agenttesla | hxxps://gofile[.]io/d/z4KuDR

Analysis

max time kernel
65s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/z4KuDR

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000700000002349d-337.dat	family_agenttesla
behavioral1/memory/1620-859-0x00000000059B0000-0x0000000005BC4000-memory.dmp	family_agenttesla

Executes dropped EXE 3 IoCs

pid	Process
3616	Keyauth UI Free c#.exe
1620	Keyauth UI Free c#.exe
6080	Keyauth UI Free c#.exe

Loads dropped DLL 4 IoCs

pid	Process
1620	Keyauth UI Free c#.exe
1620	Keyauth UI Free c#.exe
6080	Keyauth UI Free c#.exe
6080	Keyauth UI Free c#.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1812	3616	WerFault.exe	113

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3904	timeout.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Keyauth UI Free c#.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Keyauth UI Free c#.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Keyauth UI Free c#.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Keyauth UI Free c#.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Keyauth UI Free c#.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Keyauth UI Free c#.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
3044	msedge.exe
3044	msedge.exe
4040	identity_helper.exe
4040	identity_helper.exe
2792	msedge.exe
2792	msedge.exe
3312	msedge.exe
3312	msedge.exe
4280	msedge.exe
4280	msedge.exe
3528	msedge.exe
3528	msedge.exe
5336	identity_helper.exe
5336	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4884	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4884	7zFM.exe
Token: 35	4884	7zFM.exe
Token: SeSecurityPrivilege	4884	7zFM.exe
Token: SeRestorePrivilege	1028	7zG.exe
Token: 35	1028	7zG.exe
Token: SeSecurityPrivilege	4884	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
4884	7zFM.exe
4884	7zFM.exe
4884	7zFM.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2504	3044	msedge.exe	81
PID 3044 wrote to memory of 2504	3044	msedge.exe	81
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 3484	3044	msedge.exe	82
PID 3044 wrote to memory of 2068	3044	msedge.exe	83
PID 3044 wrote to memory of 2068	3044	msedge.exe	83
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84
PID 3044 wrote to memory of 2412	3044	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/z4KuDR
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,2504740983699595002,10388772034450501705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4304

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Saturn IV Free KeyAuth UI.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4884
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap25400:266:7zEvent30998 -ad -saa -- "C:\7zE413CCAA7"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1028

C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\obj\Release\Keyauth UI Free c#.exe
"C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\obj\Release\Keyauth UI Free c#.exe"
1⤵
- Executes dropped EXE
PID:3616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 1056
  2⤵
  - Program crash
  PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3616 -ip 3616
1⤵
PID:4436

C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe
"C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com/watch?v=RfDTdiBq4_o
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:1100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3080 /prefetch:8
    3⤵
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:1224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:1856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
    3⤵
    PID:4160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10098085119868263409,17948395818034911567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://keyauth.cc/app/
  2⤵
  PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
    3⤵
    PID:796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,8140858119393642529,14297770665080438313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,8140858119393642529,14297770665080438313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3312
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c start cmd /C "color b && title Error && echo Application not setup correctly. Please watch the YouTube video for setup. && timeout /t 5"
  2⤵
  PID:4884
- - C:\Windows\SysWOW64\cmd.exe
    cmd /C "color b && title Error && echo Application not setup correctly. Please watch the YouTube video for setup. && timeout /t 5"
    3⤵
    PID:4896
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5452

C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe
"C:\Users\Admin\Desktop\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:6080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d37d5bcd52b5d686df1f6411afd6826

SHA1
ce72c096c0f08955ad909e7158a0f1aff48e5526

SHA256
ce357e59b4850d5feca31c050c8b7bd0b55223323664010fa6ebeaa7fa895030

SHA512
328185a01a62efb49a4af0163e2f4280336869a3dc5d17fa6d2bf6c96cf3b92c37577f6aab80486a5bb8b7c4560c831afb5c18ab5057fc42ad2ec6d150cc3338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e5d8a214731323907ac6b9658e000efc

SHA1
99384e17dc54577b17928713d007bbc7bfce4994

SHA256
f39234235fb9c72cfe79000eb39071cfac713368d901008e09fe68e2108ad7d2

SHA512
0dc172f6da45de9b0d2af85830b66378beba92132d62efd865843d8ee28b8d38f26682975dc4358b396734e55f92580cb1663dd0c10f04ece6573a7ec4b5b138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2b0800924e95d5561dc8882c709fcd2e

SHA1
43763104bcfeac23f04cebe0e521f17c4e6842af

SHA256
9e11eeb59fc16d92e39ba4a8d1edf734aff5c274d51befcdb7a873dab3451287

SHA512
2ed8bde3d8cf8c855a63ccae43d2d9e2bd50f58ac04d5630867918b669e7f88fc2696169c6cf4ff045f9d63691a9ff8311932b354bfa402ed37d0939e823492d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
56c18b431ebd9a0aa05da566109c26af

