999515a7b06fb056c953d4f7ca2c054fd293561c710879d6c3fd9ba3ca377af9788b425067b11a55e7c2dea9ed0339f5dfd84488527c86c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
4da6a0752d2654c447d0c5e9681689d3

SHA1
4f1410d03430a1913aa95bafe8c4cffd0b7a9916

SHA256
75a434b63ab51ac61f500f135e13ae4c70e21c197a51505ed22b59b96e036f9d

SHA512
bbcf362784e3e4b39d9cc63b540faeb1d5788215fcfb29d7ca859a72a4f26a1b671bf49c9070cf045a87f361003f35fd098aedaad7a2bcd6bafafb53aa40abd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
982c2dfa1487090d173508296489c3d0

SHA1
84e015219ac8e5cc3d37e73c35ef51c0233165c3

SHA256
576a9cae714bd26923e75bcb804f3bf80505b6166bd39e5fb77adab1c3c89d91

SHA512
85af79b776b9333fede778b034a3145c1098b4191601b405074c50544aad0960d96e2124cd2352464f5078bd876aa9b7d817669ffcb93c88dfcadd4c1cc9ca30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
d4caf27d2c18163e4663499d41d2c555

SHA1
0b7061a63df9fe7f4c9f7ab36dcadd4ec72ff7d3

SHA256
69aaf6c8b72643ac973faf9a664e1c48f913a6cbdf3ed91118b37289b44d0188

SHA512
7f19523ae71f37ddfb7f790caf821316d65b953b7fd9c75f45e7d0d2d4378c672186a360cd51e8bf86e10590cc258a174088ad130fc81d9dd16e21045922c987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
f078dfb2893498e35f589ec4a8102fc4

SHA1
941a4ab647f9198569c050692915b487619a6e62

SHA256
6e82c48370c9becc80513c923a74debd331aa63ef02c5726fd6c339801d11846

SHA512
394f3698b5d7526219c5faec9a31889e0bdc816a1cdc0094d168d9f4da15960bbf8c4fb680eb9105b2ebd90c669a08d0f255b08e87892f2ef8487715206479b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c95a1d5afc33f35d9c81dc2ccee726ba

SHA1
511a1a1db35e856f96bd7c204091669722223a72

SHA256
91de6397e5399331bef56ffbe42aa9a6545a8cf488e251c4b1e00c830e3bd766

SHA512
ccd5003f932fdc51085355176c59b3a39d36b20a81e797d08dd1183be63f9c05927fbcf79beb79c18f42a567edc14b351a202a79d4685c77c9fe8a79027fee12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
66f3ee20ff53a5661c040002ec77b82f

SHA1
7a866326f5ff95bf9560bf8c85e06b71cc597c18

SHA256
1e57aaeb4578e9e4b366ddd751ef69be9afbdd6ad82f232c6745cfc393f97a5c

SHA512
06a294b6c673601cd83c908760659b14f1cd92ad2d35b7d09e290bb45a6a20a3947452c725d8f881ade4931c9835be9ec3184dd4e30413838478e254ba145410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
13adc850e7ddfe82c65398b1799f4cc2

SHA1
36e3c335ea7b60acc277af15ce642dddc8df2313

SHA256
4d70ca7d41a924f1130c97d15ee0e2791b970ec62353e31f9638fbc670f03626

SHA512
fcc12c4879fff3b39de8d0c67178445c25b9feddf1c08f51d730d2b2eda99b6c52f3d4762f7af01afb6a4aa821ff00ec7d0c41192c06bc4ce8d21dddd072778c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
9eca963ae0c23e8831c305b7c02ff77c

SHA1
88dde639db31369b3865d71f24d98f1828859588

SHA256
a437f20b76d84eb58dc4b5abf5fa96c84a1b1ae26ff5cc0d76cb8084ba91a61e

SHA512
ea9cd24d1498266e347d7c176b60466fcef0c6b91f2d6be77af0d75648bd2b678def2ddebcbee17d0e30eb9bb8a043da5663fae616092d463601f88070d9c5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
1ce0c68e13482151c3e7c7db3ed7fc6b

SHA1
a813720d057a02e94a2ce4ba09411cfcc24eeba6

SHA256
bc31386ea67b81a2cecb669473716efbe3987b2ee619836330d66677d3be61ce

SHA512
5ed1351350904ac84ce4722d948bb9d9f83503419076642a8d4c441ad56c0d6364eeac2883b0d3d1a11b85bf1bd0384329af0821163bbcde93b277b010717f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
30f5409773ca3fbe378aa8993d2605c2

SHA1
f60ecb5d1dc9d8f9c7e3407d51fd6b44374851b8

SHA256
1a3fa23761bdaa641e281e2d8e1801c95b4428615bfb86000b985ff7e9b9a063

SHA512
420e64af982c869630d264c3df9c4fc857b8a39ba2aa3859b3d5e2b0fd51158f41ff81f3a3eba25681a96612f6c20871d7bdd12e7e7f6e6dfa772e2bf1cfc211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
ec463dc35d2da38dc7c19ea3eca79bce

SHA1
e49fb23a597fa1271e456df1ca4d5e32c1254b50

SHA256
ddc5fafa5161ff78cb6f159efb7ada45a3bed7bb551d0967778a5304d9a2cfb5

SHA512
5f0ad6e48b945d0588f32f8e8d16b35e525e4be807b3027e83a1d30349402db8ccfafca8ad3aa1243efaf0848a8805b438b5b7d735973f88e7ce81e33d2cdf43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
48077a14f1d7a07f89ab934730e55dbe

SHA1
57286ab8deeafd0e3484513b6ec7af0b48ca710f

SHA256
60acea801d88b6408e7b89a85ba7533671678d3e71dcde128bdfcb880b18b62e

SHA512
15dbfa32a1dad1d4aedac36b752271176e98ac4885a74da11cf814ec02ea6fe6d6f39294e790358aec860630b814e5b6fc4e87f0377f02790edc58bcd0e7e659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
d8ba13318a3b5ec471d4114eb8d459ec

SHA1
eae84932b32751625bfa65b74bcb0b932c70d093

SHA256
b650d25261ca6c138df5a6614317b07866883a84e3a7aca6a378f5c191752795

SHA512
c5a1d7bc7b949dd44e62e3cb5fef206bf46f6db1d44027edaf3bbeac70e568a3da4b73f4f3cb72549b77802b4b4b77ff8742a3b747c38f3da34453065323885d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
577c6a23cf0e69cc8370968c1a044ba3

SHA1
ab340f38f19cb2915e0722f859d74bcad1fef1d2

SHA256
6cf1f210865a6144b7efacf73c23b7a390beab31cf51249ef29bc8d1d0eb3b30

SHA512
dd2da8061d31b804705eaa7b11ca3bb89ce58ac67252cbcb9ee44d8a5e255f9b206f7c43ce351ed21b49709c09d848fa85691e24afc12873a9769375102f2122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
22d9c9f0c1bb45d0dbaca62eb64b8a7f

SHA1
042584ee71deb9a4af1ac7df1b574eb2e131f285

SHA256
eefa40576821774690e91be5f55b985399de3c4c498724cb6fc193104dbf9b17

SHA512
d0a3b119f9c76e282c0e33fe672bf631346ff07f198b41df9b5d38c448921d9ca424eda92053af730dda9a298adbbfe4a54f2db7d6e586a8a33b2f811b197b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9a68c542448b1d6372a46ce89acba537