SHA1
34bc941f4378c79af8e9ef7e27dc357d528f8e94

SHA256
998e212210953450b3c7124c4f89f602356814f82a7e75e3c858410374b8a437

SHA512
bdbaeb8be9e9a130103492ca2a3dde6327ff58f58a90dc21c7052a875ee1f241d07724a1191e6885328687ad4fb618aebc7cd31634250da92afc0d3dbe07a691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
029e4a13b1ac870dbf780f1250915d52

SHA1
8acfdc4face8dc090ffebf21177a08a918b239bc

SHA256
4727c7e6c24a349609014b4e9121dcda434172f989324e66d77f59dcd8c21cb7

SHA512
d0aace5cf9f51daa054a22a19582dbfd36e9787adaa19fa356116f6e58fc574483de32f30ebec3926e07a3404af1e46d43dc1905ebf2fc7daf5161a1bd9116da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
87806b7e57b51dffd45ef4cb3903ed48

SHA1
8679b475c23a0f6c5ee96784b7cf3dfa9a768472

SHA256
258edd192aea9f8fd9ee93e12adc7263f7f75e5e1c16d25152ae6c110e97f7bd

SHA512
7267d458afc4c88a1b201e44afb72c8e17e62fa0160d13ab736138582a2ac7d7a8ca6ef1ea76359d80143457a19b5cc5d09864ff79cfaebba184508c018c6398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c4e8379db8b55a347ab474926659d937

SHA1
61f0c0d4bc18bc30ec68474fbc84650c351269e2

SHA256
3ff4d8bfb702b9b35cdbec470c1cfb6c628805c8245d84f26a4350e178c74929

SHA512
2e1057ae026ca0d353d9364a3bb8770fda69dae68a8b27696184631e55933932be4e0e8f70f5b4e603fdc63dd15294be414ec9b09922da7d6e65b791afb1f5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
ac763149029a8230241bbc6313b8e6f4

SHA1
54f6097df5aa210507857063bcc9b211fd425146

SHA256
edf60f32a1565e8ac4c54be6750e18541a266d8a806c5ae29e40587f3c71e6f7

SHA512
0507e7668b3531b897316c03238e99bd107b0f205787370c04f0e59c4d04bd41915bb81027babb0b859f87522dbd0779168e718258016bb61daf57ac9545f741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
1b669e8178d809351d0ba05bc18167c5

SHA1
c3c6f897d89c5d244e7831fa2839419d50b3d068

SHA256
6e5b4e8c869d720b3cfb503de875f37d75b29b6650b36d5ff341b899d70daef4

SHA512
77ea458a3095ed60b4ef7ab746ba7486489642da8bc529e0005382eeee729199be2d705d42caad45d1f8f38e99bf376461da2fcb4edf128bde8a3e9118bda551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
7bc684c89a82f9443fd19cec3f7f5770

SHA1
8746b4013d2c32db794d58dce3a399321be8b259

SHA256
d205b561ac8c25df47661c339628c9983fc7c527936082993ea74a4ad1a531eb

SHA512
1282bbe8aff535ac2ba71f9abf1d4ff8a580e29cf1f25170a8f447a4c69cd483ce5a221f0ec75ccf595434c62e8d6b2d5b8030a1508e60cff63839c309fdc361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
a7efae5cc299a2be354e09ca57868dff

SHA1
7da9bcee22106a62e146af441abbb53041fd0138

SHA256
006535a2fcb121ebc07fcbec65764f8a0caa49463a6c90694eab1052a098f7ee

SHA512
0e5922ce84e9bdab2c556d58bef46e036ffb4cee28de8009043a7563b93f3829ebc576be1dc460d6c3b03a3b9ab9e5e85ac5a8ec52f66846dc6c839c26ea1a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
650B

MD5
a2e63c8ab432293ce130cf9c5597eff0

SHA1
572ea72ee9447286e3ae6d29b72d287f2bc26d22

SHA256
918643b62f4caa808942df789aa20e02b76b76d7af7eb780bc724e472822dbdd

SHA512
8b9729ad9326772c7bceb356a3e95c3bc0f44c842a0c808144433cc0e96afd78a26b3c4893589fc856e31a817756078603af5d94ec81f46c012db77eba319093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
485B

MD5
c928725c59aa17b1c9ae78b87b3e0326

SHA1
91e3861f85448b6125829e20d7abe3f64946447f

SHA256
955227756ad32990803e970f5fc911ff982c45f67e728524ac72d5b646bb2455

SHA512
74469552b09550021bbfe4ba3869c63e798f952b8cf72b6c0b3d3af3a6bc043dd7e7c1129563eceff1964933ff4cf563653340be40c50652c88493667b070d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
4ebc07f6e2c04d1fd420172304433a11

SHA1
4ac592d9204745021ba11f9e43861c13084e97de

SHA256
7e3de523676ed3b16e2bc366e1fec7d3dd0778ff7bd1831d46088a81f756893c

SHA512
a4884ebc60ffcb057c4fa47bda5a801341444d7868e83e30c2ceef520af6e46665e0a3f1c0263ba169ba20da5cb15678cb874bc499ec7ad89726ef3496f2bc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
37f2c6bd552b34c50d747c046081209b