SHA1
337912c92034bf27ded836f9f5ac68a141241878

SHA256
b38ec99083fb35f0411d276550f9e9535ba20222abf9e8b748951adc181c76f5

SHA512
1e8eef042432c10189c621350f3c3ec656ddff957d1e1b9cd4a0171e64080d2c0443eb8c83731497d7bdc1ebefbaa8d3707f24a860ec23c9350f491a3fec55b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
f06e0a8c55be2b59f439cf09a9e09eec

SHA1
cf2830f762bed9985af809496b352364f0ccdcfe

SHA256
08718287a92e77e907823bd4f5a4d3cd6e8f286435737681ec36503adecb9d51

SHA512
7e10033beb101f68c1b523a7cc6f05de2c84c094c521159b6443241b597564f2287bb961dcce3acf648c8577c973839997d5c9b497a50c5b4cd436a7de1fc0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
59f258603d94d765b80fc229ccf67478

SHA1
6dc17cef1ce964700609af49015583cc64a07079

SHA256
7dcbe44fc24f32740e4b90f235ccda8a1f97836bac3d9210f89190a008e7d49e

SHA512
46fcec747f0990e5cc0f1eb1e0349bf883e5b5c12b63e53714f7f91c0a97a88752b6762d522e819026ac7ba6e6234016e75eba06f122c2ecd456813db3fb373a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2cf08c65a7da786a457e0575d582030d

SHA1
10a50758ea1080d15a8afff3727538f296f2ae89

SHA256
f382fd9fb9f86ec2ad34bcbd37e07f1d263f5cd6669fd37afa3a7a3bbf89324f

SHA512
b675e2e1d16a3246885957f4843ae872c0632e5d3879819ebba2ded809fbee786c393e9aee4a72f2dd16a8add3050b4486d9a9b436892ee6fec25a1829f841aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6e9fe8b97099e53a3c8e4f133692d97a

SHA1
35876390138815be81f300296fa9565965c412e0

SHA256
4c8dcbbdb04bee1c923553a173e965612068b852174eb3e382132d1f11330f24

SHA512
10cada1f28ed4aced023bfc6ef18750112aac7afababd5f99e1518cdb19f2b8c0d3034902cc37989741540215f0fe989a29e2eb58d8210a41043a558c80c3bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
980f85312a22d63b37fa642628928fef

SHA1
dbcc045378713b90af719881b755e4e3a1748c9e

SHA256
38f883b0e68e293cb15656d14d97290432dc3ac4e4b51bebb9e1dc18d629143f

SHA512
0e29a8a00c5dab2815577e8f8f4730d81cbb0d6ffd47dd8a89eb3b7cf8cb81847ff5642356bb7aa52258820bdd01755eaf643ad0e4c2ea4f5e9846afbdbcc60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1bc3d0b2009c9bbff9b0973c1c66a288

SHA1
b53e5c090708b6d330668d3374c61bd601e256a6

SHA256
004ccf8438225eab2d8b6569c65f2c066941119623982129a9ca364b8660cf0c

SHA512
54fe662b4d82bcc189bf517e9f07f0187eada2134fdf9f086db71ace24b6593bdc231b0abdfa282583c3785fbeed69d38de8e5aab2c522a830ae4b882ec7dd3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
360a46f8000a1c5e45342d8013d485c1

SHA1
d1d0dc2fe6074f7ff249c216e91be340009b857c

SHA256
ce0f2a3dc6788c60f5a64b68a2e30ab4c3c18e1dc9feb12077f686cfa53722a1

SHA512
88c3f17292472cdd55bbd5dbeace336a4f23e5a62c6eb0c23ec329ed54b4877d2e51871f32d4452e379609659f639684f148b319cbac4d72a168e52a3f56ea14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
27e4be0ca54081ff674dded73b15184a

SHA1
b92fe8c708a8b1eb3a5521ab993e328e10a48744

SHA256
5cc6e89231154d6c59756668b83c32315d26309f3292f453cc45dca5373a27e1

SHA512
78a12ca3a95662fbaea5b35f86c466549a04876112bc60226190df962105a66f2ef7745fc71406cce7f61441aa5dba0f95b37ed84e956f42021943cb4fcfc55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
50c8916db2ad0c83c1f12c35513bd3ce

SHA1
35c63e9e413d68c7c191ae98a4cd57a815157356

SHA256
ae33f5ee929c692826f2b9190b992ccee2fa0ad4066722dec30b0aeede357d23

SHA512
f4bec963ca68f06834de7397a3986fd0def151f526b7218b24d23b60fe1f94230387e51b97dbe06941336f18dae3a235edb2846bbd3471ca17c8b64e8f25ebe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2f655951c51cc23726cd50d33deabf87

SHA1
ddb0e17e52dab356286f2a4bc2fe96a77824e964

SHA256
3b6aff209200bdae0dc70c5e1b9f50122d14d9d3dc2a8ecea409c7cd0cfde9a6

SHA512
086ce4608fddf0c1b47f8f42ccf97db54c8b8bb941fbf44cd9a1ff7b44a6fc06a3741dfca3a005f76fc8e1792dc61f508f68d316681235c4fd1b9a9132ff86fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
65366307b78f9081938db62c7a9f31e3

SHA1
ac565facd2727ea2969970134ed1f693fbb0b6f7

SHA256
c2963f26f3d5c5723ae4d4a5746e6ebc57be56dea6b50c60320edf25fbe4c64f

SHA512
b99fae0d1ae01647e84ef195a917e6b3285efbfbf77dbd9649871a084baaeea3864e3c7653edbaf2aede024b69564a944ba3cbe7506122d13216b4ca7b4a6f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
07aef50118d17af48afbfd809fb6c67e

SHA1
21f71668ee5b4d021abafb576c66cee4cc14f247

SHA256
44b4af93ea2567d577eebdd7ac7d5dd49e1456c76f178a2bf84354e7d5772e04

SHA512
67685d8e943499d8877e992e6e3edf581d6a6f5418dd628b1bc73bd31d7d5eecbcfcb4855c6b5dd056de4a4626d9966ad32dc011a127787d59e71a950e5d76f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cab326ca48546258d92224dd104c6e34

SHA1
e1b6e75f3034ec824aef1fadb0546c3c2f341be5

SHA256
4fa8288f77a49037eecb7059d91ae03235cf84c9ec7fc2936876bbed19b1c2d7

SHA512
461ed0eb57a626ba16f989b10b1e60e3b0cc0fb9f6faa35cad54bff29d17ef66061d4dcc213601b47ea278586ce6183669742b6787c8a2db905254a86cbb6ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
d19f99e1d257214ee1aff4eb989b0f21

SHA1
393e63b3fb0e07e795ca89c6b769758bbbcfac9c

SHA256
582202fb70e3325c9b9ff88a4f0eae3b4f8d2a0efc6c752072485d0fbe8ac48f

SHA512
6c4ed44099135bb90dcb0c4100d0a0b9e75dff5c94828f114c803504d442e95d1ac6bfa9728ba01d9724a739ca8abf55c02470d275f2f468c2aa3dd740acec56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
0e1a389ac437a6a5be00076034d3912c

SHA1
a3ddde3a4819a4cb2b066b49833b091d09e715bc

SHA256
3ddd73806c949081a41a51cb87583b3d8f52631ecc953c5044313129a6ed03eb

SHA512
b8ff1af4f9d070054e16fa6b80f9ec3fa89ec916a7eff07accd64f1f36c6dc236a9251011671f8c5ae2c19cf07dd82fad92c228276e9a70db3206c7f27a871b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
af1eec934f52b18ea820af9345920b7b