SHA1
55fc0915757c4cbf77023e3bb0603196a9cd70d5

SHA256
6f99a3882a1c0c8ad386fe8f65d2b10aa9e2e2d9aa061852b40e1a45992392cb

SHA512
20003461dbd9c3bec9839cdb7f2c7d17581753b36708334dae4a58d18dc80440ce679cc9a4d721853c43fba30941a75ec0a0672e8a29a807633dea5808a33e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
84c23551037dc2cba156691b6b85841d

SHA1
55237d2351efca2d7afeaf7902298f049bda1951

SHA256
7fc3af434f7381c51808a16121291fc5cf3bc8e7bba2be4b21a7099d4fe416ff

SHA512
175f2cfc7f67bc5e174b56339fc9fd73a93762394a43f59d85c3b51fc04db3d00ac5323e54e14ed4785c78bbf83c47da6c1f93dec80ed0e6f91f9d7e446bc869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dd5f1c62b3acc7cdfe84e5ffaba090e

SHA1
1f5625b827ba97ae87a4275557c6ea327170cbdb

SHA256
3e0ad04a6f40f1ce0f2d76d202a604c33bb1d2932f899bca9dd11a6ae3b372a6

SHA512
27e245f6b72f065268a9419fac7ce377250067e58da9e29500b0e49b2cf8c94464a3e4fdb45bfc1f80b1f4a314fe291fe700bd499a2ea5a889a5156673222696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d806374f662dde13009ec4cb9cf9431

SHA1
bd4376bce60c761c88fa011983d9db4aaf4f98bb

SHA256
12a81b4d0035d94b04db3848ebf129db10ee7ff66abe590b751aecf9b83216dd

SHA512
6fb631f9855d92915806e246a7f6c69e5fe490bdb7e8a14a197092d1ef65f05b372564daf6c6cb08ba3db99816105acfadb98261fb08a313face0494e4378302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d98ddc5b989fd26831a9a31b90a4a1e4

SHA1
022d8f39c015950ad8097352aa01c5e53d4a6af0

SHA256
e767e46bd9811cf2669c4df50cdd45d13f4ce5ccf58c9d51dba5a353ae05c336

SHA512
214fb1d3594c43547d8d9b74756bc541964464e2523fda9acf336105310adbf6da8361cdf1eb0dee468a3f5354448efe7bcc6b7555cc1bbb5e52a0ef1ca2d5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a7c659880184fe44be1e011ef46e137

SHA1
8468d1f3691405d9de17a072c85a0b9b8b53dc9b

SHA256
405644ef416711f09f1bb181c8fbe7048a575a8f4a20e10e1242c65e8c5c86a2

SHA512
d173542ea9da957b38bfffd634b1896de437462918fe3e91dd1c5d88d8812dc0df9d18ce313a39ba0f9a9b5420b9e39b855dcd191b70dbbb17a008108b286664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f30ff7c549ea82f1e87bd398bbbcc04

SHA1
2f7cb109ca834c7aea435d25ca7576f50efe8b78

SHA256
dfb4dc827d9c0f8aec02d56491cd9e90c160a6fe3c24237e7653726c7154dae6

SHA512
b8a5d3cca014088aa822f15d88c6b36cc2bb6f419e2d47b2021735598c2d0ae7323e586c10afe05ad4ed662da760aaab80e84d460c6c33a3e525483269139c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21493d2ffdded66b5db1ea605b267115

SHA1
26470ff9f5ce092bd9c4c162d6cee32d1e34e23a

SHA256
979939bb32f7360eff2df944c2463738529abf65493c228775b583606b69391f

SHA512
551fc986afb0c2e0ee24b7107c821452e521853f5e2b476ff359934505d39d42f6f50112b5a672dd13e71bba54b2140d18623a835a2d9a4eb8b4eb3b8c51b284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5a1bfb71-42df-4879-96a2-1a1936e8d724\index-dir\the-real-index

Filesize
384B

MD5
bc3ca7461a486bf728f4eb32bb9ae39b

SHA1
f9740f1821866667189114fc196a35d5e1fbc02e

SHA256
e176af917472d0b2ab0aa572844cc794f1bb573a20c969cd407f8126d81f4572

SHA512
b82716997a31aad40894ca53f6f12a939e304dab2c50dc8ea4b41c06f76cb5ace3af1c3f79746052f3df96c5da3194b37b98c9c55157d184d1afab456ddc0563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5a1bfb71-42df-4879-96a2-1a1936e8d724\index-dir\the-real-index~RFe583488.TMP

Filesize
48B

MD5
f847cfd2687698150d68a79ee0ed5ffc

SHA1
034fde27cb268f26986e00652ad2a8b9c34b7ccd

SHA256
880b10274292e7d4a94720fc1ea5a676e19d7613b3864dcbf8ff545b8c14d847

SHA512
f08e8bbd99e27bb894ad0e8b993c54c6cfb89e3ddbac30d3d4d29c4a3b9241f5d8e492739da1aeb775ba100c92b45a8ea8f5266916333c643076ca151016d369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
58367fe49f4bfadcbceabeeabd256067