SHA1
79e575b982206a61d0c4bff1c8c69c621c78d214

SHA256
dbdd495cc491253bf043ec7beafb632fd6e881687f2cf95e09cbfe39d6fdcc3c

SHA512
8730d68a484d051d72374ebb196d0b0127502cb3640f869a6ee0d1f369c164c43ee060c519f03bccc1bfae6190c7a4bd2443d615d46637cd5e8125cf3c0bb86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
5fd474d82ae4d5ce043d06b3dc38fa9d

SHA1
4f65d3e1887791e0aaa9a012dc90eeef612080f4

SHA256
66a91b2a04d2d469fac3d32a980fea3bfde64e4d9f95844a034ea749d3c1467a

SHA512
f25faf48a4da018b7f198731b131711d6f8c5a7eaf482161e4a659fdf31fc66d722f45528662f6597dfff15bc02cec0da08786c13a3da6c80d491f6cc34a5f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
de8009a50a64f173d43b1d667cfede5c

SHA1
e48b614c767dd4e228dbe2e1e54ab1b3165c86f2

SHA256
1bd11efa9d4c7dc374f6ec2c4e2875a7ffca91a2eee5d8fe1a7be1efadc07db7

SHA512
e48eec8ab847baf3ee670121339ac4e01eafd55bcc5c41c5463269bffe33217c331ebedd3b6647b41892b4e1462dfd75a89e24f7252e2fc2380666e43a980780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
32dc8c32a71cb96148816ea121d051aa

SHA1
1c7c670ecba6b71709fcf6e3dfd14158926d1708

SHA256
625f8691727635ba9071b94e87900ac4fcf5f5bbd028e56bfca2d79eba64e979

SHA512
488897c76d30094c973161def17ffd9c8d145bda724966195a91817c0bbaafe1ea1584a7cc738ac76885e10ea0f15e6d6ce3f60acb9b95169d3e39ac7379a335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
c2f40327632e4f7be04d98d220e39e32

SHA1
547ba414f5dccdbfe83c9ed7c0be7b260e3c1c49

SHA256
9b03ce08f2a2c67bbcd9501e3a1ce889989913c7a85ab4cbf5c08af575edcda7

SHA512
7d49b03d553095135a5bb65a04dde8d27917d41840f780b002438e670102fe94ee5604ce4a2c461a7737b1bb2af272d48b5f055377f98a4824e9794fd0b30b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
43a9df74e50d484d338a54433eb20718

SHA1
4e63161c9981201d598103686d3fb05eb8fc4e27

SHA256
02eddf267970d2b35f183d0f3619ae7a25c628cdb72d2f842d30af966d32ad2f

SHA512
ba5f03cda477edf3372caf8bc8dea0aa518f700ecaf4708a4e82d4d4ea28677a6a6d9280cf78b20e5dd2337f4c2fc427117648f484ae6812d18a225606303628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b580f.TMP
Filesize
98KB

MD5
49adb6d7fce2384640c3dd7f067299b7

SHA1
957d5a62bf7a2d4dca0cf1fe6c28f5839d366ebe

SHA256
32e87c6914b187dbdb3e33295528364d24dd0555dbbf53540643debcd5424e9a

SHA512
d84bf77862d6d9e7ce5191b6aa347a1e38d4ab9d1dac50bd156d777a277ab866c538c04249d8b1107838f6230922a922c1168cc7501f2943e7891c2d36cb2358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
Filesize
13KB

MD5
e1b2e685882a315594f6a194fa1d4af1

SHA1
26684cd9e578593578119d2bc3c90b942421de00

SHA256
2b3d548955f6ffd0d47b4be8f8f03b54567bfe409d14c8a92f6e00aad27dd9c8

SHA512
43938e2de25bd3c1d4df7e36a5474a5ff2ca97607c9f845ab88eb1c36968afb8dc8c796626bb6dc08396699492448954a69b6558423097f38f5cfc17dd0e7c6b

Download Submit
C:\Users\Admin\AppData\Local\Programs\ShadowStrike\chrome_100_percent.pak
Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Programs\ShadowStrike\locales\he.pak
Filesize
531KB

MD5
6d787dc113adfb6a539674af7d6195db

SHA1
f966461049d54c61cdd1e48ef1ea0d3330177768

SHA256
a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21

SHA512
6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cjinyx3k.smc.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\etmp14C59BD4-9A3B-7343-94D8-19CA9CD560F1
Filesize
131KB

MD5
d4bffcdfd58cc066a414bee815694f13

SHA1
35718823244b70120533d0593f74123b8dbac8b7

SHA256
8b79304521b0231b719c6511721823f1a4d0e6156c6c2e15ac599f013b051cc0

SHA512
28510e0d3e45f2a25bb5a0604983cb073f03a8f6d5a182b88dac5863749442387c33124a22706a155872068f9f2672f98ca4679f9e150b1e27a048fb1e502297

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\LICENSE.electron.txt
Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\LICENSES.chromium.html
Filesize
7.9MB

MD5
312446edf757f7e92aad311f625cef2a

SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3

SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\chrome_200_percent.pak
Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\d3dcompiler_47.dll
Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\ffmpeg.dll
Filesize
2.7MB

MD5
e096c168b79a56ded0df1aa142d9f1da

SHA1
318f20dab294a315bd935160e9417fb5b28300f5

SHA256
65cc75329d17ec264e7a2db571ea55f918394241445ea64569a56c75d0cfdc60

SHA512
3dccf6ce85ef7e75690a5851642f10bb5e6e1572e91e933bacb7fcbfe405b0412b94ba0e160c3ba8d68d2b9afc1da268f61c83dccd6453d8c9470931ee900bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\icudtl.dat
Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\libEGL.dll
Filesize
470KB

MD5
1eecfb04c4434f5a813c8f0c0c8f2c88

SHA1
6dc3ca4b3f72e7fb33ba26fa488de323edb59add

SHA256
897ceb95fb164640ddd2426673997b5f6fc2619fd916b038b575a70a0682a706

SHA512
d7818a42a76508ac3150aea8d4e168b2db36f55f71983a177002086380a82e307624cfe37b01ffc3d7eb407485d182654d0d7c6a0c06ccaae60666630469c7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\libGLESv2.dll
Filesize
7.3MB

MD5
cba2436016f7a2838588a52d5b6f30f1

SHA1
81ddf44b3e122dfbee1a2cd8d4544364f1a621a4

SHA256
bcb3a3d2fca3c33fa3d1d5dc976aa913cdc8001df8e64c2cd3d2c545245141bf

SHA512
d92a880b5f83c5ae10ae9a83e38a293bb0e8c7659dd6ece162fc752d57c9fcde8036b81b023cd9f0f4f32b95b06fd4c366e20301010354b6cb904398a3149a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\af.pak
Filesize
368KB

MD5
7e51349edc7e6aed122bfa00970fab80

SHA1
eb6df68501ecce2090e1af5837b5f15ac3a775eb

SHA256
f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

SHA512
69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\am.pak
Filesize
599KB

MD5
2009647c3e7aed2c4c6577ee4c546e19

SHA1
e2bbacf95ec3695daae34835a8095f19a782cbcf

SHA256
6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e

SHA512
996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ar.pak
Filesize
655KB

MD5
47a6d10b4112509852d4794229c0a03b

SHA1
2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951

SHA256
857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495

SHA512
5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\bg.pak
Filesize
685KB

MD5
a19269683a6347e07c55325b9ecc03a4

SHA1
d42989daf1c11fcfff0978a4fb18f55ec71630ec

SHA256
ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24

SHA512
1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\bn.pak
Filesize
883KB

MD5
5cdd07fa357c846771058c2db67eb13b

SHA1
deb87fc5c13da03be86f67526c44f144cc65f6f6

SHA256
01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384

SHA512
2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ca.pak
Filesize
416KB

MD5
d259469e94f2adf54380195555154518

SHA1
d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5

SHA256
f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b

SHA512
d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\cs.pak
Filesize
425KB

MD5
04a680847c4a66ad9f0a88fb9fb1fc7b

SHA1
2afcdf4234a9644fb128b70182f5a3df1ee05be1

SHA256
1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb

SHA512
3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\da.pak
Filesize
386KB

MD5
1a53d374b9c37f795a462aac7a3f118f

SHA1
154be9cf05042eced098a20ff52fa174798e1fea

SHA256
d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820

SHA512
395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\de.pak
Filesize
414KB

MD5
8e6654b89ed4c1dc02e1e2d06764805a

SHA1
ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8

SHA256
61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475

SHA512
5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\el.pak
Filesize
751KB

MD5
9528d21e8a3f5bad7ca273999012ebe8

SHA1
58cd673ce472f3f2f961cf8b69b0c8b8c01d457c

SHA256
e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12

SHA512
165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\en-GB.pak
Filesize
336KB

MD5
d59e613e8f17bdafd00e0e31e1520d1f

SHA1
529017d57c4efed1d768ab52e5a2bc929fdfb97c

SHA256
90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd

SHA512
29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\en-US.pak
Filesize
338KB

MD5
5e3813e616a101e4a169b05f40879a62

SHA1
615e4d94f69625dda81dfaec7f14e9ee320a2884

SHA256
4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687

SHA512
764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\es-419.pak
Filesize
411KB

MD5
7f6696cc1e71f84d9ec24e9dc7bd6345

SHA1
36c1c44404ee48fc742b79173f2c7699e1e0301f

SHA256
d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1

SHA512
b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\es.pak
Filesize
411KB

MD5
a36992d320a88002697da97cd6a4f251

SHA1
c1f88f391a40ccf2b8a7b5689320c63d6d42935f

SHA256
c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d

SHA512
9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\et.pak
Filesize
371KB

MD5
a94e1775f91ea8622f82ae5ab5ba6765

SHA1
ff17accdd83ac7fcc630e9141e9114da7de16fdb

SHA256
1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163

SHA512
a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\fa.pak
Filesize
607KB

MD5
9d273af70eafd1b5d41f157dbfb94fdc

SHA1
da98bde34b59976d4514ff518bd977a713ea4f2e

SHA256
319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b

SHA512
0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\fi.pak
Filesize
379KB

MD5
d4b776267efebdcb279162c213f3db22

SHA1
7236108af9e293c8341c17539aa3f0751000860a

SHA256
297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e

SHA512
1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\fil.pak
Filesize
427KB

MD5
3165351c55e3408eaa7b661fa9dc8924

SHA1
181bee2a96d2f43d740b865f7e39a1ba06e2ca2b

SHA256
2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa

SHA512
3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\fr.pak
Filesize
444KB

MD5
0bf28aff31e8887e27c4cd96d3069816

SHA1
b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97

SHA256
2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2

SHA512
95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\gu.pak
Filesize
858KB

MD5
7b5f52f72d3a93f76337d5cf3168ebd1

SHA1
00d444b5a7f73f566e98abadf867e6bb27433091

SHA256
798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707

SHA512
10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\hi.pak
Filesize
900KB

MD5
1766a05be4dc634b3321b5b8a142c671

SHA1
b959bcadc3724ae28b5fe141f3b497f51d1e28cf

SHA256
0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35

SHA512
faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\hr.pak
Filesize
413KB

MD5
8f9498d18d90477ad24ea01a97370b08

SHA1
3868791b549fc7369ab90cd27684f129ebd628be

SHA256
846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e

SHA512
3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\hu.pak
Filesize
446KB

MD5
f5e1ca8a14c75c6f62d4bff34e27ddb5

SHA1
7aba6bff18bdc4c477da603184d74f054805c78f

SHA256
c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0

SHA512
1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\id.pak
Filesize
365KB

MD5
7b39423028da71b4e776429bb4f27122

SHA1
cb052ab5f734d7a74a160594b25f8a71669c38f2

SHA256
3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f

SHA512
e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\it.pak
Filesize
404KB

MD5
d58a43068bf847c7cd6284742c2f7823

SHA1
497389765143fac48af2bd7f9a309bfe65f59ed9

SHA256
265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c

SHA512
547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ja.pak
Filesize
493KB

MD5
d10d536bcd183030ba07ff5c61bf5e3a

SHA1
44dd78dba9f098ac61222eb9647d111ad1608960

SHA256
2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a

SHA512
c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\kn.pak
Filesize
988KB

MD5
c548a5f1fb5753408e44f3f011588594

SHA1
e064ab403972036dad1b35abe9794e95dbe4cc00

SHA256
890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb

SHA512
6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ko.pak
Filesize
415KB

MD5
b4fbff56e4974a7283d564c6fc0365be

SHA1
de68bd097def66d63d5ff04046f3357b7b0e23ac

SHA256
8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5

SHA512
0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\lt.pak
Filesize
446KB

MD5
980c27fd74cc3560b296fe8e7c77d51f

SHA1
f581efa1b15261f654588e53e709a2692d8bb8a3

SHA256
41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db

SHA512
51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\lv.pak
Filesize
445KB

MD5
e4f7d9e385cb525e762ece1aa243e818

SHA1
689d784379bac189742b74cd8700c687feeeded1

SHA256
523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef

SHA512
e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ml.pak
Filesize
1.0MB

MD5
8b38c65fc30210c7af9b6fa0424266f4

SHA1
116413710ffcf94fbfa38cb97a47731e43a306f5

SHA256
e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d

SHA512
0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\mr.pak
Filesize
843KB

MD5
c0ef1866167d926fb351e9f9bf13f067

SHA1
6092d04ef3ce62be44c29da5d0d3a04985e2bc04

SHA256
88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091

SHA512
9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ms.pak
Filesize
381KB

MD5
9b3e2f3c49897228d51a324ab625eb45

SHA1
8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d

SHA256
61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5

SHA512
409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\nb.pak
Filesize
374KB

MD5
af0fd9179417ba1d7fcca3cc5bee1532

SHA1
f746077bbf6a73c6de272d5855d4f1ca5c3af086

SHA256
e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f

SHA512
c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\nl.pak
Filesize
385KB

MD5
181d2a0ece4b67281d9d2323e9b9824d

SHA1
e8bdc53757e96c12f3cd256c7812532dd524a0ea

SHA256
6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce

SHA512
10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\pl.pak
Filesize
429KB

MD5
18d49d5376237bb8a25413b55751a833

SHA1
0b47a7381de61742ac2184850822c5fa2afa559e

SHA256
1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981

SHA512
45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\pt-BR.pak
Filesize
405KB

MD5
0d9dea9e24645c2a3f58e4511c564a36

SHA1
dcd2620a1935c667737eea46ca7bb2bdcb31f3a6

SHA256
ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b

SHA512
8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\pt-PT.pak
Filesize
407KB

MD5
6a7232f316358d8376a1667426782796

SHA1
8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c

SHA256
6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84

SHA512
40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ro.pak
Filesize
420KB

MD5
99eaa3d101354088379771fd85159de1

SHA1
a32db810115d6dcf83a887e71d5b061b5eefe41f

SHA256
33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423

SHA512
c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ru.pak
Filesize
687KB

MD5
ab9902025dcf7d5408bf6377b046272b

SHA1
c9496e5af3e2a43377290a4883c0555e27b1f10f

SHA256
983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae

SHA512
d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\sk.pak
Filesize
432KB