SHA1
f924ab618fb7597d0780a66537d569b14d60f7e9

SHA256
6ea55477a292ecb8c941970a49e5870f42fa2526a0f2a7974712f29cc3d3d753

SHA512
c7eade94ab6c353f3bdadde7e8583d548b8d9e9d824058be751dd166e2243432db2c05fe112197e6f05ce5dc83cef815da4a9cca1558c1d702964dcc22f955b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
508a3b5c22d56e8da415a4de3e313c4e

SHA1
b35a1b3ec067d5483b02088090092830cea9b147

SHA256
0dc4ab480de7d9579bc15465d5a3ec79c66c9f3c9229895100ca96c4b63e1ed6

SHA512
3c6f90b23f38fa43dfc6cacd5d1dcfe95b7594660c6435f97ed7b12d1f515b7d25b37ead7068a290b4c5a3f75591b10cca056a8ba9e1ed40dab39ce81b922c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
3f1c66eda7640fa1634795a5a228298e

SHA1
968cebdbc4b5e93942544e2365536d1d0977da36

SHA256
0197bda5f92da5bbbc6c44f8ea5333d16c4c38a255da0c59deca520bc7bb9c8a

SHA512
5939141bca88805b9b899e9faf5d75e512dac11f0e6f395df7661ba2b4892095e63bbf7e6ed2ffb63206dc1cefb883bd542921ca893b71f5128d7f37dc632619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b8a87e9ab5837c192122d39fb9c495a6

SHA1
ca8dcd655da69d03415d31a916cdd6c1b9c6c4de

SHA256
df1393b737e9236738596ef92838d2406cda877f8b44bd54802ef0cd1b4cf544

SHA512
a62e98c2091d5343e1fb82a821343f1728c80f482a95b0a00b76cbd742e5886fe1a67ac1e7e1b1598e485b7d988f429d05dcad18232ffa64a2a1b736b5dc9e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582a66.TMP

Filesize
89B

MD5
dd4fb4e9b4a13274eb47e7d1e73f280e

SHA1
4dd7862386f6b21836e929c76eabf2c203b7cb35

SHA256
e03e6af674d6ae542a346996c4b588bce15737cb6f6c1ac9d439a7e8f2827af0

SHA512
bd32a8bea327c0f8f70f87e213f4cc118767885b48be4a1ed5cca9011372a6ae55a91633e3cf10c87c0c3a7bd3567726539ac7642b357ff79144d928af42455e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ed4929509dabbd513a9a13d2d2621a57

SHA1
d68e1fda9912869bb02780e62efb5960760ff681

SHA256
4e866f35ecb74df00a8ed02b71928136005dac1c2f570df977e474e10b28e341

SHA512
adebce5ed98d599bc3ab7b4a84fab37b2c991d7ac66cb392f091c6c29d42fdae0874754c2779d45defe68dae7e15e355133e2fe2a7a318cd463c00becd55803a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583488.TMP

Filesize
48B

MD5
3ec5b197c0403346127a824476b71141

SHA1
fcd570cf05b14e27b3b0be82739f3b05bb59e837

SHA256
0d11c087a484a4438f477cfaa99873092a08978242e83dcf355446b8d5677878

SHA512
39b620995130e772e7dc767e38cbde7c9c3edfd30fb78d6d45fc2e241577035eeaf667caddbeeb213fbe6769f13e379abae65829e20c01c950b2740f5af253d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
326B

MD5
747998e415a9c46a871c9997559c28e9

SHA1
e210112519c18940548e018cf2440a8529412ab7

SHA256
20c897608ab33441aa04f8786845aec0befbc41244ecc3f89cf10c9c9f5b60b7

SHA512
7884790d88141819ff01bb9b28e1708047bf50882ac2a2ec6db2681b3b393f60cda533791d47cec62efd3f220a4a7b2d46f9ad3d8f7c32fa3f6914e86a6247dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
82f1ef5d25a4a67a64a385b85c741edb

SHA1
d7fc788219a29e3e0b149a65e3fdc07ecc672d14

SHA256
0662b7157712c08c75724e06ef7ee8b8eb07c5831a74f7c7229b10e8f11a669f

SHA512
828ed9e1d2a6ce39c3fe412c333a15b4b732058d1a94e283fa5b81ae6f1ec042c7a452cd9563ab09fa9c4acd12839535dc577551476808c0e0cf9316373edf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362308278289586

Filesize
3KB

MD5
bd10be9abad2dfd28625f1dfb4ad7d06

SHA1
988d96f00f8f6f9641d3b70b023143424e8d159f

SHA256
3544f788589480c534c57c1668b9a421a1c1a86d10ed44346724678307356a9d

SHA512
b0ee8e2df7812e3f123baa289ae2ed42db2ca4546a119836e9aadb94a1d2c80e2b7f9504e799fb1623005a0ac840066126114e4f6036a279dc7b62b88751c6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
679ddd21de8452adccbd5f180b4568ed