MD5
c6c7396dbfb989f034d50bd053503366

SHA1
089f176b88235cce5bca7abfcc78254e93296d61

SHA256
439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a

SHA512
1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\sl.pak
Filesize
417KB

MD5
d4bd9f20fd29519d6b017067e659442c

SHA1
782283b65102de4a0a61b901dea4e52ab6998f22

SHA256
f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6

SHA512
adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\sr.pak
Filesize
644KB

MD5
cbb817a58999d754f99582b72e1ae491

SHA1
6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd

SHA256
4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25

SHA512
efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\sv.pak
Filesize
376KB

MD5
502e4a8b3301253abe27c4fd790fbe90

SHA1
17abcd7a84da5f01d12697e0dffc753ffb49991a

SHA256
7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd

SHA512
bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\sw.pak
Filesize
394KB

MD5
39277ae2d91fdc1bd38bea892b388485

SHA1
ff787fb0156c40478d778b2a6856ad7b469bd7cb

SHA256
6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3

SHA512
be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ta.pak
Filesize
1019KB

MD5
7006691481966109cce413f48a349ff2

SHA1
6bd243d753cf66074359abe28cfae75bcedd2d23

SHA256
24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647

SHA512
e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\te.pak
Filesize
942KB

MD5
f809bf5184935c74c8e7086d34ea306c

SHA1
709ab3decff033cf2fa433ecc5892a7ac2e3752e

SHA256
9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4

SHA512
de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\th.pak
Filesize
792KB

MD5
2c41616dfe7fcdb4913cfafe5d097f95

SHA1
cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0

SHA256
f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3

SHA512
97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\tr.pak
Filesize
401KB

MD5
3a858619502c68d5f7de599060f96db9

SHA1
80a66d9b5f1e04cda19493ffc4a2f070200e0b62

SHA256
d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841

SHA512
39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\uk.pak
Filesize
688KB

MD5
ee70e9f3557b9c8c67bfb8dfcb51384d

SHA1
fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

SHA256
54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

SHA512
f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\ur.pak
Filesize
602KB

MD5
ff0a23974aef88afc86ecc806dbf1d60

SHA1
e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0

SHA256
f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385

SHA512
aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\vi.pak
Filesize
476KB

MD5
3fe6f90f1f990aed508deda3810ce8c2

SHA1
3b86f00666d55e984b4aca1a5e8319ffa8f411ff

SHA256
5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b

SHA512
9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\zh-CN.pak
Filesize
345KB

MD5
20f315d38e3b2edc5832931e7770b62a

SHA1
2390bd585dec1e884873454bb98b6f1467dcf7bb

SHA256
53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f

SHA512
c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\locales\zh-TW.pak
Filesize
341KB

MD5
524711882cbfb5b95a63ef48f884cff0

SHA1
1078037687cfc5d038eeb8b63d295239e0edc47a

SHA256
9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78

SHA512
16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\resources.pak
Filesize
5.0MB

MD5
7d5065ecba284ed704040fca1c821922

SHA1
095fcc890154a52ad1998b4b1e318f99b3e5d6b8

SHA256
a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f

SHA512
521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\resources\elevate.exe
Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\snapshot_blob.bin
Filesize
266KB

MD5
8915dd2a6d6b4ebf9a16c77fe063d8de

SHA1
a03132adcb99a82ba269d56ab6577ccfd1bb08e5

SHA256
c1802b29b13663a8890031411270866834246931f71f41397682dd88fa16d485

SHA512
abd93cdd634ad4d38b7e3714b183335cddb9e3ad14660247cc7285066c95342ac8595d68cd0868b8512e73bb656ab54386045533f998576b2cd6501bf456cd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\v8_context_snapshot.bin
Filesize
574KB

MD5
4cd37ea771ea4fe2f3ad46217cc02206

SHA1
31680e26869b007e62550e96dbf846b3980d5b2b

SHA256
95f7b8664306da8d0073a795e86590ed6fdaede5f489132e56c8779f53cf1ed5

SHA512
e1369734cbe17aaf6dd3ceefb57f056c5a9346d2887a7d3ee7ed177386d7f5e624407869d53902b56ab350e4ded5612c3b0f52c2dd3efa307e9947701068a2a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\vk_swiftshader.dll
Filesize
5.1MB

MD5
524b0d85d992f86a7f26c162f3dbb91c

SHA1
bc9c862fd01f6134a0514dcb63f9fab7a61ce269

SHA256
5b2ffb78fa963f2dea5a7fcf7676fc3aba243c4372d7528c8f1fc8f726d0a3fa

SHA512
422a18af294d7551224e05f5f4f5dcfa51b3455c2e61fc285fd2b95b50274eb77ff317647e17b0e7d47459b4fed19c7c88c90e0878f2269a78d598b1196401d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\7z-out\vulkan-1.dll
Filesize
906KB

MD5
6d4adf9a48dbce2e480ef10b1338ca3c

SHA1
ceb77d5768c6eda84ec8e0b43821b8027764de81

SHA256
4cca7e6c05b2d988926e4b4d0c8ff91d6356f18de8bf40b440251180e5cad6a7

SHA512
106db7309b40afabb1cca911b204c83129683dc116aec198568c4228c581bf0de5963bffc0b50df8f43ec355264f271fc383f4155be45350c0d7dd429c7f7f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{525ee992-37c8-4922-9a19-8de84e0c00b2}\41ac199f-6aad-4a55-8335-2f76b98b677b.cmd
Filesize
695B

MD5
cbb30c5b22412126b00a011d922d5c40

SHA1
3fa02ac08bec7900f4b0f8fdca65e0da87e3521e

SHA256
2543dc852b77bcf098318abdeecf804fc2b6c4f415cd4bd482b11b1fe356e442

SHA512
c91e136dee9fc66be6e10f6e10a90208242d95980100fe1d913f19c3bdb433edf0b39ca145f6b97cb5d916b21cbcf0a4aa7cdf9ab2998a0b53e437b7609d1241

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\arkmon.kdl.cd67f81665249e78fa645c7c0e8aec8d_0
Filesize
448KB

MD5
cd67f81665249e78fa645c7c0e8aec8d

SHA1
cbeba25f5555e359735abc4cda6a27afd1d1ac09

SHA256
0862baecf2ff78c97deb9fba439b8b3dea8396e83c72e8c4b9b80397edfcb996

SHA512
ef538c437b5e775acde71a069e81c4e94deed9b4b27989b01fdfc8bddac4fc0c2b5e3c20a8f718319fbc41b4765d553948e9ca45e27144a87a225bf31a6d0427

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\avengine.dll.52c5f0ba7444d13378e2102a58232671_0
Filesize
946KB

MD5
52c5f0ba7444d13378e2102a58232671

SHA1
f484829da9c5e3a44cc5e0ffcc7d7550f6549dba

SHA256
de3b4f0d7a3d26785943a777166ef7f9ffa866ecc6f4170b6970af4e296671e7

SHA512
daf7c7dcafb6e1cbfd3d79fd9401f90934a8d5ff8a09b619fcc14c6619cec2cc10e40d808605430386c7b6565140165c4ea0660e5f253a8feec4729c6a2b1bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\kavbase.kdl.698f3643991f1d3a51ddeed4d9ccd274_0
Filesize
802KB