SHA1
c4d381e91ea4dd732f9a870610ad3e7172e2ce3a

SHA256
4c4da0e59f90d3e9bde91ae49ce4b08e71841765a2c2cdbb208b808b340359ee

SHA512
1d3ed1f54d70eff3339942d97d620f0bc1ba9f3c20e1e52bd26f22ac102eb45fc5ba6f7930938fb846b6ce2172bd38d18b2a58335514d9146461c95b3662df5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
14234d12eecea4d3778b66c95b7dc27c

SHA1
7022ac2c30258605e4e695bf8a10641e2c460397

SHA256
c60ab57663aa798ecd0b69102b47ecaaf102c7a80147eddd35d14143642b0672

SHA512
ec17b58e96d742a1e5e1e01c81030d779ab035257e8eee69c6c4c39ca30e3f229665adb3d282cb6148473b9e5792673be231a26f5f2fa72e1cfd2dd53542ad27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bd3e39301aefe095ff6cd003cf32eb12

SHA1
2df7ce6ef58eb3a7a06517065c359a1725e084b9

SHA256
568e099ce7f78d2d8ee5f90f82d255563dcf31b0c26b0706223bfc41e1fd1322

SHA512
b6524f5738b8122ffb48bc5b12a792470bd183b412619edf2f106dc45af469184257b1ebb7559dd06f27ea9afe2cdd5a777b2e97eeeccdee4f1c1c24b4425aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6b48e0046fd1a240070aa035ca238b31

SHA1
266d6cd42829d3adfc234d1c68f79d0a3a7ae579

SHA256
a3ecd60c071fd8dd2da84a07dbaf8dd06347b2f5023d961aadc7ea9a861a6e02

SHA512
7f0f05f58003669d6ba10deba976eba2aee806e191fd5b02a68235699a2bf8cb3c4335659d2bf568ba4c1d833fcb06c2348334a50b03261bdd5d38881adc2e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b8b1a6b05fabb38c72ca41cb4c6684da

SHA1
76c7b92285097d92e2eebc403c83ef024ec38cdf

SHA256
66f3c42ca0cf80969c28b75bdbe3751f339159fd8194031fcc7082177ef2b5f4

SHA512
05e539275942d473d0c0aecbbc2efe7e9e4ddd0057d3dba8bc7fd358c091106eddca80423ec587e4ca526ca33deba489a6999c891f13d6bacbaf72825e4384db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
c58e31996b92e487772ca036283b9520

SHA1
ac5c218de2aee33fc7d2d27ec3a9b68998b0c545

SHA256
46ae788c871bcd333348399dc2560fc301378bc5bd4f3365b36f5f09b394b12e

SHA512
293707d2e19129f6b2f6b8b19aa05752dc2a1e490316ff448b84f7750c735249f94a1e9e788c81c8ae55d1e80aba19fc3fe21fdb145b574a84d3cdf040db6a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
85b58f69a49af0f99f64b889be934dd0

SHA1
c652ba9707474664200a1fe57b1ce3d7bb001e1e

SHA256
2afdd4b08291b36f85af1f858e2b74d7fc67a42286076d029e6071a2e631922b

SHA512
e5f2660e2ee15a7e1a56c38f627e644affdcab06b52a2612d494027aafb74d36d2117c13f99c156a9fc61947d1fbf83f01e308530e1c90689cbe0d07f095a89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6eb93eb1eb734070f41de9f9a49af3ba

SHA1
2c7bf0ffec52e3701e62da0b0777ab87f9ed05d5

SHA256
4694bacef695e69bf20304d76ab7a3497cd68976b4536628ffd2f848895abe8a

SHA512
0fb7c7ccf92e87ef2157803c97bba2b12df5edc9aa5c73daa09933bca33e274dbd141dee72086156fcf2b33591cc4dd7bcb4d2e27f00df21e717054f53b4090b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
9cb5314a44a1108e664c876a2913e9e8

SHA1
2975485c15d7ee486ef53555eef1989b61932636

SHA256
e8ada62aa09253a39976ad57518240de90fdad581c21b631b5c861f0ecf673b3

SHA512
886693669d171e57443bbb4fa8aed7e6cdf45d4c5ebe7a450c4f8009fd3f6153436525a809f8ac08242c77bb8bb95c72b20abdc3805bfe4837c7ec4b15242871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
54317afadaae78bc5861102476f1a894

SHA1
270980942a6976f0fbd37f83195358f47bce1033

SHA256
e021494384fbf21d10e3a8029c5d525c58727971b4f996e5df8db26ecd6dfd62

SHA512
e6749380d0b2046708fc7b4bb00bac82ac5d7f49b0375e92c2fa275a6ec2457a97ddd207b66813f229e5967ef8940e11288f30f78c906df8736678ce07ea6a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
cc2d601970f8ddf64eba89de6b178650

SHA1
d62d971b76f899ffb392aaca3fc83dd5018baa86

SHA256
a64f3339d6e119d6b6d3a108599cc0cc7e9e3a8f056bcbe5cbf4430a613b539a

SHA512
9b04777ff20f226b746b85d7ee40d05de1195d57f93f3693a77db63bb4699b7956cc4680d860720b275b9a41eae085f9d6ec49c50a5c06df2c98ae98c4504f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
904c2aad27fcfee96529a178c941118f