MD5
698f3643991f1d3a51ddeed4d9ccd274

SHA1
bc587a79d722f3dd0dfcac11bcd14fb9d040469d

SHA256
5cb62f07effbcde0b37dc26bcfd6671ce38ac5c292c2cfe04eba3300e2363eab

SHA512
8291624a680825979c11a7e59b1f34010e959adf1398a2f098a9fbe38d1462943289c4588847967c988e8f96d1ed2a9b9124d9868cdbb02d5d2dfa5d037211bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\kavsys.kdl.761f656789cb55eedc099ba3cd372121_0
Filesize
935KB

MD5
761f656789cb55eedc099ba3cd372121

SHA1
1498e8b3e8ae171002a0d92f66877adaeb6f19df

SHA256
0ad762cc4c8548fb7c8ca6e97a8d1c5078acb2ab3d4622d00fe28bc8cf893095

SHA512
9b3004efa350d45eeae4c7e42209e1da6d7800f1a823ed734fc82a6f592adb75659cd712a72db69cda3e2d9c352b9e9e8eaf87d1d309a61bab1cc2b1a6f13d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\mark.kdl.68d9adb364007366de31df216e06bef3_0
Filesize
420KB

MD5
68d9adb364007366de31df216e06bef3

SHA1
5a1b5face27868c07021b9b4af48be81f12b31c9

SHA256
6692e9e3e029ec4f48b752cfb197d4e9b7f0d8faeb0f6ce51a962885cdd99fd0

SHA512
0629960df306e2d2ffb6c1d8760456b306e15da9a0a3682e912ff4b816a517428d0871e812682072b1cf388695440acae40ba3f5804b92d825304a1fa18b613a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\qscan.kdl.ccf5fd3fdf62d187e66af0757868e5d2_0
Filesize
1.4MB

MD5
ccf5fd3fdf62d187e66af0757868e5d2

SHA1
ee9dcb9e130505bfb654627c6064fd7792ddb95f

SHA256
1076d20f9d7823b1888fa0564bc1224a9ee66ce6ee4c632d1bfcc4feb458d998

SHA512
2aba637da52e249628ea63d6083221ba36d0e211bf7e8bce2d1eca0155cb73bb0c058cfe5a6e0c658bae463debcacf07de08afc3ee91a01f7335c9e55c3cb73d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\Bases\Cache\sys_critical_obj.dll.802c20a8239d0082e57135d00bb9b003_0
Filesize
725KB

MD5
802c20a8239d0082e57135d00bb9b003

SHA1
9721cf68faf500fac464283cfa86e7b3306b509e

SHA256
d66ffdecef0c81c7cbdb2408b65084d0ed78e04e69ae862fab7990fc2f834c75

SHA512
b1fcde7e942aceaad1bf84655c3633e47d22cc515db2a61ba4d80f8aff2240257095c08af766440cebaa2cadfde3762de313e8e33421b31d9c3eb9e94029db46

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\KVRT.exe
Filesize
2.6MB

MD5
37226eb4f1c7a0b79275c1401f83cc6d

SHA1
71ed962d1e0d212869d92c23d6e20a4e1e7ad430

SHA256
be00dba953a6f26990e020bdc4e3f13e5799a3ff60384768ee6c1af37c656a4d

SHA512
afea618c795406a49d159e1359e76168dc6b6dee07234666d21ee21bb5011fe9af57a3425e76126f2595e3d180cf2121db5d02258d7aca77b3c4d8621a8aa15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{742bd9d1-2dde-4a2f-b69e-5ec3e1d5a851}\crls\c7e6bd7fe0e4965892ad706f0d2f42e88789b8041daf5b3eea9ca41785297798
Filesize
368B

MD5
4b03934418970c06f092afe3d2155bf1

SHA1
56a0e9666c3ee0071d70b9d2b364666fbb93068c

SHA256
c3a63c68ae58f008e5eb52c8e515fe6f5f978e3a8e33ff3c4c4ec43b186486c6

SHA512
7846f929ec6d68397c60155202365bbbae28c5faf053c67469b378bd059ac7fd8575ee4973d905e51471cabeadcf3251d229057fdba70eb5df478ab4eafb39f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
9KB

MD5
52d4c06932f589e4c9318ae21dc94425

SHA1
863c72336c44cad6af266e654dab37024387157a

SHA256
00a1ba9f455f230b0cf52a76feb61a2da574d2da7c6738f78c6af1e31bc3d4d5

SHA512
6cdf0d624fbafced62d4de508f533a4adb7071547c2ef71e534b69eba91f15e4accb06e9933de68c9557c0d83d36c96957cf2facae8c396c68850adbe34641bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
10KB

MD5
9ef931836256e42ec2c3e5c58e2ce077

SHA1
84554cd4086ba5fc4b799cb2e16ec234279d725c

SHA256
6fcabe0e6d76a082a9372b050da8db03929036716552c8e6f7bb1398247da2c0

SHA512
6a51e0f615461e70c516e5a4ad19ee5e7aee5e75f441a9032016829bc2563ad4cb954665e75585b2744712c8cc5343897ecd146038c9059c66f5409b828f9926

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a42cce78-2de8-4929-8690-af6111be1e4d
Filesize
734B

MD5
cb48761b9db2cb925de3170d21ca33c2

SHA1
cce9bfef19ad4f1acd2f98fab032442d7a7bd9af

SHA256
0e6e9ec6d862579d45bf3a58768889651a86e8319420e8b397d2fd65bd153c64

SHA512
1520ebc8ba9a320522a0c83dd906e80fd6032a79d403fc3e772ca3714a5994cc58bef7e4177d934c1170b455ab68a20e93bd52b5a3876ad6e7135ca7260141d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ec7e1bac-629f-4172-b329-6476ce10fad0
Filesize
734B

MD5
8b692aab3748c4cb2b57f616adcf8c84

SHA1
fae13dd963fc86d17c754c7d7fd675f1e046b60c

SHA256
349c7312ddecc13465c0d412bb1164341eda631761a9e26b9e4f0b5aa5b2fba1

SHA512
81247966af2de92b36f28c34b13e9627b52a07ea8e3738154c014178a5420eef4ba74c839ccb9b1869368c71196ae9a435755ecd94ceff7e1d07697cdb75051c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
02db8e7d125fa51d214a74b3838373cf

SHA1
4ac5b240ed2dce42b544491b2734fb474695667e

SHA256
093b635fbe852fefb808fdc0dd238ec2a804d217375e69b38e25e404e2c8abab

SHA512
141e6a26dadc9541b2ec63d631b54e8eac7665309f4bb921030d4a457e99c294b912377822dd829d954ed14c7adaf8ae4f8a3d0b2e97b9d37abaafd690842474

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
7KB

MD5
098b80917b2942bb5c1c0fef19dafae0

SHA1
e5bdddcd338be980aad45667563a5990bb6aa515

SHA256
0e1d3bb648915ccc62579f0102af0ee4e77c6e4046687a8854a2a9e2f5af649b

SHA512
ada03f35e08b3416bcc2096dac3d361c2792f45a121fcfde32acc814c73e54c1cb61130b2c3b8c7c3de0f64a5cc1ccaf07354f2480a1ca82b9fbb53da3ad1cc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
d8d0043cd6d04dc8572b15a889bda8f4

SHA1
48f007c5f582791c4d5cab649ef81cf1d3b9bb37

SHA256
73418702b8efe4268ef6c4119b5db3c67900bf36c1a2da00dcdb97a446aa9744

SHA512
2bc0f65ceb693cd2541faf0164fc4cac90a9a6344cb88c75c1f8ba9f31f830beb4364f43fd72c226b6bf15b0ef5f4a546923584733ffae74f24501cdc0fde66d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
71ad5ef729c46484b2a9609e44492b01