SHA1
859ebf39212c555b575c209353d960b1e5bf931e

SHA256
fbbdc99e809688469516956900e547024020b9f3704d6ef2b24bf222431bc785

SHA512
2a243d85148d772fa6f11021f760e05102c6c53570849b9afa4b13f1af1d72dee3a18fd57b90c9bba51946965c8d8f0804486352132e22b6e7bbbf0cabaeb191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
630471bee1c646c3353847f37ede77a1

SHA1
6efecb57aeabef1037a4437d5d23c81b0bd3d7a9

SHA256
5eadc07d1ac47987e0f886d851b08b8b852dd4b492e6928547e9dda861726acd

SHA512
43891b42af89ea47750d425c1e41cefa9709e30026377c959fb73590bd8a3656c9733053d11705c893884a7628b29230b8a9a03873906de6788b50bb97f3a48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d327902c5c1af9a36756ead7a13d1142

SHA1
536389319c14963e059180ec6a1d00e3fca3274f

SHA256
ddbf396a64a3636e1d745ff985bd9024b01917fd566200ac30e36a0eb5112b59

SHA512
c84bcfa5210ee599b68ce3f3e876dd967a54ab276195a962b71df772f2f904486d91ae690a19aaeed66c46ada097eb216caf8affc73fe70846e0f2e1972dbbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
286792301e417fa5aa64b1cbca8c9505

SHA1
7384cc0a20f299bad061feb8948f7b7890a65cc7

SHA256
7d7033b04b323374e7e0c9bb549262ab68b2f022ad944ebb410130a11634325a

SHA512
a1092730dbdf224732d68034bb522b8f95526ddae862abaef79ae7115c9f08eaa1d2b8a8dfd5a2bcd158a9b77ee770f7916cfc16409014349d807a0c6368edf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\bin\Debug\Keyauth UI Free c#.exe

Filesize
11KB

MD5
0171cb1068ff11de4b5385600316febf

SHA1
831c44a7930cfc0bfde9bee05d6b0ff2c8dd166d

SHA256
ce2fbaf3bc8dbeebc8c46c0524e3d3be5406abe1564087d5a544a147543c029c

SHA512
c0e5fb84f6648e4d64f98eb15e91ac6c90bea118ad2055fc498be2ca1a2c5c4593a68f1dc3c19632236ae52db13930de27423cd1af9a3ab48119cc50073c7975

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\bin\Debug\Keyauth UI Free c#.pdb

Filesize
33KB

MD5
397f9451aa20919a3f14796b7fa8f4c8

SHA1
383c563956baf2624dccdfe71b2fc5b04605b0ea

SHA256
c03a95ecfadd57c4c2990d80d303f27aac0dd70888dbc2dfbc94c4f7971fbc03

SHA512
29ac8bf3416fa73b9542c9c09db3e940f3b53bb9c8dba7d55649e32c719a4f7032d82324794eca7bb4e6342b0cab4dd1872d2c08887e63c03e82bb9b177751d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe

Filesize
47KB

MD5
52913839c56d12ca88dbfcfedc9b41ae

SHA1
d2ee58c9483b1094b4fee07aeb9df32eb483b74c

SHA256
a1b0e4ea3490836d66db6e36b54ff817ee007da148bbe943d26691114c897275

SHA512
a7d75c3edb12cfcff1e8553e1d7ba652feb0beefe5f2c2a05ccab6eb275b06714c38107599d3a555af0b3ed5e4d0674b22bab46cbe13ac27e5b0cbfd43a89635

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.pdb

Filesize
115KB

MD5
268b7714cdee8eeefad3086f3d28b412

SHA1
75c0a0b724238ea342fe71cba9d10c7332df9c76

SHA256
b77cadbffb16715850655b220be68505854411bd48d47115e63c81067d82ee96

SHA512
466e9faef59030d8dc94ca1a531a3c62fe033569b45335af36de578fb87583160d3bef1311dca9813e1a846d68a11def23066fb893cb6457c68effe01a546cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\bin\Release\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\obj\Debug\.NETFramework,Version=v4.7.2.AssemblyAttributes.cs

Filesize
214B

MD5
896ab120ac6b6af2895fdb71c452b9d3

SHA1
eb545ccd7a1bafcdf31ad0f32c09ac505744aa39

SHA256
621199557e90fb1661e401cc9a973163c850b4b7e65bbc8d100f67f6699eef70

SHA512
834f53444444cee5c348da44674a2b8e6ce51f21a7565a23629001a5c535533c78a4dff8663176d982bab24f0dd272868cfc5c2fadeccc9b97a14f6946766dee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\lib\netcore50\System.Runtime.Serialization.Json.dll