SHA1
88edcc678a069e49a72d4aca387debfd2560ff0e

SHA256
384f4cb6e5296bc34b9137c6ab758ff83bd131e196578c69c14ab6817eee34a6

SHA512
107e47ac5af9711fc57cf7e4a2381c0c3d8d52e1f9a6f8cc6a3abe78bc05cff8b529ed5262ae49a5b9b90b663adc5635ae3ce58103364f3d79e40d2c00805b6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize
891B

MD5
c7e268e30ef7f06a2b46c8303b8a473e

SHA1
c5262c07dacd53b618cb23bf4765929c4b4e148c

SHA256
14c63fc0a77428c1fda3ac5ac5b3e470a92f9f7ea8efe0573482c2940413c151

SHA512
6ae63c8c1c55c53a70f1f9d4f2d5d88ef79319e7d837a9a22f6074cb470bcfa7fec7de37a88f709a176682721e408701f29141ccde3bf5b3fa68e7cf5eece352

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize
882B

MD5
7c8182360622e4991e66b24e76b6a5c0

SHA1
b6bf99a73b8b050bf9cf9bb8da7eabc621c4d962

SHA256
51ac6192aea7ec8e656fb8e6ae4d17d0052f0b0806c9a7613a2fcb635452e87a

SHA512
7827ec796827aedb55f5a614570ce9048449da4b343790ac844a41596f9cb8491d37ebf0e51b42bcbfb7f16660fc6f1709cf276cbdb70eeee6866eb0e243df90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
592KB

MD5
89719276bd8172b11505448f69b40bce

SHA1
41b044872e0f8472a91aac4e99f96ced6d3e0b84

SHA256
b08e5d2d4032a769bbc25249f8edfd7cb4ad133996a3511c7f650c74088d33e9

SHA512
ceadbd360797a0a7b598e787dd3a3fd3f9d45a05eb9223863c867c73121625efd230138934390e5df637cdabb1a0979f0e2436466d6148f06eb9dced0a24ef6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.9MB

MD5
78e15e1c1d579ddb27097265c0b3801e

SHA1
f429584a8304e6b3c5a062b3beb74b4782ddaa20

SHA256
0126ad8a3f82390b485c5c3edfaa4b882de197e45bfa6bd846c648033a6d7202

SHA512
6e22eff74cf8f334b86f3d995ace11221478badf847dec664b6bd28d2a595407808d4cafd7a1a1988ac93d4e16162991de9e953ec9688ab3abc24dfc6c5e6f68

Download Submit
C:\Users\Admin\Downloads\81736f26-bf6c-4f01-b7af-8600a1ec577b.tmp
Filesize
216KB

MD5
b1f0b1a134724fec17d807a4d7cef2dd

SHA1
76165934955cafb134de8076dd2ff07318f85319

SHA256
c19b76aee35512855cede5aa46920697bcc5b4abbddc09d48c487c096c4b111a

SHA512
28ca2f307ba99f46ea1e0d8af7bc7c320bf4e041dda22743823d5bff706c46e6952cc2f511f61f8ec5a77bdd2246b7fd7fa89e4e7795e9ecce4d0c5c9cafa4e8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 916045.crdownload
Filesize
1.5MB

MD5
c73433dd532d445d099385865f62148b

SHA1
4723c45f297cc8075eac69d2ef94e7e131d3a734

SHA256
12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

SHA512
1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

Download Submit
C:\Windows\System32\drivers\1f4d5679.sys
Filesize
87KB

MD5
a69adedb0d47cfb23f23a9562a4405bc

SHA1
9e70576571a15aaf71106ea0cd55e0973ef2dd15

SHA256
31eaa7f1f9872c63091f4b3ec5310686b1dd1e2123af17991a6b4679eda3f62d

SHA512
77abb4435d8d445f7a29cdb8a318486a96122b5cc535da7a63da0fa920980e6ad73e78b72552f6949e66b349bbdc9aa9ea202481046e478c2829c155a1045820

Download Submit
C:\Windows\System32\drivers\28715766.sys
Filesize
368KB

MD5
990442d764ff1262c0b7be1e3088b6d3

SHA1
0b161374074ef2acc101ed23204da00a0acaa86e

SHA256
6c7ccd465090354438b39da8430a5c47e7f24768a5b12ee02fecf8763e77c9e4

SHA512
af3c6dfe32266a9d546f13559dcba7c075d074bdfdaf0e6bf2a8cae787008afa579f0d5f90e0c657dd614bb244a6d95ff8366c14b388e1f4a3ab76cccb23add4

Download Submit
C:\Windows\System32\drivers\klupd_28715766a_klark.sys
Filesize
350KB

MD5
5ea5aa37289ae16948dc771223f94160

SHA1
640392a0d01521cb0e4485d5641f74e64e1f38aa

SHA256
4b1fd5753737f72f2b8cb0fb299c6c0e3857df69dc19931351d9784f52f307b3

SHA512
2721db2afd55f6abbe54b5865cb41f72216a52cddb6d07721cf0bd1b76fe58b47540467ce9b503ab56e4c614765c18f559b17d73479a4f5a0fae8f6093772455

Download Submit
C:\Windows\System32\drivers\klupd_28715766a_klbg.sys
Filesize
179KB

MD5
ed6cd641a02baf78ecbe069e0b18b3b0

SHA1
cc4d47d1d0fcd3deb841f58923ac309f3be42081

SHA256
66e7b89188e292d0abce941fcb2469e515e2a1bdbe07ad9868a34feb5f47005d

SHA512
cb945fa49683b92841a7a915c73eb11b00fbceee8715a166d256cab0971dc4b4d8b2c7ad3c96e4efb73a7ea9c43ef6bfc9ff3acaffdc08df40b00048ea903abb

Download Submit
C:\Windows\System32\drivers\klupd_28715766a_mark.sys
Filesize
259KB

MD5
124a94969ce6660453ccd66e40ecdbb0

SHA1
46f7ad59b93bc1b78f76fc973ce728c7951352aa

SHA256
5938747dbf6aea335fdf9131fc912452cee781dff8be61750a9b2ef384b5f835

SHA512
3b25bc9eead7f09350c81bca4eb1a11c5332b128918802385d15fb35d017bf2a5eef64966c3e6bb74d4450d794327a1a81c0521dda8b742fda17c0bcc50079e0

Download Submit
\??\pipe\crashpad_404_ABYPXBZINNFGBDTS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files\7-Zip\7-zip.dll
Filesize
99KB

MD5
3428b9967f63c00213d6dbdb27973996

SHA1
1cf56abc2e0b71f5a927ea230c8cca073d20fc97

SHA256
56008756553ea5876fb8aad98f6f5dbca1ba14c5e53f4fa9ec318e355e146a7e

SHA512
b876b39d030818ce7879eb9bb5ff4375712cf145b7457a815880bf010215bd9dcde539e7d0877c56558e0d23a310bc75bfb9d315f9966cbda4ae02a7821980cc

Download Submit
\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsrEE18.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2116-2187-0x00000222CA190000-0x00000222CA1B2000-memory.dmp