Filesize
22KB

MD5
6184c6041f30b266d70e81e671a912aa

SHA1
4caef41228d82f346800d8dbadb69055a8f35d34

SHA256
034f9c03bbd96c9b95a7222c128ca68c7840f46b7168dcbc0ba1f980f9f4836e

SHA512
c1da6beb04957778e3c2529d6458ec2d0036639714236327c77a2ad7886034de125e93ddc4d2a65f71e50f88e652ea538dbfac371467af15137eceafc4cb2583

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\System.Runtime.Serialization.Json.dll

Filesize
22KB

MD5
4c1fdea60cb939dd741af13ff93f68d1

SHA1
481d7a66856bda2c660891c7d3a0f638350166ec

SHA256
4f0ac7083637c7152e8fab9b9dba90fbb511f12f1b2bba0faa6722ea6223402f

SHA512
643586dd505398e9e35715963314f9c748265ca0bc57f2048914d2dd9e8fb337bafb785d188b2dd5f909d39d26c7398d691e13fcee7706bacf74c4351f418b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\System.Runtime.Serialization.Json.xml

Filesize
10KB

MD5
2558d8cc98c1b65aa2ada442592973a7

SHA1
5096ccb7fe7a4058841bea325fa3bc7b54548978

SHA256
ac48213a9dc5000d7f46960b39835d58c163831d6e56b1f3c9a6c5e2a58095e8

SHA512
c6807a4b177818fe66c769f0d02250e34b4bde935c42ce4b4689381493f14b2dbf2dc261e998b4c150cf52c052223f6fac7f2fa7a72747a23ea20a22930b588e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\de\System.Runtime.Serialization.Json.xml

Filesize
11KB

MD5
59c9d2d879b1b3f8e581a8ef07f56f36

SHA1
24b19ebc21087cee79066218d714c6ec01ab3571

SHA256
950a21e2437ea16ceb79e4100e6f1adb02aadbed7237c13dfd5b3e3968874aff

SHA512
137e87899834cbbb5168903b4b6f4a2bb4f6ca63d2016856e6989d3bf18399f3031a3af8e8c9b5883b55284dc68bd2c566e1f3853b8f0f9cf228b00dccfe7ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\es\System.Runtime.Serialization.Json.xml

Filesize
11KB

MD5
add38a679bea827b1b8a03e9b0450684

SHA1
4fcb6aa388024cfeafb03d7cb233755ed517a9d1

SHA256
3f836279830a4c230da15566aba673863cad2a6da17277b81579b6b95fc68ceb

SHA512
5b0220b696dfc5af0da63a341e152f5d423183d2736747c92c6aed362802e3f9633103a0d0d4a93ae6a1f28b5e50e0977705f73e8ff38086a8803574db2a00ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\fr\System.Runtime.Serialization.Json.xml

Filesize
11KB

MD5
437609e98fa0cd2a67a2c9433d60db4c

SHA1
6742a37a14ee79ce4be0a41d3d479cdcc8ea0ee7

SHA256
0ed348839087a0891fc604097db3fa29e33e7e10e472b746824f82bdf2aef616

SHA512
269a635b2010d7f33616008e0fcbba0d49e25c3d88dbb2ca45a13c3e177c445ccdb4cdb9f2848474d9c8d016b3e14b60b2c609c108c59a1cbae5c89ca4e1de51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\it\System.Runtime.Serialization.Json.xml

Filesize
11KB

MD5
7ac45db42ecd184dcf00b9ee5098c97f

SHA1
2101637e3d1f26d764bddf6932232df14dad06d5

SHA256
7602b3a914fb2b1e0d971fe37334360ddcba4fca66c837777bfe3b0357665940

SHA512
ded790e24c57f1a67edd4aacae8396cdfdf382e0229d526cd255b011575d2f65d3a7739513406af3fd78df9459904d61c66d2a064b3705cf23ae2926c557d008

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\ja\System.Runtime.Serialization.Json.xml

Filesize
12KB

MD5
f80ed57f59ba9b933dcf4fadf97f8df0

SHA1
3c01d5434b507ebfaa55e4697d7f9ae2c24c6c01

SHA256
0d9e9c29d11619958fa66b8d17343b50477e1385130978429ca7b09c614bc98f

SHA512
15c487d19482e7ac50597ac3a37fe3c511af6be63274a674fd8c22c9fb5a8af6657d64a160b36480c2eba248f70f2bcb5d879fe340f0ab743ae7f3a73ab3e4e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\ko\System.Runtime.Serialization.Json.xml

Filesize
11KB

MD5
579570bdd58bcd10ddcaebbaf9855b6a

SHA1
b64483c5161daf8e409d3600dff3f28bd717eb16

SHA256
41d25a06a5adc28e796d1e84cd905983c8757d21a48f04c8903941ba8aa86e28

SHA512
54434ecc0d4d40b9f6810d7190ce08833873786db1c6a26e6071bae3ced1da3dee53fe76b9996209d0bcf7f8211eb26135da5482811a1a430af0dea6316bf249

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\ru\System.Runtime.Serialization.Json.xml

Filesize
14KB

MD5
1f51581d745a204c8ca992001d096d3b

SHA1
44145f246cc09a8268b6a3bfb0a6137c7f46d34f

SHA256
de58781c3fa01bacd1a07dc15121689ea8d158eb64f80cc3e87ce0c5954948c2

SHA512
688aef4cc12e7af5e066c91c0d77499603e29559e682316ee55b18170b44aae3ed2948997370d3734714d9fbc9c28fa1f0c0bcc9ad254dbec8d9169791f048a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\zh-hans\System.Runtime.Serialization.Json.xml

Filesize
10KB

MD5
9f1acb8ac0fab4eb7cef9ce4ac45de16

SHA1
fe3de40282e352cbd998499ccb9d60eba5f17079

SHA256
089bf6a1333a11eff55c96e96c80a8ec07d9a997647d8926bd003e532fc670ea

SHA512
d5a67cfdd3edbd4bbd368ddbebcb129f5ff08303dff394ad2efbe5f48fdc0ec110c937523c739aa60f3cda6f48986700061d8e49b34139f298beada23266943f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413C1997\Saturn Free KeyAuth UI\packages\System.Runtime.Serialization.Json.4.3.0\ref\netcore50\zh-hant\System.Runtime.Serialization.Json.xml

Filesize
10KB

MD5
96b9adeb1ac6ce85c38b5d19028b44b8

SHA1
a7c9ee1e92242e2a76aa55692001531143564b2f

SHA256
4c783885ac852b1a98cc4fb11c2bb985af0a66f619f31ba04d24e337a8510ad1

SHA512
208a1f3e06504c4eb1bda396f0df9c07e2ac273e2b6f2ea3b598d572741ed28379550a811e4f94fc58a9b30507c061bd23df61a8d902aced5cf4f839adf00c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413CCAA7\Saturn Free KeyAuth UI\Main.resx

Filesize
5KB

MD5
4eb5913a0e5aa842250f7419538fa230

SHA1
31fb76e5d9babe97a11fea041081f96ce426107a

SHA256
4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298

SHA512
846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413CCAA7\Saturn Free KeyAuth UI\bin\Release\Keyauth UI Free c#.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413CCAA7\Saturn Free KeyAuth UI\obj\Release\Keyauth_UI_Free_c_.Form1.resources

Filesize
180B

MD5
cd7dbc7abeda9893ce25793744443958

SHA1
dbbbbe2694d4b9b990881f279b4313574dbeac9b

SHA256
e13ed2c59366d0eea74863fd71a81f0cb977cce1edfde304fc538690a4f6ac89

SHA512
e880f131ff460384940248ab2ecd97189ae0b7169fe5246440dfbce32f295cbd7697ce2ee65b434a0e40be91b91c21b2c14b1f446b2b1650d0a5d94c0d4f37ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413CCAA7\Saturn Free KeyAuth UI\packages\Guna.UI2.WinForms.2.0.4.6\lib\net472\Guna.UI2.dll

Filesize
2.1MB

MD5
c19e9e6a4bc1b668d19505a0437e7f7e

SHA1
73be712aef4baa6e9dabfc237b5c039f62a847fa

SHA256
9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82

SHA512
b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE413CCAA7\Saturn Free KeyAuth UI\packages\Newtonsoft.Json.13.0.2\lib\net35\Newtonsoft.Json.xml

Filesize
541KB

MD5
76b0457c71f838783d774df1c8daa3e6

SHA1
d1b88f302be6fd6c79a15935aafd2a198bc3bd4f

SHA256
1b2239dd13b34ad94b1e70d7bd07e4110a3bb7f286666e61d6dd53c732c29882

SHA512
9a2a2f7136aa88eeb65973adac0d4a46e5fbb133b5a656e5da528b0f338946b3bfbae6c4e99613a6d37b7b64776acab45ff65a8ed3b35b354bafe29ef0304bf8

Download Submit
C:\Users\Admin\Downloads\Saturn IV Free KeyAuth UI.rar

Filesize
18.3MB

MD5
e22eb825cd01609273c9ab5f1fe55ae4

SHA1
d7292907e1e5b973ab3a47fbb7995e7b4a1a3e66

SHA256
0f6cf8371f1e1ada6918063ddf17a6118944e9712847315fa0ac6a6e913df202

SHA512
2428895620142c5d4eba138743374fd00b2d9592ac683ff609e1525927cb904b21127f23ecd91c492a619eefa0650430946b8eded5ccee2eba910c9efd9dbbb3

Download Submit
memory/1620-859-0x00000000059B0000-0x0000000005BC4000-memory.dmp

Filesize
2.1MB

Download
memory/1620-860-0x00000000069A0000-0x00000000069B2000-memory.dmp

Filesize
72KB

Download
memory/3616-848-0x0000000000C00000-0x0000000000C12000-memory.dmp

Filesize
72KB

Download
memory/3616-850-0x0000000005480000-0x0000000005512000-memory.dmp

Filesize
584KB

Download
memory/3616-849-0x0000000005980000-0x0000000005F24000-memory.dmp

Filesize
5.6MB

Download
memory/3616-851-0x0000000005640000-0x000000000564A000-memory.dmp

Filesize
40KB

Download