Filesize
136KB

Download
memory/2116-1754-0x00000222CA150000-0x00000222CA18C000-memory.dmp

Filesize
240KB

Download
memory/2116-1940-0x00000222CA6B0000-0x00000222CA726000-memory.dmp

Filesize
472KB

Download
memory/2116-2168-0x00000222CA190000-0x00000222CA1BA000-memory.dmp

Filesize
168KB

Download
memory/4208-1695-0x0000022346030000-0x0000022346052000-memory.dmp

Filesize
136KB

Download
memory/4876-2607-0x0000000010F00000-0x0000000010F16000-memory.dmp

Filesize
88KB

Download
memory/4876-2656-0x0000000017B40000-0x0000000017B41000-memory.dmp

Filesize
4KB

Download
memory/4876-2658-0x0000000017B90000-0x0000000017B9F000-memory.dmp

Filesize
60KB

Download
memory/4876-2654-0x0000000017AE0000-0x0000000017B0A000-memory.dmp

Filesize
168KB

Download
memory/4876-2653-0x0000000017940000-0x0000000017961000-memory.dmp

Filesize
132KB

Download
memory/4876-2652-0x0000000017910000-0x0000000017923000-memory.dmp

Filesize
76KB

Download
memory/4876-2655-0x0000000017B20000-0x0000000017B23000-memory.dmp

Filesize
12KB

Download
memory/4876-2651-0x00000000178E0000-0x0000000017902000-memory.dmp

Filesize
136KB

Download
memory/4876-2648-0x00000000177E0000-0x00000000177F1000-memory.dmp

Filesize
68KB

Download
memory/4876-2647-0x0000000017E10000-0x0000000017F67000-memory.dmp

Filesize
1.3MB

Download
memory/4876-2644-0x0000000017760000-0x00000000177CF000-memory.dmp

Filesize
444KB

Download
memory/4876-2643-0x0000000017560000-0x0000000017579000-memory.dmp

Filesize
100KB

Download
memory/4876-2642-0x0000000017510000-0x0000000017541000-memory.dmp

Filesize
196KB

Download
memory/4876-2662-0x0000000017C30000-0x0000000017C31000-memory.dmp

Filesize
4KB

Download
memory/4876-2661-0x0000000017C10000-0x0000000017C11000-memory.dmp

Filesize
4KB

Download
memory/4876-2660-0x0000000017BF0000-0x0000000017BF7000-memory.dmp

Filesize
28KB

Download
memory/4876-2666-0x0000000017CC0000-0x0000000017CC1000-memory.dmp

Filesize
4KB

Download
memory/4876-2668-0x0000000017DE0000-0x0000000017DE2000-memory.dmp

Filesize
8KB

Download
memory/4876-2665-0x0000000017CA0000-0x0000000017CA1000-memory.dmp

Filesize
4KB

Download
memory/4876-2664-0x0000000017C80000-0x0000000017C81000-memory.dmp

Filesize
4KB

Download
memory/4876-2663-0x0000000018160000-0x0000000018245000-memory.dmp

Filesize
916KB

Download
memory/4876-2667-0x0000000017DC0000-0x0000000017DC3000-memory.dmp

Filesize
12KB

Download
memory/4876-2659-0x0000000017CE0000-0x0000000017DBC000-memory.dmp

Filesize
880KB

Download
memory/4876-2657-0x0000000017B60000-0x0000000017B75000-memory.dmp

Filesize
84KB

Download
memory/4876-2649-0x0000000017810000-0x0000000017824000-memory.dmp

Filesize
80KB

Download
memory/4876-2650-0x00000000178B0000-0x00000000178DD000-memory.dmp

Filesize
180KB

Download
memory/4876-2645-0x00000000176E0000-0x0000000017703000-memory.dmp

Filesize
140KB

Download
memory/4876-2646-0x0000000017860000-0x00000000178B0000-memory.dmp

Filesize
320KB

Download
memory/4876-2638-0x0000000017980000-0x0000000017AD9000-memory.dmp

Filesize
1.3MB

Download
memory/4876-2639-0x0000000017650000-0x00000000176B2000-memory.dmp

Filesize
392KB

Download
memory/4876-2640-0x00000000174B0000-0x00000000174C1000-memory.dmp

Filesize
68KB

Download
memory/4876-2641-0x00000000174E0000-0x00000000174FD000-memory.dmp

Filesize
116KB

Download
memory/4876-2635-0x0000000017580000-0x000000001764D000-memory.dmp

Filesize
820KB

Download
memory/4876-2636-0x00000000173F0000-0x000000001742B000-memory.dmp

Filesize
236KB

Download
memory/4876-2637-0x0000000017440000-0x0000000017460000-memory.dmp

Filesize
128KB

Download
memory/4876-2632-0x0000000017040000-0x00000000173DD000-memory.dmp

Filesize
3.6MB

Download
memory/4876-2634-0x0000000016D30000-0x0000000016D70000-memory.dmp

Filesize
256KB

Download
memory/4876-2633-0x0000000016D10000-0x0000000016D25000-memory.dmp

Filesize
84KB

Download
memory/4876-2630-0x0000000016C00000-0x0000000016C13000-memory.dmp

Filesize
76KB

Download
memory/4876-2631-0x0000000016CC0000-0x0000000016D06000-memory.dmp

Filesize
280KB

Download
memory/4876-2629-0x0000000016F90000-0x0000000017033000-memory.dmp

Filesize
652KB

Download
memory/4876-2626-0x00000000169D0000-0x0000000016B77000-memory.dmp

Filesize
1.7MB

Download
memory/4876-2627-0x0000000016B80000-0x0000000016B91000-memory.dmp

Filesize
68KB

Download
memory/4876-2628-0x0000000016BB0000-0x0000000016BC3000-memory.dmp

Filesize
76KB

Download
memory/4876-2625-0x0000000016D90000-0x0000000016F86000-memory.dmp

Filesize
2.0MB

Download
memory/4876-2619-0x0000000016580000-0x00000000169CD000-memory.dmp

Filesize
4.3MB

Download
memory/4876-2620-0x0000000011E30000-0x0000000011E41000-memory.dmp

Filesize
68KB

Download
memory/4876-2621-0x0000000014570000-0x0000000014591000-memory.dmp

Filesize
132KB

Download
memory/4876-2622-0x00000000145B0000-0x00000000145C1000-memory.dmp

Filesize
68KB

Download
memory/4876-2623-0x00000000145E0000-0x00000000145F7000-memory.dmp

Filesize
92KB

Download
memory/4876-2624-0x0000000014720000-0x0000000014744000-memory.dmp

Filesize
144KB

Download
memory/4876-2618-0x0000000011DB0000-0x0000000011DC9000-memory.dmp

Filesize
100KB

Download
memory/4876-2617-0x0000000011CE0000-0x0000000011D9B000-memory.dmp

Filesize
748KB

Download
memory/4876-2616-0x0000000011C40000-0x0000000011C66000-memory.dmp

Filesize
152KB

Download
memory/4876-2613-0x0000000011A80000-0x0000000011BDA000-memory.dmp

Filesize
1.4MB

Download
memory/4876-2615-0x0000000011C10000-0x0000000011C24000-memory.dmp

Filesize
80KB

Download
memory/4876-2614-0x0000000011C90000-0x0000000011CD8000-memory.dmp

Filesize
288KB

Download
memory/4876-2608-0x0000000010F30000-0x0000000010F46000-memory.dmp

Filesize
88KB

Download
memory/4876-2609-0x0000000011550000-0x0000000011561000-memory.dmp

Filesize
68KB

Download
memory/4876-2610-0x0000000011580000-0x0000000011591000-memory.dmp

Filesize
68KB

Download
memory/4876-2611-0x00000000115B0000-0x00000000115C1000-memory.dmp

Filesize
68KB

Download
memory/4876-2612-0x00000000115E0000-0x00000000115F2000-memory.dmp

Filesize
72KB

Download
memory/4876-2605-0x0000000010EC0000-0x0000000010ED1000-memory.dmp

Filesize
68KB

Download
memory/4876-2606-0x0000000010EE0000-0x0000000010EF2000-memory.dmp

Filesize
72KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads