ffdroider | hxxps://github[.]com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11[.]1[.]2_build/ghidra_11[.]1[.]2_PUBLIC_20240709[.]zip

Resubmissions

23-07-2024 04:58

240723-fl6qhszakq 10

23-07-2024 04:53

240723-fh9yrsygqj 1

23-07-2024 04:52

240723-fhp9csygmk 1

Analysis

max time kernel
1507s
max time network
1749s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11.1.2_build/ghidra_11.1.2_PUBLIC_20240709.zip

Score

10^/10

ffdroider discovery evasion spyware stealer trojan upx

Malware Config

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	GTKSetup-en.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	tk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	tk64.exe

Executes dropped EXE 3 IoCs

pid	Process
1844	GTKSetup-en.exe
4292	tk.exe
2128	tk64.exe

Loads dropped DLL 5 IoCs

pid	Process
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000024a9b-2087.dat	upx
behavioral1/memory/1844-2153-0x0000000000400000-0x00000000007DD000-memory.dmp	upx
behavioral1/memory/1844-2247-0x0000000000400000-0x00000000007DD000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	tk64.exe

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\i:	GTKSetup-en.exe
File opened (read-only)	\??\n:	GTKSetup-en.exe
File opened (read-only)	\??\z:	tk64.exe
File opened (read-only)	\??\g:	tk64.exe
File opened (read-only)	\??\v:	tk64.exe
File opened (read-only)	\??\w:	tk64.exe
File opened (read-only)	\??\a:	GTKSetup-en.exe
File opened (read-only)	\??\r:	GTKSetup-en.exe
File opened (read-only)	\??\z:	GTKSetup-en.exe
File opened (read-only)	\??\a:	tk64.exe
File opened (read-only)	\??\k:	tk64.exe
File opened (read-only)	\??\n:	tk64.exe
File opened (read-only)	\??\s:	tk64.exe
File opened (read-only)	\??\h:	GTKSetup-en.exe
File opened (read-only)	\??\t:	GTKSetup-en.exe
File opened (read-only)	\??\o:	GTKSetup-en.exe
File opened (read-only)	\??\s:	GTKSetup-en.exe
File opened (read-only)	\??\v:	GTKSetup-en.exe
File opened (read-only)	\??\w:	GTKSetup-en.exe
File opened (read-only)	\??\x:	tk64.exe
File opened (read-only)	\??\y:	tk64.exe
File opened (read-only)	\??\e:	GTKSetup-en.exe
File opened (read-only)	\??\k:	GTKSetup-en.exe
File opened (read-only)	\??\u:	GTKSetup-en.exe
File opened (read-only)	\??\x:	GTKSetup-en.exe
File opened (read-only)	\??\i:	tk64.exe
File opened (read-only)	\??\t:	tk64.exe
File opened (read-only)	\??\F:	tk64.exe
File opened (read-only)	\??\p:	GTKSetup-en.exe
File opened (read-only)	\??\q:	GTKSetup-en.exe
File opened (read-only)	\??\l:	GTKSetup-en.exe
File opened (read-only)	\??\e:	tk64.exe
File opened (read-only)	\??\h:	tk64.exe
File opened (read-only)	\??\j:	tk64.exe
File opened (read-only)	\??\o:	tk64.exe
File opened (read-only)	\??\q:	tk64.exe
File opened (read-only)	\??\b:	GTKSetup-en.exe
File opened (read-only)	\??\g:	GTKSetup-en.exe
File opened (read-only)	\??\y:	GTKSetup-en.exe
File opened (read-only)	\??\b:	tk64.exe
File opened (read-only)	\??\l:	tk64.exe
File opened (read-only)	\??\m:	tk64.exe
File opened (read-only)	\??\p:	tk64.exe
File opened (read-only)	\??\r:	tk64.exe
File opened (read-only)	\??\j:	GTKSetup-en.exe
File opened (read-only)	\??\m:	GTKSetup-en.exe
File opened (read-only)	\??\u:	tk64.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	tk64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.15.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.SuspWebsite.0.dbi	tk64.exe
File opened for modification	C:\Program Files\Trojan Killer\libeay86.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\updates\upd00d.c	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd006.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.AppAds.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.OnlineDating.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.BrowserNotifySpam.4.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.WhiteList.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\libeay86.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\updates\upd002.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Finance.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.17.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FalseHiringScam.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Young.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\offreg32.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Adware.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Malicious.8.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Torrents.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.LowTrustCasino.4.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.OnlineDating.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.LowTrustCasino.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd007.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FakePrizes.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.Adware.0.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd10f.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.5.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Young.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\ssleay32.dll	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.SuspShop.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.SuspWebsite.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FakeInvest.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd10b.c	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd011.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Scam.4.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FakeInvest.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\ssleay64.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\updates\upd00b.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Malicious.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.Scam.0.dbi	tk64.exe
File opened for modification	C:\Program Files\Trojan Killer\tk.exe	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\updates\upd010.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.PUP.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.SuspShop.0.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.MiningPools.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Phishing.13.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.WhiteList.0.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\updates\upd009.c	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Adware.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.PUP.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FalseHiringScam.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.IP.PUP.0.dbi	tk64.exe
File opened for modification	C:\Program Files\Trojan Killer\7z64.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.MiningPools.1.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.MiningPools.3.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.FakePrizes.2.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.Malicious.4.dbi	tk64.exe
File created	C:\Program Files\Trojan Killer\7z64.dll	GTKSetup-en.exe
File opened for modification	C:\Program Files\Trojan Killer\libeay64.dll	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\ssleay86.dll	GTKSetup-en.exe
File opened for modification	C:\Program Files\Trojan Killer\tk32.exe	GTKSetup-en.exe
File created	C:\Program Files\Trojan Killer\database\NF\NF.Active.DN.AppAds.3.dbi	tk64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GTKSetup-en.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GTKSetup-en.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	tk64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	tk64.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661854236239591"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0 = 4e00310000000000e9586c7210004a61766100003a0009000400efbee9586a72f7580d292e000000f50102000000020000000000000000000000000000002d849f004a00610076006100000014000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\NodeSlot = "15"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0 = 5600310000000000e958707210006a646b2d312e3800400009000400efbee9586a72f7580e292e000000f7010200000002000000000000000000000000000000221efa006a0064006b002d0031002e003800000016000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0\NodeSlot = "17"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\NodeSlot = "18"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	tk64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	tk64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	tk64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	tk64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	tk64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	tk64.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
1488	msedge.exe
1488	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
180	msedge.exe
180	msedge.exe
4324	msedge.exe
4324	msedge.exe
1748	msedge.exe
1748	msedge.exe
912	chrome.exe
912	chrome.exe
832	chrome.exe
832	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe
2128	tk64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
1488	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
4684	java.exe
4684	java.exe
4684	java.exe
4684	java.exe
4684	java.exe
4684	java.exe
4684	java.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1844	GTKSetup-en.exe
4292	tk.exe
2128	tk64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2500	1488	msedge.exe	84
PID 1488 wrote to memory of 2500	1488	msedge.exe	84
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3836	1488	msedge.exe	85
PID 1488 wrote to memory of 3976	1488	msedge.exe	86
PID 1488 wrote to memory of 3976	1488	msedge.exe	86
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87
PID 1488 wrote to memory of 4652	1488	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11.1.2_build/ghidra_11.1.2_PUBLIC_20240709.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb63a46f8,0x7ffdb63a4708,0x7ffdb63a4718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8192181646259728249,7682281258727440453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ghidra_11.1.2_PUBLIC_20240709.zip\ghidra_11.1.2_PUBLIC\ghidraRun.bat" "
1⤵
PID:5108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\ghidraRun.bat" "
1⤵
PID:4640
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  PID:3876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\.." -jdk_home -save
  2⤵
  PID:3068
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\.." -jdk_home -save
    3⤵
    PID:4368
  - - C:\Program Files\Java\jdk-1.8\bin\java.exe
      "C:\Program Files\Java\jdk-1.8\bin\java.exe" -XshowSettings:properties -version
      4⤵
      PID:1744
  - - C:\Program Files\Java\jdk-1.8\bin\java.exe
      "C:\Program Files\Java\jdk-1.8\bin\java.exe" -XshowSettings:properties -version
      4⤵
      PID:3236
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -cp "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\support\.." -jdk_home -ask
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4684
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -XshowSettings:properties -version
    3⤵
    PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdb040cc40,0x7ffdb040cc4c,0x7ffdb040cc58
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,7314071216477681087,7343078510709727755,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3728

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb040cc40,0x7ffdb040cc4c,0x7ffdb040cc58
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3172,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4820,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5192,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5544,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,2178425769889772482,17076126089648004531,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  PID:5036

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3440

C:\Users\Admin\Downloads\GTKSetup-en.exe
"C:\Users\Admin\Downloads\GTKSetup-en.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:1844
- C:\Program Files\Trojan Killer\tk.exe
  "C:\Program Files\Trojan Killer\tk.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4292
- - C:\Program Files\Trojan Killer\tk64.exe
    "C:\Program Files\Trojan Killer\tk64.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Enumerates connected drives
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x50c
1⤵
PID:5668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Trojan Killer\libeay32.dll

Filesize
2.3MB

MD5
cb42de1ba2d8d47693155632b3e13865

SHA1
0a4ad3f3cab4f27c5bd66f380b37bb24c90b9cc9

SHA256
71534df4c3dd0bb71c324f3c11a7a1da68578e7853367f00cac34a72ddc2311e

SHA512
3b9e3c8309d0b68060ac883f517ab252db3f56458ffd5934966c22f8f92cc7af41eb897d6a5966948bb5ba2aa92bf6faca4843f4a948d7f0c84461ebd3e8bb5b

Download Submit
C:\Program Files\Trojan Killer\ssleay32.dll

Filesize
464KB

MD5
a9c7f5b8240760a45a6df1f3deb7d45b

SHA1
99c3479b5dfa564b404f23c13fbf380cb2dabcd4

SHA256
f54e74cd308aac3f15a67b87692cb7ecf677272f291ffae7acfc83fea61b4b0d

SHA512
5a79f81fbf6dc2df8480dbe1390103057e8d72f9986d9967988b330f84e93497410a532852ff06c54dc1478d1e06a09b77f5f293c282e31bca38f239346894a8

Download Submit
C:\Program Files\Trojan Killer\tk.exe

Filesize
1.5MB

MD5
41c497b4910cd3e8eb71471dd3a3a8aa

SHA1
1c34b0997ed6d33bf90ab60161d56e9429f68c28

SHA256
2713ca7a150b1bfb3b91b443341ba64d5551da7a6f4a032f6effd4ad4952eceb

SHA512
2c9e71fd9aa8a1358a43dad622cd6416fdc70d9819e8f0f56be59c4db8678b86009c1dcf03969fd882d46b49374f43dca830c84e6ba0e0c556c8c53230f1d469

Download Submit
C:\Program Files\Trojan Killer\updates\nfd.c

Filesize
278KB

MD5
6770c1bc542f07ead81a25ce2d081ccf

SHA1
6db4ad73fe18a54bfeaca6e77d717dae9507d650

SHA256
30cf5e50ea50e46585211f258ebae4a8c1f68f37eb07d07562656b61f815317f

SHA512
0b36bf6f63cb6a0df768e4fd403417dc21d255c7292d7f8fa1813c4594b662afcd47dcfe26401ee3d05fd1e789db84e6d087ac66f540fcc3baeb64b4d7339049

Download Submit
C:\Program Files\Trojan Killer\updates\nfs.c

Filesize
5.1MB

MD5
a1680a597b91bdba232e00f7d56957eb

SHA1
8c236d8bcabaf0ae3e4a919f6d56b92b350e66fe

SHA256
b1415ae89984abd14e35e6b2385686feecabbf28c0426523df4978a64b449fa1

SHA512
84f47f4211e1936845d90c04f9254552fad4197ec70a62f70044731f2c1af516a165f9bcba4f936bfd184ea92f603d69f2c8fb08eccd36e6c13d24d6236e9d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c81636a0226ae2c5d678d60c61c4a3d7

SHA1
2ed472d1e44e86d4b81af5ecf39eb3073a646af0

SHA256
9cd856ec790fc3f8f33235725dfe633cf7b58c63596332de7db5e501b8d5c246

SHA512
212f8ad84c7ce3291655dc4931729aec5b97fddb008715cac5f1bba2eb1703e0f3306dc100294f184faf9d695cfd81c7f985eb553a7cbe647b1f048ff947be68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1c4ab9e0-7362-4222-bf3c-89dd0605259d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20375fda-2eeb-40f2-b3af-98a2becebced.tmp

Filesize
9KB

MD5
71d2b231e487651e1bf26ae15ff825c4

SHA1
ea6f870bbcb6fc4a770ad802d796aa309c2649b2

SHA256
0921491e15bb38bc4c39241f909b46d7f246e8cd67d9d395811a78344671b94f

SHA512
02b6d40a9cd51dd82a2fc31a850eec2b687978d2868cd212136898d62aeec24e35ee746ae92dfaf45d4a8a56823fa7b36f91b6a03c9b465c0f48b62fb4c9e868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0375825d756bf2438a367b18f976d012

SHA1
c8103b8f4f8936010aebf38e9e674099a68f2894

SHA256
cbc73a6942f3fa000d889c9f5ad0bc0389e8325bdf6d174f324cf3c6fd328c8b

SHA512
3e188dfbba0552e106cf0adb0a19402d4cc917eb71b07bb6b7a307cf34dff512d9f4200ab298112f88ef8505732c2ea1354a7eb68d12a6caaa4df1fff07ebbd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f905864d3c1ac2e0b0b4f5c635782ca4

SHA1
f54db3bc9e68e1535c0b2a487a44bcd4990df1f9

SHA256
21277f6629cc69217b42e2822e646aae81d4134e69970915a6eecf383e784021

SHA512
7552112abe9261fe67509626ec59ae1b52b7846c4d735432e15c99394fd460e2509c3c49a542b7b5b8c0bccfea78d27e075620aa3f5160c38aa7bccf108abf27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
4e201681b43612d97b37aef9e53ddcc6

SHA1
5c8dd51a14fad1ead8acd05ec61aeae897fabee3

SHA256
7eab9a40b744a7dc9486139ff5f26930c7a722bb762bc26fb87b2385a68cece1

SHA512
ccdf1fd03f60c29eae04c8066b7148d21ebf720a1a6e729d6c4e20a5104fe84794528b064313179afb4774704eff1e2f70298c0f01cd42e6a9e2b200e84ce9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4d5528584f80524a560dadd516fdef7f

SHA1
c3ac8d90ed785268c1157e63b3acea004e52d5a5

SHA256
f58c5ce5d577aebd68b8da4a681e6d8f1b10b0a9aef6d24273f55f0a631f6b3a

SHA512
e6b92f54384d399c56433d23c1b6e21e9700587245d463db4d9b40bae22b6adb7483713ba79aef862890b458b909828e1fa201c3d3e12847758ddb331d1861c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
1.2MB

MD5
4c68d05476a56516544013dda5bf03f3

SHA1
7a11cd5107465f06d5c859e1a0ebcf91329dbdee

SHA256
fef9d951a360ca0ad0a5724614a86602fdfa6916dd3e53784bc9ffcde6f23352

SHA512
2138b3c7c7300f74efe39bba91aa621585a8f5b19b97cd779969e8d2cdcc8aa14debe06d57c678323b1c2fd63805c3d299d075d093a26fee79cf74807d5cfb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
c14e0ff5f4906b2c3b3ab5e088fc264a

SHA1
83fb57808e3da357548fbf82d94955d4cf4aa4aa

SHA256
5815581e1541c319696b57d6fa5e03e8b2314ca752db44b671e08c14e374117d

SHA512
06d85997bb6c753d5bc59482505b965f1ee375edfe7b72fb414ae75ba505546df44e9234bccbdec6f885bbb9e0dde35bf7849ad01f4982bdc712287c008258f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b492d93460c9876fef8ddec11b73c4b8

SHA1
26bd4c8fbafe51d94cb32299761b9a31ba6efd54

SHA256
d7a152e047a3f4756e2a747d56b36af55168fd12687232bb9e4c1da8dd67dab5

SHA512
01cb27bc2e3db1eb42f23e6db9e4bb02bfabb2d5e60e6684f9cf2cf81051102b9dc5a8c98add642c4a4960d329f1258cc4c1d0db80b24b577e882720e9584ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
cf5a7d85ef6a51cef9ad4d1e2d080968

SHA1
f105c5fbd91eab69d1f6e209ff0930ce781cb94f

SHA256
8f4b77095cd5dca30f144e2e647639230ec593f7f3a620133f116fb39f40d38b

SHA512
9df1adc479f9d051bb5568af7f0950ed8e8255487177b335c046a3f940856ebf846b626c356b3e57bad2024bf859067e2c4402ffc352d6ea957b317df2a88816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
dc6782a0288e645ed6edd94226723bea

SHA1
40f908006e7d9063c27ed52cffc112a1de173656

SHA256
82f87c628708291af2025b9469755eb47b1905e9e35f1e933be01845b97ee5ee

SHA512
7593ed03348d6b16d051fe82452a6aec3f9adebd24f8473741281f9151a704f138e068f4f11c295431e654a189d4112a00c94f7b85fdf43bd902f725c9d8f587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6e1a142ff48ee8ff43e4bbd7447d1f0d

SHA1
308ae2e6ddd2ee145ce74ee3703910e1fdd8f0f4

SHA256
259ac42bf33bb125067d3e7494b86aa191a44465b905aca149762550765008f1

SHA512
fe87a336e7c215e68f40cca2ef967a1a04b6d3accd1a82fe4e10f30a61225b94f3982bfd20b107dfc86130b5a254efdf8a5960d7fd7d736382b4babe0800f0ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
b08d4c4c74efb4ccbbf39cc0ca9d7967

SHA1
c13ea9034190cbf419b75a10f1233259c83b9572

SHA256
c3c70955ccf5b5709af0fea2891e35e7b17913bece25ca07f52db9abfec2aaa5

SHA512
9b6ac1bf828d43bf0b327c8e328b5732c65b8b810f6d1c931530f9316e28530cf2d642cf847af3e7c2364cc8db1481c699a6e9d59827a74b87cdfcfcf942d09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
273ff10bbaeb2f6c3c83a6889473c932

SHA1
430e2c3533a94f7f952c2ee968f4e5a6d0ce7838

SHA256
d76bc40854f3b734658361bd4eed2359383fc39115a4220e8abe75f8def20b56

SHA512
b982670b1b9f97ed5734752e7c4fc09b702f56ce9b5c9a5c2b6301631379e61bf7d7f18e2e4ed2d1924c670ab2fff46e708c8ba6b1c62cf8884737279b11f929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
203bd471d2df0db4dc06246e005357de

SHA1
dafa72b3ca8ae798700f6a745fdf163aa37e87dd

SHA256
26c2d26e055346b3ab70cd0955979d30cb7f9d3d6c924e761e6b1a744ee87e7c

SHA512
9356d5954bffbd4561bbecea61c44dbc55884f781acd6c04f60252ac0aa8b54bfaab89928fb91d3dfe88b8e9743c7703602262278f5ab3bca3194bd8a3476fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a8ebec036d06df29528f5c7d41cd9bb4

SHA1
483ca3187c24048c195a47fd25891733b289ef1a

SHA256
7a306397021e9bbde6103a1d6a461653721e9331be05d38e5279197dc87db42e

SHA512
94311ef0886e329b6678a191cb14b473f8a94e8cce223495dcc041d5d45c1a7838487d5f2a69aa75671c9910d8a21fcd430f6491a48c025b6ec25b2600ec6d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e658b7e0dcf58fa8969223345b31cda8

SHA1
0f82c31dcb0724fa5321406e1be85c52203b22e9

SHA256
b95f693e7a28d85c692d0ce7e5bbdfa18ea03bb0c171168b58cb7cd472c6edf3

SHA512
9b46cd92a73393a679dd705f3847b012ff2d9d0e04932d59952c0db3ef99bfd99e9d8e8e1444a1bf70cd31dba308ebcd9e857c08c0a33f2cda0f0d58e9a78e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c637898c062bef37efa2c0f6b8be8a3e

SHA1
19b71d60f305f19b5d728fbf6a35dc6d50f68fec

SHA256
94abb9435611f4050245176efef98ee3c26ec716d995ac28679a87918d8963cc

SHA512
a38cca46108d1661f5414f7bdafa81cc2808c874c19005c7d295b34fdca7c4c4ce0d7e9e11d20bdc80e8243208984816b1ed7a3474ae4647500e7c186cf695c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
ec30bf672b2ae4a41c9f2c35a32d3af9

SHA1
2615fc1b212f8bce998e7c9e9d5f365721335bd5

SHA256
8c4f1f784db6437280e22b5037b1b17745734378846966908b6ce81643f209e4

SHA512
feae457bb7fd6c2289b9080565cac2bf3372b04cac97a1463663d5d55f33798ff9d3c1941451796af52f8e80c39a205d4a623cbeb5511ac210a9ad6cb2348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3c56bae1ce4e1077f40921e8dfff6f0b

SHA1
705d75dd1c12ff169ae6f7a7d7abb3896fa5dc2a

SHA256
e00439b56a8831fd0de8ba7e0d03c93c7cb5489a7a40aa18b5ca0cc69ea7fd36

SHA512
172cb05978ee5556cae1d4291ce3bf9761e0dfc5c8a2fce6548de99ebdc6020d58ae2ef902f56903cafeb8128470279df5fe61addcddf3030beee2d1766e9792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
624e674c08bf4ad99104ac84945c30e2

SHA1
dbfbe0c36949d0c45f94fb17470b6865ff825339

SHA256
e37201fc68c8fad635637a472e7268baf71272b2e02ad94aaf84452d21022c3e

SHA512
efdd56f53ffc7d122a998ae42e8e78088dbc3e76c298a55246b6803b4370bb7c53f89858096d3d504392bcab0866033d1dbc8d3eaaf6786c85bd7ff397ab3bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
6d4d87083628531d0685aa94faad6a2d

SHA1
77b8ba647b9f197bbdac1469843a151383b3ea88

SHA256
aeae754a0e36358ef100cef8d7c9f5c0e6501d4a107d51950b79f853cf82074d

SHA512
e79f469751ea45b7707f622186663da2fe040369dc65e7c6a0c4026b62e58565f49bc6ba83bae784097a28f53940c9902fca8876b72e70ff628b951672e2f579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e69161098dc2c9f3a050fd79a0e110fc

SHA1
ce60af5451dddc3ebac1d61895169ba148e5b064

SHA256
6cfa0e65014daaad928cb7766446eb96d540af9beb40ec9202ac06806e7c015d

SHA512
e3b4c1c480380a9ff766beae6f38c484329d8c5e27dd7b6664ec9325a4cd258adfc69f336c86107c100cc15109a4319a0a86386d66112f2e8cb3a6246d3a79e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
c5fe8a5ea65a7399a6c5700afe91cc13

SHA1
6daaafd66f8bc6534b002c7799086970529d0509

SHA256
baa0bfc4f60b7438c26353bd1230fa2098add0e42d6f9f8c72b913b7f2f96aca

SHA512
7013c1e0ef17579e0d4b2b3c9d3c4b3bee925dc443e6b5685221380b62e3a5599111cf3bc753f1e7b0307a6c0e68702d5633bec96c516c47b61be82f72bd0f49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eaf7efd4d66e8872226ab6e78dc46147

SHA1
60b2f40b9d46fbd443fcdea7a11a5d4dfaccc433

SHA256
cac9f89c33120cb2d4521464c3e7d0942c91da6602c12adc2c98bf2fac104a3b

SHA512
c651a484853c1b235bede024cb840f3fb282444584eaaba69741e7a28d7943363999621f3f04104763477f96009fca5961e186c185b555cd8912e98a5d8cbf9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c1425f65192ef2ff1299dda8212a00c

SHA1
32655684572032a9c8f2285fa7d6580b36f206af

SHA256
9887661bbc39c4f0ce8e1e2f616ac71233b2a1266ea41788af7f300cb8994574

SHA512
3466a204b1348f92aa3b5bd01769baa2122ad7aadf78c9d79c602c5c580d9b08cfb338d7200b40c3d9cd5eb375f4ad4d9148eeed7e732515a0d815500763a647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ecfd3a8e443de4f7c67d07e25f0be012

SHA1
5c5d9c36a24db8e72166650aa8e7b5192418c6e9

SHA256
6f3add24883bd3be92720b3f70e74468e980f52f2b0e0bde114005cca83bf0ea

SHA512
3e46f7dc039fcf01266cf631cf5d822b52059be7103ddb3426e1ef08c85c07753d946a46817105af48af30d07c1596590a069cbeeafdefa600adcb6068b7e20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6268be39b0104a083bbb6fd9000b23c

SHA1
2072ae1f0f6c2c081c7b603bc180c815da28f0c1

SHA256
11ad4c6c8e71559cf70e1076ac09b3b8eec692fcaa9bff448c7244da54314380

SHA512
3132e5886bf7e668d58aa0bf2531e28c80c0f71e2cde8eea66f464ad35c9827785e490399c2f443058d64746ddb700e1adabacd462e77b3611e51c46c2cc1965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4ddca49352451fe4a256196f53bcb3fa

SHA1
b56208340802803ac2deeb3f6f367d22c2ecec6c

SHA256
2ece7561c7f6600229626d9a762ff5ec75d5045232e49566706f8abb470e1b4a

SHA512
f58cb88d09c3831bf1ccf115b306139e0034fbe56488d77dab03e276b63fb73a043e8f8d0541e621a9811c40a5993ffe1819953da7d4a8c308c7924eac7c3aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd0d2944a431d37ff446d6e53dce804a

SHA1
3cafb75730eeb99bd826ad70537faabdeb44fa62

SHA256
7f5301506c8dc5ec8a23b0397d47b79de6ca43e5663d1ba97016ae3426bb3826

SHA512
c1600ff11a7d6641a5b080413c14a65be17eac62436c5e9a57065211c0a45cf796fbebf5e0d0df015a9aafcc92978f7d3755840cc62e6281c633a87dea365525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a8c84fafc2560f2255a87ef8647da40

SHA1
114b0427844549d6569b2db6c0b38fe4d0e13bf9

SHA256
f43386c5cc272e05e8053b4acb21a1125646d3012ee750aaf2c5f5e0cedb3a20

SHA512
e6e43f7fa4b26a076ef8627a6dca7233b5231fdf761ab225a40390b289cacc536f62c587d53a5d05d9f0b9f32ec4144cbfe2a965bf36a1e7e5d4e967d5fcced7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc6b125666fafef53e8f66f54f325ea1

SHA1
57b3ca0cbd700696c755406cefb010bdc272e0d3

SHA256
d59fb0bc9bfb05079e22858712171897747f57664a7a4106ef9d47fe9a497953

SHA512
7577f249a9443054a48b591cad4a54f3a3f3d64d7a524c17d46e6d2c9440d1562a9375e5e006f4d161728b57cf48a87fadbd1ab089300bdba51fea74520d6b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fc911355fa70a230a7486548d01fa96

SHA1
619726142a0fba8749ed9b49bde07b86fa29c6f6

SHA256
b2999b703a320124b57b7101b82b2b575caec771be820315f68e24b09d24ae2b

SHA512
952156b071b9f82808c05434bec4747b452e17c26020c98ab5baca8da7a426b5a98760b9a4e2b88c0269edb939a1b39a86ab133792ec4d0d762567019cd6518d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3316a79874ea9e83407e2fe3d34734b

SHA1
adce869888f6caead6ce4e72f8b109b68a184a07

SHA256
11c3c968715c63a353931d45ef287e2e89466141ddbe89d2b41b1df4ff138832

SHA512
7602400fbd4b3416184623a313322cd986af61a31ed76eceb239acaaa9b7a7fc955f79919b4eb6d519417326d7809ba1e286e07bdde15241bccd07c65d6b0829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6175a57787131245f02d3682e7fa5433

SHA1
e328f79ac6c805e3b3bf2d876544d6242ea406b2

SHA256
31c96b34cb02fcea5c3b80c6e43b9cb79ab1fe43cabcb8c08bf168f9fea40a53

SHA512
2b3b35fb248e8491ee6a1770d1d685ad28a6a1481257d721520230ae667603f89d31a40a5dbfc4b975424ae717e1ad04bfbd6135f774e2e8115f4bb1bbaf0968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dfe9cf4026ed691b91ee7005ead094f3

SHA1
11cbef247be112cb9d7d20960e42007b1dc397a7

SHA256
e541d6f73776ba1371b114291faa1be78514410d57fb57170e6f70f7aab643eb

SHA512
d857c6a8bf752d6b310d9bd24bc13c9958b060c6de1258ae58fe7102e153416bd58346479bece0f6f1c38813317be930f8a14212306262035965845bd7ad5b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a5d39e05d0a24766d505bf7e9cc79b6

SHA1
2e2f410a966c001fa1f4958d72e3fa579e529c86

SHA256
de925513dea2012fbdee2f0dfb7188ea743621b2fabbdd22456179f6e7595268

SHA512
cd90c6c319910e6dbd9ac058a09d3330a2a522011b938f031f4fcf1cb248fac32f28f9b5b60e7044391ae99a3e777b11d446a4441517347adae6014b6fc3f2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd991c049406a1d5c6c403227be158d8

SHA1
f2c9b9ef38e7ca41d4d70081cb24e9ea6d5f7044

SHA256
de94eae8b99baee570fc67d717b45fe01283c4e0f81e0c61e53852c1e21d5fdc

SHA512
dfbbfe40abb4235a801cc9398489e3761a423e6259871ced8656592a854e65d6dcbb6d024e9886e56f6a4d3a1804364256182cbf8552598f83df11c2edf2e879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
102650c6f3f3e19223f54a7d6d643f6a

SHA1
698fa400a27f5885a8851ad7512c70c57c065236

SHA256
599a1cb7f5439b9c4f51863b7f5ba2916d3af218bf05e57bcb411a399d5fd154

SHA512
36dc8f08f0f23bc21b7eb838c49df8752b09c28bb8beec8f032df5b507e873d48075dcfcd5ce9493b51e69e56fe0d129152edd78f63b26bbae5a79908cd76538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47fbedb6218b28ddad513a10ee65d1df

SHA1
b1021ca20698873a6f34c4791569698bf9c3144c

SHA256
9bf4b41186726507c2d4cda5f84621cfcc010263a3c87b2c46deb7ef6610e912

SHA512
538ad8c7fddc7029cc306f157382337419de56c47fbc9072673f71da08f818d0f4ea53a23fbeb0cd62f7534d31795cec4c808756558bf9505b53f65bf16b1856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5987b81f7ab6ceb8e5172b4a6d789110

SHA1
6f7d2335f80a85d123679fb0d9e7906ea12e9230

SHA256
9d5b048b63a609d7fdefb14d2dc3be552b877938420ab3057f2e533de737f48a

SHA512
c73baf5c6d2c81e71f07252d4e1565d0e7be310f1cd0bd25bf05ef9e11291e3cc40c95d320375db7057d90a847bf1df11847c57d81d240f2a82a79f76d8c46e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae169b6535bc9568da16da6057d7e46f

SHA1
8fdfb39fd50e034bb485a50f65a4b676079df2f3

SHA256
1132f72b63ac7d8f272cf17b75da0fda334165fa0534ae45f8cb0c034de5d1fb

SHA512
95aa7511f749c6d191bfb94bfc61e47ea1b9ca70577fbe0a65e9af2524523075754313e75b1283bd079108b27330086c1eb5aae7b678998b6c25e8e0c4d5727a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d66eceed519e175997d916831dbf950

SHA1
321010d5979b04682a36a555382d49048d2d9036

SHA256
f56ac4eb90cbe7ff3553827780d1a4cea23f3056b4873802c40a8592694d4185

SHA512
f568c1a741dfa4c407b198df1b17eb0b5f0dc66ed5356357f5446b0a926ecb7a50f3161da8fdc7b745708f0628708ccd7c9b081674bb32421d3b0aee8ebb78ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3277f49238d44ba902d6bad2d1f60473

SHA1
25ca5de28e992086e7f17267c68c0a10c8e14da1

SHA256
25c0d0be463682ee21f3863a3b663b898d8fa2deb35da344045fee88e75993a2

SHA512
d2b31e32316c21a127f0848204fc722298baa9bc3de662f780703114f2b8ad0b012ecd276224bca52c32aa529c62ae7a7875fdeef2d9f3de291aa544ba853223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a6af7590b14062ee0e197fea3e3bdff

SHA1
174d794c01bef8546df6b5ad9a6cce40eddaa794

SHA256
eb06e44aac4c9e417138b9bfad2b2bfd4155235924a7738a6933eab740b0eb06

SHA512
4a99589cbb139fcb527a8f8529a4a8c0481b7e49c280ea6f34472089412ca46784637b8eabc9677915e2153d1a60117108345af71f5475ac5614dab058313965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22148a1c48b350c1fbdaf8933e3798ad

SHA1
b5cf04574e51ad66e8d471577ece0f2f67154c3b

SHA256
789e45df6463052266c99d14718b560ad3fcf6b967abdfe69929c8b33ea57169

SHA512
9fe76296d9e50e3fa612233f730bbb514226d9e9190f20116f8d13972a67c49ba64968a19702ab00fa307bbf2cacda51320edfb0a8f1aca5a62c6b2d7b731754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea682f33dfc352b28b0ab31f81db5c9e

SHA1
364e1d7030c67dfc41889df20661a06d9c072976

SHA256
696a0379b11875197b9e325b023b9321eecc6b3faa31bbb6e074da0b43b881e4

SHA512
46e6e1dae008d11ba546adc774f62cff14235561c0d72071a9015ae88dcbaad5659267e41184ba23a09e414542a6523e5df6a5d03613337664067e60c7dd4774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d40da3e131bc5e48a4601d99b9ccbe9

SHA1
30d36c9f09facde4a3e778646174e131b69660c7

SHA256
7410849f30b38a7ac3f37f909c12b48a8a81f7b1a1e5a93107029fc4557152bc

SHA512
b3f6d294930c23326f8017bc054d20d6ad6a0d3b8afbb599ebde3607087742696e64851538f04792c5cac98fd8716f047952dbbd70995aa13d7752e8ad005bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45bd97650e30c57db768a0003c451524

SHA1
d5c5ac4921f2b69622add8594c1933249f1aee76

SHA256
69737451d5e1b7a2d44c16b51f6b93443fbc3731ec87c8b0997e5fceb7383155

SHA512
00a87c93b62cb4380ae69b2145148a2f31d82b10f287979ece96d35697953271141b310b81459c96379e6ca9d3ef4ef76509d7c00ef9a66a73b4224e91b76296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29341cb2c9a97403482bfda144e73568

SHA1
4443ed4573422475647dac416b877de53d9983d4

SHA256
4a569cb6b9f883b1365274589743cb0b741628aa89eff4d0885a8c42b591c646

SHA512
af258baef613220cd759011f4f4d560cc4777762da4e4feb7b99e6596259d1d9f8816b2be68a1c33fb52a59804cd0bf714e9534c82ac4516254165155798c6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4603fb11ee67e24d958b56e9da32db04

SHA1
c481fafba134039fd1d495be247a26ec6c93f309

SHA256
0d33d6fd3d39ba1278c500da3417eab6906c9263d2a4614d4ae6453faf4697ec

SHA512
cc34104ee2dff0c0169a5d8cd6320441bc0c56485a6ef31dd175c57037bf85cec6b9129a89d4454742d92b97e2e24f64624e3e9ab34f46a59020255b71becbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ae00a212948b45b2419fc6b33cfe969

SHA1
cae6eec31c53948bec0ca7c9873b343a26cf392a

SHA256
6ca3fd9324811eccb1ea76738a77a60b1e86f51960580ee2c4e3f0fc45f5c37a

SHA512
cb716be3bd0500e93c880aee95ebbcc83046efd0b73168450d7bdc530984077ea9b2d69df7ea9c38c73502885532c974176f5b4f36d6420b3b53517a0d1786a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
977756f744630066366c42b8e164135b

SHA1
d630adce4576829efbd3ca693cde8f199aa7cf9b

SHA256
525ba945ea3eaecb491c3aec7c2775a42dbc367b8e65196f85eac7a54674f751

SHA512
937ac70cfc8dcfff965e39235dfaca9172843dd0bb8bdff56030dec6703d0b0995713938f0ca19bebb4cedf1c1da2af2964464a9823b3208f4bfb6a086f717f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b04143ce73f45bc655d97274262a5a0a

SHA1
b9ceb75558e5c755e400f35df4960d0c91b43852

SHA256
d67c47fab77e1cc61e76b6b15b0a059f52b3fd901e887d84b351ee07f0e7a88a

SHA512
4c45ec92f771018d1645d01d372cbfbc9860c39b086cbc98044aa3b8adb245858af492b0fd1a3594a0cbdb112204c329255c121d690bf9b0b02787e55dc27b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b6a800c35ddf7f92571dff40a1d9ddb

SHA1
127a16fd6c6dcd67d2a74518063c3d31ec100ac3

SHA256
9705b04fbfb1937de274819c339634fa15dad5424377b71bee1c0c622c613b73

SHA512
0bd8990a9d0983df1384ca9e89cb50f24a8ffcb9188a1c9f649bc48136e999ca969cde7d6a404f84b8f9a8c8e878e5c6c26a68ed41a43f8d038d325567e90a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8c0196a901319ec20f6f2b6d082996c

SHA1
c000974e97ed64f4f1f3f26524469073b2daec1e

SHA256
66a07b9e6b7428621bf84905716ee0917f400ea01eeab77b5b10e235ccfd9a5d

SHA512
571a70d803dd21b2a76448e8c7a91cd81a974e0a2a40d229302c306c2713017e6e51deb4acb81bc9702b6ae9bf9d1ed50cb95733288bc0978f0a2d4f0e4444a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c88d59c0046b92be917e0fc9baf4bac

SHA1
77d4d45f78e9f3f8101a471d3b9f2319ab3a0769

SHA256
fbdbcbb2090a260b768b6dd228ad9ee0fe0b97c7ce10b80ede567f3a121fa195

SHA512
5e55d4580fd11c2ea363ec06a2aade4a21d239bb84d8a9f93a204429b0229834ec48c87287087d5df6665acda87666a45f37a80c6d1f6b550de2a23162d17dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1237dac699901855bd0eb519aab526c8

SHA1
561eb0038b786ee3f322d081589354787fc3bffe

SHA256
1ec4680ad4bca54532a5629642aa8266354c1a2fe78a2d8f14379aea14174b5e

SHA512
335197851623890cf906cd6419b34e6fbe3516a7c22c9e8e0bef1edc6c356df297fea13cffcc5bedf7e9c0c2740a262bb1c6218813b6ec898f72ebae89ccf953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5627aa61c9322a253838d35140113b6e

SHA1
1ce383194ef9ba1b5c80042534cbcc579b53b646

SHA256
978c106f3517ee073cd3da022e7227346b3bbfaa6f23a01a3edeb12b12726711

SHA512
3727557c9c87a3d1c2d61e7bab943a93d2abd29ca18f5360998cd602d22ed49cfa59806406acc58277bae5ea03fc021a6e1d011175d0dc72730997930abb23c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
134a1e5dd4aefc58489b6188f5c74580

SHA1
2ad96ad62e06aab17e25d44e160cf801e449b8f7

SHA256
88ea592b6b1089496e11c6c79a630a5eb9e9ab91c578b5ec5915061063605dde

SHA512
e240b7543a50b8c000ba6bd9076d853a9000384392ef8bb6504135371d0da7ee29f8b08866bf9ddcf224ef5bb9ed9157d46dffa7450e690c5766ca124148932e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9551483bb22c28f3d35b3b489dfb8492

SHA1
88ecc9fdbc8445e94ea894c675c89030c268e4b8

SHA256
7bbb96c0521f36cacd961f35f196baced86f710acc4bc9f223fee13a5a81915c

SHA512
5dff32019d62f32ad55a6a316a734adb18427d5c9798a38ee50570a8499b10e414a42f189917e9a723fb15110233e776f0c9039b04514d4e98851cadb7464d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a2fc81dd7d6c417b357e5ddd6e564cf

SHA1
a1ebc93fd5734d40b637ae1c13010d0bf6c79952

SHA256
17cb9b9700f70880f45d456fa7b09b0cfeb302bbd2350360fca691f19b51798c

SHA512
22c037f2c684916d218cd8bc0dd47a42823cfa2b48d9ca371cda1eb4042b638897ce18737ef0d77d313b8a83c56ac4b7a728929ad2fe52d1a3608aafc564f074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51ed0cf7ee46d0ee2865f33f148e5fed

SHA1
8b6202b8afb58006ea2786a38a0c4819a07a7c14

SHA256
a5857e35514d009856d93cee8544e2d34655e246c2d17469688e526d99ae21b3

SHA512
560723ab5db73198940d52776f65dd7c6ba516934c6adcd8bfaa948cff469e7c4e7aa61352d13aa1e13d2bb84930e140e85446cad5809746f9f6ae47d685e3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5523d14cdae13cdb38a8cca8bbdfc751

SHA1
eb6d959bac443fe7cc11f5c075820a8c27688b3f

SHA256
8686129ccb9edd2fa447e2e018d6b113f44437b4ae1a7851efa40c761c5f37d1

SHA512
fbae73471a3cd8fd89960454f4c33197b7a33c7e001b8fe26028318ae02fda1b4c4cd08d0db661009785bf9f4d250baccbeb9a2a7439d817e1245722902869d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91aa9815ca2eb96103fe1a01116c65e5

SHA1
1d09097240d2b0bd1dfcfb3865c2ef0cd025c6c9

SHA256
bdcbb7cbc85a14acae9d002f90c5f406e06fbe5f89bd7d6075cc6c4e5c7b06a5

SHA512
945bc40f024fd7b9e5852f056b24b922c44fee9dcc7bc6d0fa9c818fac00b1f18281ea67eb4804015ca93e760b270396d0e892ebfe0d2df1c6c77ece24d2e0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66396479d5fae720b4beee90ecf9a6c1

SHA1
9c400bb87dc62ce3ec0c1e0e8de5853fc430189e

SHA256
baa36bccc43b15beadbc56a811570eec29613a2d056165d6687397a20aa40527

SHA512
815ac4407cf151c1c4680c1159c66c36fd053bb8fea46fc227093830b657b3dccb7eccf3c66844cbd3d2da94c1350d06eb0b316d6051abf313639ea08afbc8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
982a5388e169deae641664f977da7470

SHA1
43420f0a20e0c5947a3139d489eab4d1c6f034e7

SHA256
31b2f7bf80fdcdd75b3853b220ab7603c5997227db7ffa6aff5dfeff3c21fe2a

SHA512
73ef381d7f914a2e120afb62e7f06f0d6c97831cd5bf73d210f0497c4ab31393b95700e4387522c66df1db2363d78aafa21d16619d7187e42be64dccd58267a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8657cb412337369cc313011a168337cf

SHA1
fd86a264a1f18652bc436eb6a4ccbb9546270b6d

SHA256
3482dcd7baf0071bb32cca3c4d9e256b10524a4c4d8438aa1bcef16e7388a387

SHA512
d79e2e2eeda49e949ce47a969420b657f172054250a5d847850ee3e9ff230fa00ff9b618942dd4d4b0405a5cfcc5c526f482eaaf2d1527b5e1881ea9a351a434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f171d0264e523b9d3c4ca9188be8cc51

SHA1
f72769b335a75e7bd6b526a1e06420b2d4620e5b

SHA256
cb474fe895fb79c4bb59d9ec3f3f413175809c79cb12b58ddb42cc87ebb47c4c

SHA512
0ecd10d7e8b96c2a559d132fd631adc77c1dee6a44a449ede2848d74c4a8126e785d1259beab33f8613034b7d830db1e0ad0bcf5d259143d6bc6643c6a2b89d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94a0708222cc63a03fbf52c7cba4cfbb

SHA1
aca1960412d7fe0e77c5da5ce1618f9ba75a231e

SHA256
663b5433148030c8b02ec3dc7bc461dd0cb934ac30534152290d3b537a3ae647

SHA512
9b301fdc415cb3418d137b56a738cc10e5957724a17ce63fff2098a5f75c21c2c8ebc9bdc8d6b33ee320f34e70a45885b5d798ca561f262fb925c79d416eda80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f594d83ea9a92d2db084f7df3f8a1b48

SHA1
7cd45d05dfb37363832273e105762f9244b4594d

SHA256
e5db1dbdef7f87721557a8a4bd31d322c0e48f181ea258b44ca32827756d149e

SHA512
a732453ddd9ed9bfe8763c051e076e906c4b1885571e28e37779afeed59462b9102be842061d2172a92134f07c5d07d2818988c79f2f983b596babdc1fe277ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
22e748a6543153c965363fe7ae715451

SHA1
26cd5620a24beb8c3f8ce364be680f37bbe5996c

SHA256
b6ea360ddac66f7890b6bf763ac8e6b46d5d46e5bcb2aba02b121738a89bfc2d

SHA512
4c235dd1f2c838e6cde2001a016a8194ad7f4fc7163e610816d2df2236a7819f222307d9e291f73761f60f24e7e45bf46d736b84bf2fe03b10f6a4f66d9a048b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
3acf6dd1ccab542f4f847a36d7b64e19

SHA1
be8cd92ac03527f131d8665e7957ec7ce5bf65fd

SHA256
5e0856a307cc70c1182144786ec6566b25b2937591f18effe77d538e452d0ff9

SHA512
c85a7d54a2148afb570cc804611821bc5041e802355a451880c7e8fd685ae951f4b64cea52db7711b34e957f31fec8e4a99ca9210857d24788a6f1fbed043b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
d2a3675bb74c498904d70877c2af279c

SHA1
91c81d0d2e63ba24043f49cf4a5fcb567af36779

SHA256
01bc2fd5e3c83577d42884f428a9ad569797dfb92cb16f65ca9de0a75aa49b7a

SHA512
cfcf1c5887287f9245b1c35e3664e4e790d0442453e7f54575d90fbb4265d0ed19aba783dc30fa4868a06e4a09722c87341d5fa411066ec841550bb33dfd2576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2760df883b375b65e94c044a62528364

SHA1
19a47e980a8f9ce2500eb7950c2bac243080836d

SHA256
f92297744f6acf0f2aec93ef8f87ab886ece2d9358d6284c67e5618fe50ebf28

SHA512
1914b62d330d418d38c97e01601f23bc11aec8b1643921bd62ec02dcee4bd51624bf5ee2d27745ac4271d86fcd63f19c7ac904a4ffaf1b8cd6d38682054792f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
6d58cbee28213deef0b4fc5ec0632f7b

SHA1
02b83e023c626712bef7aa554491cd538b5bb346

SHA256
eb494d9955d0cb30331d721571eef8693768c6b5d2348846b72da36f31554831

SHA512
612d487cc44c7fe7b3d1ac760d4867ea66bc2016f51a50634ca98e17c4a6c24e6d355bc5702d4a0f513ac1fb17c7e6367f799b9166a0939e6809bb91a80dfaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
deab6ce5d0437e0789b17569bf35a6ba

SHA1
63eb85fded62a839c2394947357ede84772daf18

SHA256
8b9ba7dc8b3e6392a96048c42cdfef7d14c6b67babc804a57b68b0c889ea4889

SHA512
1624dbdd15c556fee8fb3d0eac1c1aa980f7539c5be8fad82cc1ba3608fa92c0dd152f596880c7583734bfbd3805a3bf849b83c787b773a58ede90ef2a0605f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
9d8765f3db69bfe17ead0915e5111de9

SHA1
6fec725e53bc2b4b261f70acc3d85a871983a0f4

SHA256
e17318ed054ec0c5467349c60f3a95447ba861645184c83eca67b7d520d1e117

SHA512
35c0475500f3dda6a006c7b05ca23fb69d2dd5bba8f480c0bc2757222a6100053326ad4d569ef270f371bdb4093adbac422315b80c5aba7a15920c8dffd2294e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
21KB

MD5
16183753a1d3c17bfd5f21ca37381bec

SHA1
d2e15d0d122fd5b623f27103a1de3c7da0996fd0

SHA256
c87b3675fa3f0df5906243b7eeb3adbda21384a19e31655aeddee00c6d980248

SHA512
278e5d9b0e11c82c2a594b2624ddb4fb99fc8e81d41227909357c8e0d74ca85a0d1eb5fea60b53ede61e96ecf8538573e2a2bd3707443a5184e4754dbadf352a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
65KB

MD5
87fb332396d63888008f22ae1d1d3615

SHA1
2197dfe9f899c6aac275b7244de81bb8c4019648

SHA256
76a07a3f525c204cb997324f098fcb0d00b506762b8315e5031f212df4de26ae

SHA512
6c4097dcb31dfff05c664d0f936c32b9a2764756f9e504937e6af81e77ac648991a4e62ac50f8dd1ff0fc1320e3049aeedadd753e2673c1220e8d7f4117fc9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
107KB

MD5
e24423603aaa81cc9b8acf627309915a

SHA1
3f8b78e4ca133beef88e55d9f10d28290a355c5b

SHA256
bb5df09256035b43cf3fa4b519509a954e5fbc70e08533092dc44ea39cfa946d

SHA512
96aab5d22c05fe437b3daab7b03145a0a02dda08bdea3273f68f1ef99246a485ba4194f8da116a3609e73d9664789725242c23d86294b362bab5980b02512d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
96KB

MD5
7fd02f660a21c7d4d4f6dd3bf1c0915c

SHA1
b9a139579d027eb2fc5c8e56e0fa000ca49f5f9d

SHA256
ae4fcbd555bd417483311af85ed24bddb5da95b1fe62db389249fc1397fd0062

SHA512
591b8534e2a6959cbbecf1eb681e10ad2fb124f9da14917473819d5064169ac037f50fe7796526575e00cf396947cfc98bd44f115b52f61223cc3a7f378742fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
04b2ee12c6007f9e61c1da5a21755a7a

SHA1
99f691ce699ef59bf9ea9105a42a380b014dbad5

SHA256
111c0ff26c898bc87b84853a3646438ba79599a1b7a9eeaf397bb7d9304f5a40

SHA512
998dd1cbaf70bdf4600e840286cefde86efc87e7b25eb81ae777b023037b5770d45100bcb63d793d31e8e9d76c112af694bb3f2aa18b908b5e8c389ef08b82db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
990e05d817a381ec109cf2501f1fb8bb

SHA1
f96390bc2d3388f2bc9d5f7ffd64600d01d11086

SHA256
4cf75b12192f670660f4396977f5e6ad5fbe2a055424f0e5240e8bc91761cca5

SHA512
3780c4bb2dabfaff24d4c440a2696bed75a8afcce603d29c00bac7ae8b176f9e7a031ad44f0f54cfeb0b607585d29b4502868064f39c97cf294ba93f364d69cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
84c3340288f8b65b470d6a92d70cbc72

SHA1
9f349ef0b09b9b04f3527fadaa9bb199a6d7fb1e

SHA256
313c888a973e840dbeef68841200cce285c96d90d16df1d22bb52aea190dec4d

SHA512
270b1095a2497f7f521752018f62234d768b594aa395b7cc13008cfde92b1c91ef952d4f34ea2707051a010251220751261be22636758ac7a783d3ff1a01b2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0878b0e837b9a993c5d6b8a5991054e

SHA1
4b789be312dee7e9e58b29fb10b1a11e896ec58f

SHA256
194932598ba2a54b6ed8a8fea27f16f9f8b3c03272f900ab803a2ebf2c8c4a4f

SHA512
b08ee2c947621d0cfda91ae3b54f9c4ef512b0e5de18d9940c28fd9584307492bc66252f8acaaf7cb52b1b0502af3d09696d6e1a2e39c591f62804c98b7dac8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f72bdf04ec6c333d2ff009ba93058619

SHA1
bbc891c4c70eb694c3b6ddb7996ff5ea4693087a

SHA256
9f0f2d09f956de98d19b77a0e64e99f41effc8772b2e8b099993049ba5bb4c72

SHA512
fe34ebf94d3b1aeeae30ac7749554b4af388b9b0bd78602df187355285b2950b1f8fda688084df144715da6100947acfdc1c54d20a94593ef6c9f4dc100815e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
abfd031546936182ad2a668c24f4a2b7

SHA1
219bd3c72bd0f8e25c92a67275123cba12a7d129

SHA256
b68f8d35fc26a968df764ade1c81da658244910e31a2412681fe389cb803a42e

SHA512
10592656790612b4ef900d23831d3a1df0c91855b09596c6e0bb018f23e5ddbdd4d0234b8c2b2c0fca018e5882b9be48a6ba6efb9d9482220ff72cbaf284b978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7c91c27ca9fb21d834370d5b0b701d30

SHA1
5209ea0e1b4aea7aebfa13cc4204cb6b8fc51a98

SHA256
acd59e0c7bde1d8ab5e6fc856287a1665e4e070ebc74897cfc3e6fbac4322071

SHA512
eaadee390f4edb1f5a4c470e9a50c694b50ac203e6992400e131e966140e2169f4c507df71bde7cab726decba8e719eab1f33b086443ed5612e95d3228f34520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8043d8036e88942f66a6a73d4bb6841

SHA1
9dfa199e248d6a0dad4b1a835773dc024dee3eb5

SHA256
68fff5168abbf7451beaa3219f4416ad0a50696138f1ac9a55744881b62a2b76

SHA512
1546fa04576ed57ed7c9332f163efcdebe5056efb461641da6b750137e0eef4d5c527396355ecd120c9ec750cd62d835fea05290fc8c817eae99a30c6c115528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69d7f3731ed5c0fcb4644f954024fb6c

SHA1
00cd282642cca6543ef529ce3118c997d08e50c7

SHA256
23b4d596b63355cf9dd95c2fddde84b144b4b14dec2785590679562fcd8efef4

SHA512
6fdf8b3a917baf5a3211b05a88a815d84ea8e2ba6abab4ca27a3217002d40e40b0a11cea98faf1fa573548ae7d6c80f9e9306e23094c9d07f9060bd2be2492da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f23e9b91892534d5ed04e8d837f3538a

SHA1
4b17dfa5a6ab2e13569b798d78bbf335cf75c1aa

SHA256
01fac510755a34f95bc012546020e787718db6482c30242ab5515e8104912208

SHA512
ea82b133769f7db73fdc58d2bde98c916609d0c68f305f2b185aca8979006666ed307218c46a66dd70e71ff967e6b348cefa2b6daab39ad8245363087fa93638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea570709b19a617958c1017e2906dcbf

SHA1
d0c48f95374badb5c5e5b59dfcc1f4c4307b1ea1

SHA256
390eb2a13606e5272f3f58c571a1b7b7f5db35fce27d539787e6987493d6762f

SHA512
d4c5b939f755431693291140632d154cc8d03f0aacfa2cb92d23feb45a02a4c5fcc64194fd1d15ffe9f2aa02e3e5b8c3dfcb70accd5d43880504131eabc033a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
618e9e5e29433c50b346a60f7fbe36cd

SHA1
1e86e1e2fcfea2f4fa60786f887b62cc862d69ce

SHA256
fcc10c3e422bda008da37aeab659a6cdf08fd4c539d849c3acdebcfca61b6f23

SHA512
8c9b7b11b4fe3e41e9286b712272be1bf490cac49895d403a8b4b48f6d30777ced68f67751a860a3f29d28b34310972ceb62d5e81ddf745b08023f849f156a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e4b7b2647554fa66b629ce83e98e939

SHA1
c0a8428ea7a52fea16776994b023dc69b58d82aa

SHA256
b82e29db07ee215d6e6abbac4750accf8ad7fe3ce89392cc3ef8f4708e4e79e5

SHA512
e64ca8025a81169011e55993a76319e3830707bcf72013ae5f22b1601ff0b02f3b5b9296c9799827ef74e5a45b439655861a38bac7003230f451aa7cf3a7a202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9682e2f75632b2258cd4df6f88a7d9d7

SHA1
eb9f7fd9c452d40ca1503e04b2c23b50358dc4f8

SHA256
3767d455b93b37716c86ad960baf7d11b4fd1ec610b811300e9f8d9d7dfc726c

SHA512
dd95dc1a78e805d7c20aaf3e09da53f93d98c88d581b8850f1a69a989793c7cf9f060b49702d059cf94862ca775f13b190d7ff47f017a0497274acdaf2c898c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e3e7219d27768450652bab723a03a3e

SHA1
3b3a8273df49e954df385c500f64031b02c1b22a

SHA256
a3a219ee4d9990bfce0091172f62f98009d4a776a98b9205dee58671739dfed5

SHA512
437f63084cd19ad17b1a9027ebf0c5d3629536faedff39c9d44a7f2dc7d31639c3bbab538b259b1faef09944a3050255d75a06d624598c303c0deb766e392b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
244ed3b6bc3a8737d10db6a77c9c9b11

SHA1
658fa5729bde132101ae503178c98f15e56132f8

SHA256
23a86878eeab22fd646f7895c8c302d4818922d1dbd914bad6659d285807caf9

SHA512
7966582ad955ed4b0483caf1f7aa09091a41a85195682973787608c8243cfb2386bdf26d21cbaf9faf3dc3588e3a572a24ce034fc49cfdff4f83201578a2b878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06a6cd6fd41ea8dbd6ca6af3e0b5f91a

SHA1
421a8531e1facd3ae031fcf9316c494e04af22c7

SHA256
7b115f6e153d3145fe70baefed58219e6ff1893fd01f231e4eace9458bbcc2cd

SHA512
fe41e4fb68cf5dc000ceb9beee5206feec5c746ff22406c64e0f121dd0cc4d1e0f26fda6add815085f679def4bdd01af7da68dff0a2526adacc772ff001a1568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f335154e4bc5199868b8c8c27e2b0376

SHA1
a957d4d6f6d8446a81d16e53da691058680cb435

SHA256
84e87326d7c8b27fbed3bc6b60d681325c30bcc9afcd36b14439ac2d148a630c

SHA512
c5137519791d84fe3d38756584d49e2da91b37bcf2513aecc09b69cc67b27e29eac112964644217dc758cfc1b11fba3672645b7f743cba9f22c30f04cdb55341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b557d5ad5e8c870ddbf4ba0aefeeb9ab

SHA1
50cfeff108b4190bea3ba22d189843756da030e0

SHA256
141a43e5125a7fdfdb07e320af4e9ba0bd7566f39e2e1722072cf38ba2052ce4

SHA512
609149c09aa7e0a59ac6ecdcc008052e972c15bd0771228e3d52c052d6ca8b0078aa36348a67be006b123286ec7bf36e92b009f6b8ea0d9251b93fa467935645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35f12e87cc0b5cd2901705431e040a79

SHA1
56e08389cacfedb92541e11b77ab702efbf53afe

SHA256
406aef5933d5c3515e8cbab447906240cd476d427137928572e46e3c8c82715e

SHA512
06373952c49ede19850a6b5c62774e22dc0d9f1de5edc047f05d604299a17a98028f2c80f5a01b50531e0a6b2011626841dcd98ed84a82906dd9b594cfff2a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
faf364f379b1cc15f1b4b3e0358690cb

SHA1
3f4fa980321b8f8c48e5ca52081d9ab78eb67470

SHA256
e814f9a1b239ebc81e4d47ccd4a7b339bef0679558c031a65c87671e333a7316

SHA512
3f5cb2c5919b28f627478454ea4ed92ac4227f86d73c588220514e3c648d9aff083ccb60dd1ef858f67347dc7e5e7fab8ea25862e0ef4f36c7d72601bb0e134b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58c83e0b9363b218d68e3eaa30c9e8d0

SHA1
83667def4e994d305a9d5234949e1634bee4a54f

SHA256
2dea3cc6e320e1e82f330b9f512fe4cfcdcc26787560b46c1ff519db7fe0cccc

SHA512
8c43025d01234226cac6e5bacf68e64b7256ba69a84dd930f37bf4e75dbb0c9d109a27ae1552322482a6ac20d193244e55f5094c483e2f63ae65dc98078f49cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc532205090ede7939b0e40dc3b03799

SHA1
0ec9b302824c2d10fff5b2b82ce01f1c961fb6b6

SHA256
fbca59f3ead49f821caa7538951bcde32de4a3ff20d7c85462c6b8221412a199

SHA512
74b79d16f4d14f55cda5d3bf9e42c5ae9a46078d21d34414568844497dc36ea41456accc54fc5b08c8d1b907a79d8e65100a23c49198ee4ff670cc83c25dafed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a42db57c3e4dcae4ee6f935fba597c56

SHA1
60316a306d28b023ff7b5483fbd46b2bccc40d5b

SHA256
63f3195dc6e86663b3c017ec7fa6425a6ae8a426be5cd50ece43e9206efd4a6c

SHA512
b2fe3829fa18c3b1756cdce0c7e83aa22a5ce14f97b99e05980b0746fa4b50135916e5a9da81127bf970459964625862447793303cc861a893bfb5e03e1db796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0c7ecf9b0b046d07d66f4d0c913816c

SHA1
1d6ef61330f2a94a7f8592ddceaf3c49a8200426

SHA256
35c28d7b77fec82743624f78cee29dce4aa4abfb57d0da7f2ea96905867959ad

SHA512
10f0cebc200baad5d7b83187a625f51563b2ad03d15b7ccbf97b56ffea88ce220056b99dd53209435f0df354f1a0ccb7264bd4a42fba067052d40b9580dab7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc188227434117da46432846f54376b7

SHA1
8479323351a5eea65af82870676c421781ba2c0f

SHA256
d38a6cc2440ca1286ff2a0bc8c3a41fd80f3a2336cca4469c4b444a972ada594

SHA512
bd67e19ec301337ffcd4494a1622179c36de9bdad8a5fdb72d4046baa1910b7bf210c137346984cb86199003d7d749f955378956e779d369fdda91d476ba3447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b47d48355e55bc662b67f8aeb30c606

SHA1
08effea6f6d66a161fe0b37c30a86daa8125ccbf

SHA256
8709873bcfe4e023863b491c2fd677f9725798733779b9f17a09567651d438a1

SHA512
cebda4ff59890de0b34f0cbef5eb507b310a47bd2ca7560f4cd62cbc3f72ca35b3475689338f77c60fd1bf859f03c7cfd853f6c695bcd74729c7d18ff928329b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a0e087eda5ca98975b56897bb2fbaa8

SHA1
e8133f34791f1b872cc18304df5878b856136aaf

SHA256
c80d6995139a7cc8aef3c2b99b574fb616053cc564f74dcb40f631517f57d446

SHA512
2f5fb60d931fd67df523df1cb97028a32813ca9c3df8f1bdb1ffee0c8559e4b01b80ead69ea2a51a751ca6db4b675cd162124097d82b6e55e8021031116177fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c0c906fa7bb81bee69631012f0c4e40

SHA1
fe6b4dde551bde8527e7bed7c4e1bb72db5252f5

SHA256
19711b2036f220eb6b398ad1e0c7aeede017c37d2efb19f5be8b1df28e04a39a

SHA512
d5e51b773dadb6162ddad690b895d402fd046a3a909cacfea1c38e784d751362ba0418f8e82432e943988e74825cac15e76457690c5e87360bbf6c70a073d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc6b69b8d18b01b7d796fe437de01f8d

SHA1
d85f3f20664f9c924ef4861290b862af807b9b0f

SHA256
a2323c93a78851c6b5958c19cd96d38e58b7ad4106a6a0e22814d9dbc17ec392

SHA512
5137da6188b40fc269899d5b0e963660c1278965991c9742af864df57dc300b25787cc7cc4d77893d9d7d0af28e9b0d63acbc9e97623f4e17050a8d43e7bf7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
837cf390474ae127af1b001ceec1cf65

SHA1
0f50198bbdfff971350a5f31d11addfacef8e236

SHA256
f8f20b92eb74e4ff1dd5f7362f440e7a4026c9ed5d39f5fbd02d63c8e0760717

SHA512
694ef9c486fbd533a9129ad02d57fb3bfba5655e0e132e531c32bf68d0513faa22579aa45d0188ab47d8fef9a12d47408996b5c18975396a10ea8baa2c67166e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
694a30fc18e43fabb55d389b3d668a15

SHA1
0187b02e7c11edb02f03c7e75a5d50027323cae9

SHA256
ce9155f69dba79a49e4f5b6fdee9004334a789922e79bd73fab7a07547ba2390

SHA512
29249e70a1560ecb41df179a47a14bd9288c8449745662c9eb740caa377d7e1d1ef857f00d547c5be598eed49db5284484fa1edde9873137e4b35b91c173ae01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe650b56.TMP

Filesize
203B

MD5
cbded907edbd837205c103d724c06e0c

SHA1
5a2fff4bca3ece119ffd18f414da857925547026

SHA256
6053cafa71a46ad7bc3a03842ae01c3bb3c53a0ef3addd19d1df50bda8a7f151

SHA512
bc078bcc093e0438cb5e5f1ace1a421f63b34f9122e08fd0600ffc9fa272472e18da1c6544a156a176bcda0f779ca9377ecfdb753a060a5aafac6b0009bc1ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26916adb9a4c5dbb2271ec16aaca78b9

SHA1
9db5b1d7e15edfccd1814f22f1570c69e40a9bfd

SHA256
bd8096bbbe9199396165dd7f299ada1fb985aa19a77ef457d4806c795f27a2be

SHA512
dc25867781fca607d30d1ffec8610ce3401ea55908c2b00fc83c86233264710cf1f450814a50baa0d52b36655063f38cf16e5921573384c781637faf9740ea8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4190dbc8f69011d6dd966e753d8b2d03

SHA1
ca087748c5aad4571fecce48afe16e1baf578a44

SHA256
89293a93d0cc8aeff78a2e2d75bc01fc9dd920d2451b99a6af4ca8910eda50c5

SHA512
89b19fb0b6d64fec5dcb676c1731b16649b32747a8030060d12542ee603d0f1100d5ce1de089506f097327600c914e3e1cd152eb6285f9f4ec76c908f5ef56a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
047e55ba8949a6172f85d2ba2705c06d

SHA1
831b3b54d709ddf88302d26a45fd14ad2234a927

SHA256
827cc1a910e661e47cd3f3eb24f4405c01fd590c18773b6abcfb4fc8c0a85e10

SHA512
eb5f603f1b2a1f71253cc527e718794ffbd7160f42339cf1d07b3c291931c9c0c33746461782073b471b5d7fb8eb299efb83b64056c3fd2bba621e896130e897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
14b4a32a7425c5656ff19379e19e378d

SHA1
4f49b77d19d26d9ce001fe2a0b99be06f2c1b3b1

SHA256
a02cd99150fb3f93992fe48fff1bf1793800f51ba2a478eae25a16dcf8330fd7

SHA512
10a4e2b52dd35c9d87745fcf5b52dd3b1f68a57b3afcebf89ab1b39ea793542fd0401a7d721d63abab7795d753cb2e972bc16cbd97a2f78b7bf3153d2033e5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eac717d4a30406315fb097c63f045bec

SHA1
c340eec26f2271214dd6f9402ca989f36610c62f

SHA256
8f2adf7d1beb563e335180ec90ef28a62afde2a7185152a3772eac416b481538

SHA512
af8438ca40d72e96d2a0081a2d0a325e5da4a7e9edde4fb8d33385397c75e918ba357c8a247fa4592adce3fdfaab1639a188e0ae85df44dd6e904a4903626e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90c9d96553d3b7224af9482111c8ae21

SHA1
fd046f431163831f0758118d0e952920ae4ca7c8

SHA256
d77307e2b0587ae2546c5a811fde647785d74f2dff52e0f4212d06a409febd50

SHA512
f04cee06278eb84ff4b079f38b13907b2fee4c597e0e20180eabc15f9415801160dbe6ad6bc1679a71dd6f769c8fa7978a3eda3324c2cd5be988c6b1d8f07bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd2e7f719898c7d576bc9db9d29a6377

SHA1
c39aa41417a0415a8ca086430ba37c3c92abd4ff

SHA256
2c723d2ee3d38d116d9de1edb014482b059f7ec178ab1346b1e95434bfc62ae7

SHA512
8182d0d9e3166adc32d8dd332d48d87c1876ba6080e633abc64a1fd6f2673eee4530e67b0c6d44143266ec91096f10b99b945f14594835b9765970dbd6161160

Download Submit
C:\Users\Admin\AppData\Local\Temp\H79NCb5G.qnk

Filesize
22.0MB

MD5
807a88bc30c5c6f8d323e80e3cfdc983

SHA1
923f1e7d3af0265c50f03ac959bc79c209c61273

SHA256
1019d5f3ec068127d38ba2cf6e631b58aaf0cffc3d1562900547fb57641f294b

SHA512
88645b670cff8cbec7e846516ca195da9a7b32638e07e3069173038e7703113a52033e10135c81aa30f27be87f5341c833ea01f28098354749f6b0da41b91cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B21.tmp

Filesize
6KB

MD5
87f3b96cab906f8249fb34870df57286

SHA1
e2ef6ef81f8aee48f27f641b811ad95df7843cdb

SHA256
1a285b2be0628e9f01fe97a0997fdbca265126ab87c07edaaf24db9ddb8fa2e4

SHA512
ddd7f35bca7f0243432fb78ecca0bfb28c394357a636a95bec125de155498354e3ea332c6a2d064ef1994f24688151cfdc12df2e4144d749dcf0359bb9e2ccdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B41.tmp

Filesize
6KB

MD5
056692b657d07a0a0b36703995f50028

SHA1
68118c81446c6ee31fb1b737b797e187a7737b9c

SHA256
1d678c39e4069b4bf37ea3580ca7169fcdc8b992737524795df7c85a00c6cfc3

SHA512
f8c15f17aae6d1074b526ee59f4936043ffca57c4f7f385c8e3d51612acc89762b2950399161a91cf3f4a7ab2083b604bd7c9d168d93cfca2bb12bcdbfcb8377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B52.tmp

Filesize
6KB

MD5
986e2b2fb3f2ed7410678d0e312e2b8e

SHA1
46d720f2509d12c73154663db3ce1e988246548d

SHA256
f625816d0f5c69d2d8ff1ab9e8cacf62de754499091d7d9739d29312c89cb722

SHA512
e8658dbd923ebc766dffb233fbc1165ab82f5528f714a819ebec6fb7706c20123d5a30de42f4fee221bbf59e637bb2c87aeae557ef8c01cf4634f9b7760b22b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B53.tmp

Filesize
6KB

MD5
e05ecbaa58d2e34cb31faef244d676a6

SHA1
821cab58a564c237e7e129f15fd81d048c883a20

SHA256
541aac3b24ba1c5cec201522172353fff28bc668d4835e25b2ee9fd86bfb9b99

SHA512
d1e4b01d40ec32fffca9fb824873cf6ec26c15323b26ffd78b71397e96f35ca98b2559e39262968e5350d706e580ddab26f649549d1ee151a68077980c6120f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B54.tmp

Filesize
6KB

MD5
3acd1cebd6235562b6e4d1e192a4b700

SHA1
bb2756c5895f23c331947268689ce3ed568bb213

SHA256
d80e96655ffd94f89eff95a4804789476c133d1286471d08ab18228f6142e8ae

SHA512
e6b4cae3d1e51e8ebb83ba379fd8252c72cb8376c3e6c0ba3b3190c0e4647a94dc0589dc18f883bfdadec1b4a2f7011ba934b79cbd455c73bd344c82cb91682f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B55.tmp

Filesize
6KB

MD5
bf3f24242bf75882269c5c6a3869727a

SHA1
56b5ed356b054f14420603fd3298d9c43c9c2efb

SHA256
c33f8653a1789ad83e5f3e2247061442866de402a680bdbab2ef0d5a6db5d1aa

SHA512
a934dc983c6877b0b34197d7dffb3ecf7373ebad7279ead04a1b8449d98e7c3c2aee1914ab14a6cc205ee51c089fa7b84764cf74914851115b6192e952a2e3c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B56.tmp

Filesize
6KB

MD5
b47fee93c3f497a14b6e998f4ec974c5

SHA1
893084ef4e0e62f9e3c5bd56556bc65e434b19f0

SHA256
663fce2a7a3de0cc4796580a92b17c3ccfcb3f6d8dd12ef6cf2387fbfda3849c

SHA512
555818fee0bfaef5cec3f04d4cf2c50670bf6d4d23fcc29ef3e3696312af66951b23f09adc59fb1d9aba4fd387759c2f559860da1aae575dd468f92b2a6e4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6B67.tmp

Filesize
5KB

MD5
1f910facc513d0abb9478ffe3e73c048

SHA1
d0e6508d64297cd0adcf349f764d57c6385c2f84

SHA256
71a2c616df49f74080731816fbf678010230f157dd196a9875e1ec159baa4b53

SHA512
f648a702d28192ff18b70a1095432fc801a8beef4506fd5bef852d3bdd4579f09ea94e490e8dbe2517f1271342dbe3018d860c95fb30ce36a55ea7396dff1a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6C62.tmp

Filesize
16KB

MD5
80555c9c7b0b5073b9f667e5e1f72efb

SHA1
b2a48dd9def5482c5a4e36c9c019a06db9e12d8b

SHA256
73dc0e35c6286db3cced046515267a113133260651ee9c437e9dae09086336d0

SHA512
d83268ed5c620276c8ab81ddf9429ff789b6ad9784a3f2b0c389d5c735418345ca697751a673c86bd9821136f9c2db6090d62fccab0d08e27f140d5c1fcd8895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6C72.tmp

Filesize
16KB

MD5
63a52e344ddee211373968205e735afb

SHA1
393b1c6e4cd61345f2de670bb94b0982df6c2beb

SHA256
8d38c0e1a4b67fa076f7526506abefd02cf105d213f98ec15489233f241ac6f4

SHA512
db117c3fcffd86c2663eb1dbbf7cda66da8d7c8656e1b05eabc595e330d0cc60fd44e3dd5b644f852c8c8103528c7379eeedbea09e670b96fb26823333d0618f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6CA2.tmp

Filesize
16KB

MD5
27aa192b43ce5d74a26972d0dfea8c80

SHA1
f0e9f2009363bfdbbe742befc72628c253021651

SHA256
b8e7cdc8622fe0c4043addbcb9de22427c69518749b532ed1e87ee60e8050dff

SHA512
820040a1269429d73a2f1ea76fb874e9d3b9df3009e354cd4657a98c304297c1cf3a0f4749b5f10a5240ec4e7cf23ebbdc4682e5bc15c5dcfd08ed085a0334ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6D9D.tmp

Filesize
8KB

MD5
fd25ab2825c2c7b61cf4a606de30a8d0

SHA1
9befc6e1a1246095084b610c70032df132ec94cc

SHA256
47f0b80f156d283ee0157156b4a723c7da690f1e7b74444cbfea8800822fe8d0

SHA512
c857350052ead3c234969842276b2670aaa56950dbf7accd62d3086d1cc52e7f00cdc07808ba706f0e324ce72814c13ddd84ee3ad7f591b877b7e16a38af9542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DAE.tmp

Filesize
8KB

MD5
e079dab96f6f92e4a75682a33cbf715d

SHA1
2ac44d9af5661bc5b99e0e9c032ac4ee987f5003

SHA256
3f49c14893c3b36c9149a3db65b6e35cbc1d3ffa6ee9d35a3db16fbdee401563

SHA512
e41f9ffb8010fa74dea4124feddc4415b8bcfc7604cb80098a47d626c8746736b7a73c7eec030c36f72127189760f3cd82db7f96f9940e55ee17d8288a7cca90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DAF.tmp

Filesize
8KB

MD5
2262b699e395893aaaffb084d9f80dae

SHA1
c49d89704ab1fc76cdf13b71925a21b2440bee2f

SHA256
67a501f978a20c2af1bc73284141cd519d0f96da88b26ddbee77418fe560dee2

SHA512
9d2cbbecb39a68a795c193f5665dd48a5b0a95cf54f4c09ec0212ab86bd3d3b66f8932f1428029a4d4c07354a79a3da0319635da2f7d9e3801e1769530bc308d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DB0.tmp

Filesize
8KB

MD5
c2378cea34cc55400d6516e9ca15ad2c

SHA1
e07b32c807e2fde624a28073546736db7d56488d

SHA256
161f95c58708ce4ebb3f8888e74c71654f439e6063c8dffba1fa99af6318d587

SHA512
6bfca8fab03f89f2a375aa4901f8aca85e282f16902febce224e91940e561639a871776afee114ba5790cd487610ff262477127e77d9493f1925466de238e9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DB1.tmp

Filesize
8KB

MD5
60ca49065d91ff0d4933462cd889ff52

SHA1
f0a0594f0c798cdcba273da4aad8639d58bc7fe0

SHA256
b36b86d9a4e219e401534d443d027463787b84f888c2cee91c5b594f557fdbdf

SHA512
28701209e5a0950525006b77a03f161bae0f377a19b053e412894b5f1a61c3692b1eaed1cbb6230f5df481fa659c56dcf172fa173b3054c6c9f33180c1cee12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DB2.tmp

Filesize
8KB

MD5
db990e43a4bba547014b8f65eafa96a5

SHA1
1a067ad6fbb2cab2abf4c8af2ced5031c581b328

SHA256
9a68a11ac61273827a0d57fc71ed536a43bf0c34a839a7441a23d2f5a97b8d4d

SHA512
654e8a73d75c4f72dc1597ea902e2447416b02029b66518d8792040b0ebbfa347d2c9d53bb6059c114f2b97b27d3a974b53ad63ec0ebc150a505ccd90c5579ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DC2.tmp

Filesize
8KB

MD5
fcc269f48b3a15bdf4b8f7e3ce5524c1

SHA1
d4320eb38f47fba52a40cc554400e9c4195ee3c9

SHA256
b1feda85c9a43ea162043563032facaed1a83b7410d7ac69ba17fb47ccc752c9

SHA512
c019307f9000a915aba7f963bba4f691bfec632f2451dac971c669837d6938b055d27e942daa5b16a2e31bdcc89d856c0f9021091de57a9c56e31723319111d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DC3.tmp

Filesize
8KB

MD5
9d82ad21f38e3b3479395bb291c687ce

SHA1
cf6520cf3f7cb6151b57f97ffb13073cc275f3ea

SHA256
cd5694641f31c209604cb45821b072857306ae73fe06af4d4279d5f91d3ff281

SHA512
16c57d8ed9fd5685b2a163bf1b85b3e936472b250c4223dcc0af5e85593e868cf957940972a53dced190cb4ab92be3a8c9267e7d17ed39e40f4d819224b1114a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DC4.tmp

Filesize
8KB

MD5
66cde0f184eafa03270e617425fe9507

SHA1
a25808b1edf4c800bd3b488c1cd90f5dde6cadc5

SHA256
4efa666f1857205df026cc1adacff57f799e8ab864c404d9547a3d2a32750262

SHA512
df8641e6c63084faa2e5c67da0bca53de40d6862aa01ac92528396c075d977c175b4be49c987cd37b67a80c1f83a449cacabd515a683f25afbbede60dc816e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DD5.tmp

Filesize
15KB

MD5
88df3b8c567a2efbeb49c892eb5ac3b0

SHA1
2d1f83c98cfb324c20d4ff42e4aeadb5498b926f

SHA256
299db9636941b796364d5c226703685ab18af4d11de3f43f631c791a8e0dd0e1

SHA512
2bb97483b020797af57ab80b0f7c69c1b937643cedeab976b0659cd4ecc1e95bea51acdaa342fa0499544dea69a844481f41c40bb3856491a8d9e884499720d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DF5.tmp

Filesize
15KB

MD5
2ab81da7fe6c6625fbf04e66f1a0150c

SHA1
196b3022326335915f28c47460c7ec37f683c1e2

SHA256
bf6c2cb5f2c50f3b94ab0d08bea5e925d8d0899d826a09a671bba3ad6e487551

SHA512
c741856a616e44278d9a6b429f8857279c0b722bdc7e93866b035bcf514103fbe971997c52c79be93a4776168a4296c0a39dc836862e2fa2ff5d9a8699aed7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DF6.tmp

Filesize
15KB

MD5
4d2e8d91662cd78615fd099be203696b

SHA1
a1cb7daafe8780226f36d05eeb8e0deae1a9b546

SHA256
667aa5e43904a17add409b8f912eb561ba91dd19a28883f52793bea3a12ab3af

SHA512
e57074719bb50af3ee6d0eb849509ed496c36a8b6fbe36bd826c68cd3d820f8c8e96b9e87e67ec658b54980f1f39d1446c5e554b1f9234036e1bb5cab8d68297

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DF7.tmp

Filesize
15KB

MD5
49f72e96fe4fb88bba860e4fa94697ae

SHA1
a418f864776e108d8831f1d63727eb1b0b6396ad

SHA256
a7b95c499eef05fbf0956ff9c19ad07a602c8540de5890b09b00ae786fc8f8cb

SHA512
f3f2c66e1e86252eaeba149315b1c572a35e77e73f2b8fd907d1c3d5032d51a6a47e7c258f753820960c9c575219d7d4feed2561db7b99692d0515e1d64b95c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DF8.tmp

Filesize
15KB

MD5
3395fce8ad1321ff2988c3d53a585647

SHA1
7202c03a45e7a183f6cdb7e08549b7f084cd9b28

SHA256
d44607a54629be94885866da6f6282e44bf874298f3b1c5a5edee8b44db2f8a0

SHA512
aae35904eb0c3a9661ede289a1c15340a6d81e555f763beba1b25b95c74e3c5a364c693b18d6919bcb24faa0eaed28befd6b448d5f22d73452a98d26f2e904f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DF9.tmp

Filesize
15KB

MD5
cdda976dd5d82c13cc25234ce9fff9a5

SHA1
ad8538217a0d08129db80333b75960ce171c0972

SHA256
2b0a0e62e1dd86dae1f48dc8852e44893fdae2f7fc6fa795ec1d5ab11fa7c8af

SHA512
674c482520e645e0fee50eb693d686fa341ca42810843dfe6d9858602ac6bf2e1f51de36789cbfbd3a1908946dc47aa0a216177fae54d2874436f17309f51a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6DFA.tmp

Filesize
15KB

MD5
5e38bff350609251fb2b819e48e1003c

SHA1
2590d645c9ff3817107381d0e972cd6441095c9c

SHA256
5f01c5f1f6a683daef834c782129ed3bd298f9ad2ab417c71f0d2e8e647be31e

SHA512
d1650b60a3cee0df0d81683f854ebd6af665416c3e23247439cd30451500d61b1a425ab6f243f6e4aeab5377c6f6f9c3dbc77f14c91c7d12231b0b1e74c7c812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E0B.tmp

Filesize
15KB

MD5
f49ddb287ad83c7e8d4c90001113b1a5

SHA1
58fa19c97144fef0453940cfa6fc081d8a8bd5ca

SHA256
83d349056298e5f75a5f216a5916d82b63e6d83ec4ae8b80ff1a0bf0c4628316

SHA512
7ea3215ba327399436262d9e178e69590a2285ee258c7005ecf8ba84566d19a857a5a07ac67ac1c8275beb5f408af15dc67b874b64f2a6573ec2ada68cf10aec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E0C.tmp

Filesize
15KB

MD5
38a018e9576b2d012ddf369f1ee0d217

SHA1
7afe829dc968a443368625531429f531a0cdbf89

SHA256
8f55bd4f2550942f26c9cec4aa502830e2f3b63264c8aecaf7387c8f81112f1b

SHA512
821d9975c4054f115e2de934c4c96759a2beac4b39d12ea7fb234eb3c90e7bedcab4f9d1db0e8d10b87c0316fa19eb264395ff2fd2f6f478d7585e990aec1f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E0D.tmp

Filesize
15KB

MD5
5546957b3aa9d5d108e7b2c962bc945e

SHA1
1702d098647cbf3465abe6f2590409aaae2ecb94

SHA256
90392104f4469cc1a5c123a2ca482e381d97677e4e09a6328cf59cd7a1ca9619

SHA512
08eef01d9aacfaf34481e1fdb2e0e435148aba348c294ca0bd8f911f6a772b8ffe442b942dcbe1ec5f68a59a8b5d61475f619bb4fb37679a21dfa55b14890f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E0E.tmp

Filesize
8KB

MD5
d916d47f0837b1235be23a4ed88a6bd1

SHA1
b83490ab64245314e8437970ee40c58608d4d93c

SHA256
7aac08b23e68d7154502096b936c2ea5dced9df47f24a3e3d8ac7f88264c0c26

SHA512
41a24dfc0e348980514ff407e3d9e4c27b915a366ef4276a5e399af750ca5073ab7d9958c2e410361b37496e2ae8cc24099f2f02c9994179adfc200755bcff2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E0F.tmp

Filesize
8KB

MD5
3a882406f730519720a5b6d8419f85ec

SHA1
79c4a0c1e49a133294f68de5d858e5064ff71035

SHA256
d1c801ee8d083d3b816be0ec61b6f635a5954a2a421dac4b1624aa6ddf37c08e

SHA512
eaaa743a774eb273df5e640500ed1197219cbc21bcf4f17b4837351835e1ba1c8434dc6bd59e975f30bf7343d5f3fa7ae6dd13e550d15edd4901cd9ceb5dd281

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E10.tmp

Filesize
17KB

MD5
7dfcc32b927a4cf77ae486b03226ca02

SHA1
4dfa629d527934819b43304ba004b97f6f3baa3c

SHA256
e95a56972047453f8a91b719ed64625032b7e83318aaddeebc6862131b3fb31e

SHA512
a3478ec4baf54d9a42a23f612bc14a1dcd1523cfaad5e066b72e17b6969bc50a54ae56454b9a84388401601e21025a54f9ed2ef1be731c2bd4cfd08613997faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E20.tmp

Filesize
15KB

MD5
a0e4b1f7d1b58e08edcc259edd249fdb

SHA1
5fc995367579659eab3084a3891016774e26921b

SHA256
5794ea87f83843b618147b6ef7d30fba31721f0355fb229f8b3900b10f03f83e

SHA512
97557ec6df78ddc213b027a6c92c746f0bc5391d6ef39a08e6797c3c5ce27c5a8a6f0acd7bea872f85ddf760dd1febbbc43cf3c791071cbb6741dd2e1e9478dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E50.tmp

Filesize
15KB

MD5
d453e72024a504dc6d59805da30a4a76

SHA1
7acdca30885dc6e0c9c50bbf051945437ac13acc

SHA256
de08a973618e39e864b78a6e2e8d6fe609af50b0f48200ecfa86a1fb6ecd2629

SHA512
b6bceaf00f677ef4c5c4a97ad0171cf69eb324cf900bdb6a07968b65cf3d87809cd55dd590518c189eea601f9f931879401951772651f9a722e0d5cb15d0e739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E71.tmp

Filesize
15KB

MD5
1a951f6bd9301941bf04659854a03335

SHA1
5b433b1cc86f8bc9dced1e842d31e2f749d95855

SHA256
1a3478e469852108cbdbc76be6d4c7cfa6506424462d079d863c41ddb54bc25d

SHA512
39ace252dc38241c2af2b89287c8d6d88ee647d3abea23f3e3a94622cdb05a3f289d3b232c9b0d0a74ca305914cea7f883c9bc3024f94f53cb73dd7b6d4489a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E81.tmp

Filesize
15KB

MD5
7510fc3ec42e276156c91c22e253a63c

SHA1
56c33c93da8fc5560c7afc9000c31c82c4a60e1c

SHA256
faa794379897dd5a67039986629f5e9d4d082d9e64becfc235147124875b949f

SHA512
e7007425dff7f896c9558029e8576010502b4aba6d22ecab76808aa34055e0fb499b0a703303aa89cf177d0256f6aece3eb2a101407e8c57e35c7214ea4c4150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6E82.tmp

Filesize
8KB

MD5
a39f5b2bb6633ad987c9ebd61ccf3047

SHA1
2d6715b28d70727d4a6cbd1c0a96b26b2bb5acb9

SHA256
30b098a53aee486b71697a02c5ef5b7fb9d59ebf17b27008ef63e47956244989

SHA512
b9966c03d4ab8f57c90b521b7509c635ee6c0865afc1e5513241bcfec03c3968bc86c1ce68d9c947e487fcaccde48ebf5a334deb4db624135dc0020a65d52313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EA2.tmp

Filesize
8KB

MD5
d40733ab179b724ac5cbefcf60c3c3a6

SHA1
e3ab6f46771d1010b9cc6b3b92411459d88da8dc

SHA256
5ba8a992de9428a6cdffa7c79bba82e03a3342d36d75012f932fef23277ac11b

SHA512
a34f1bea52345769efc8b03e12c978feccbebe93fbc75c68c3c2029020a22a40595ab44d0b01a590f0ee5b7294a4da1e0d15dce7a8c141da58f4c45461f08cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB3.tmp

Filesize
8KB

MD5
aee7c0ba9571220e639aeea94eefcef7

SHA1
e4b4bb7dba6b50f5503ba1967c27e9a658b23b66

SHA256
7411dbd310be00010b2de229e3c37466e4e2a587c8f181e7b292f103fa5f6f1d

SHA512
b5b81a8202659961dae78cdb4f25d2baeb010bd14c91eb60105acb438ae855dab47035ba49c5f0f200b679b2a438c7b0cb99da6698ae0324ccbc1bfb827f9f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB4.tmp

Filesize
8KB

MD5
f527b621714fb34696c45fe8192c2b01

SHA1
058b64f82f663d58964363ab7a37d1008a764d44

SHA256
3b0d63a6b51da9f78ff95ad9d9484292cecb454522559bde2a2d1d8651f949b1

SHA512
008e29ae26365e909cc96a50e4cdf75005f1980961d6467a85ac1871a35ee0070287dd02c154333846df910cc4f7331354473108767c64989ba2260a3a276daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB5.tmp

Filesize
8KB

MD5
031a53c7500e4ec18d70d9684dfe6f11

SHA1
0492fe5c771cf6cd997552473c83566d57274eb9

SHA256
e5a5eccdd7678f2ae1fb0010995bdd619b2a7e2ec31bd5106066bcb080a3c0bf

SHA512
2b011ee993c9eabd8742ddf51524fd81d6ef07ce51954e59647e8d0a071d2d0972222e8619be85510c1e6e61e52e80183c249e948f54052686745c410c4f83dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB6.tmp

Filesize
8KB

MD5
24ed2b749640c12a4a004ece10d8423d

SHA1
42c9bc486eda84830aeca4c117f072a7021cd6fb

SHA256
df0573a333f4d8830f445734295968236581d806afb92977bed2d88f26f81cc2

SHA512
853d29964ccb33f414ffd4dfca1b575f7af67263599c815aaad8a9348b51569313ff404de85b82fa7e9d05865a9e8111ecf3ee0295f39f55fd2b33697b0cbc37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB7.tmp

Filesize
8KB

MD5
bf07d6449d7ebd589f876662cf1a0b5d

SHA1
32cc3421bc6e3b336196c61d97595fb96cc4faae

SHA256
236b918afc8532277d5b4d44d3ca0be66fffbfd6106b052796753363c078379d

SHA512
a27271be06e03acedd4288dca1554b049862fe5db07bc900035b5151a8cae877c70742d78a4bf0c2e4a8850cee801610bdb22218abf7fee0fbc79d08ffd6a538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EB8.tmp

Filesize
8KB

MD5
776d270eabf6b284d8d650864dadd921

SHA1
ce3d2b67e86b0f10b9caf6fafb14ffc08a33cd14

SHA256
95dd4937201c15a53c82067f67a48715fb66f4c09989a1f29b7684feb19a1d77

SHA512
25415a3d878dc0afbd83072801d37cce143e337cbe1cf030c628c5e980afe6191e1e007dfc80f6b1c15996b56d9409b959f6594071a84b730f5357136bdcff34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6EC9.tmp

Filesize
8KB

MD5
939b42f46113a63f4d4260e5aa7cdf36

SHA1
d393ed8f5d5ba160c78ba665d466162e04b0fa64

SHA256
ab92282babada285a95d49216fa04f2282be68d0c3ae44952ae0722146dea2d0

SHA512
ef05fe4a43f1e2576ceb0007811b34f1ca3546f29f7b5b360feaa9c6b14fe7b406d62f8b06331e3e15f9a0d26c300d5ed373fa3934553accbd4b5dd558152006

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F08.tmp

Filesize
8KB

MD5
cafa9b79fd91489df848824a738f4294

SHA1
adac27626c93784918fea354171432b7962226d0

SHA256
a04287750e7f5b7e1f85e5165bb04ae9157e24fc2e44eb0ba1a1ad924643916b

SHA512
d8f1731d7872d46103aa66ad574c7dd04aba89f81356530dca9cb7c85b65dc77b4a81981561c7b06dff442b0c1fe4b4dd68ebfd2b3f56df059cb5db6d10307c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F09.tmp

Filesize
8KB

MD5
cb6858f0c84ca4972e9ac4ab5b5937d6

SHA1
306fddba0b071c09765ca51bd0d7571ab9c3bcdd

SHA256
3a568c744a838f95040abe1943aad441711c0a7f917fd0d7afac74445ffd0e70

SHA512
1faebdbc73e02040c4869cf3e2a50d3ea8fc9b69e832759a5ee0628f6ac165ef1cd2fa9766adfa4c0f8bc2515bca6d7bb5bb72f9ae7aaa3dcd6ebae3c60e79a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F87.tmp

Filesize
15KB

MD5
77cbbc5b2b906feb8b69c4b603f1cd60

SHA1
491b2a36a6b246e6854a1b0bca9625c319003e53

SHA256
24132133fe01f2567e126189f2e9e95bec866148192f8db8ee05a9456fba9527

SHA512
c3e6598a0fc26382b93aade127ba2d1982083ec52bd3bb4099925cfde63dc6fb17762586d2cc5584be3df6fa48021e4b717aa5b56731edd0cf738845ad765b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F88.tmp

Filesize
15KB

MD5
15094fb43d2ef6d19f4e1a6231b24072

SHA1
53521833b2aaec96dea25d3d176ffc9931844902

SHA256
ec1112c6c5b89381a6c49ec42af2c02d1a0177e1b548f522bba909eb0d3d8f54

SHA512
f4b170112ca05c5781e5cd13541af5c007b1824aa818e1a24c895b1ce0f2e31598ecfb65cdf91a024e65154d875d8e6343a7257f6fa26bebd5d3d3e1d2e99833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F89.tmp

Filesize
15KB

MD5
9de4f6d5b62a1004e8527d77b9d583f1

SHA1
65fe53778e009eb3d3fc51c81bb402fae4cdd40e

SHA256
3a173b9a330d62373f27c0f278e4f64982de0969fcc4b46bb8cacff161f046b9

SHA512
07d99e488c7147ea072afe82c668f61d190b89f4f422b87716c6ba1583cd8d674b250112e033d02e7e8941e8ae517ab7b92c8aed912b9f999fc95935a8f5668e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6F8A.tmp

Filesize
15KB

MD5
d3386d22883b1e3103de0d27a74d473e

SHA1
d453b5b1c343cf4877ff8dda5da39f623a7c44be

SHA256
d65f4d8f2212a0b0d46f37a7aee9842677e5e8ff09c10ce1078c0aac901429b3

SHA512
0369321f54a081a3b4d43c16f22dd6384784ce48d0da2afd5a1ccd1799a17372f83f76a057b8c1bf424f835840eb20de24b6b0ebded342ea1c4ceef13930c5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6FAA.tmp

Filesize
8KB

MD5
845ab2612f22f759109a6bf89733b04c

SHA1
5d82fff69fa2156bf9d4df77cdf2779d0faf1783

SHA256
52a157848898a4d80ce2416b7a2c671dae00df5d9f9f12798a93acc6fe14e88c

SHA512
eadd073c469aacafb3225730db016bd6f56bb729c5b3b5c57c5312740cf454089e619030b89ae3424519f764f873e2ee0b3351933759304cc235e2f3f97b72ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6FDA.tmp

Filesize
8KB

MD5
5b01c096688a3a0d9152d13613181ee6

SHA1
661adb8caccb9729615f5e511b7615c9113a389a

SHA256
c07514c39c4bcd270e5a1c5294bf8f35c819636a6edb75c8228a88ea51795355

SHA512
20ee3a2928359beb58ce8598a4a8083bf0ea059ed3d99e5525a06683b42a6bf9da9bb55af83682db5193d4446de27343b2624a7ad11af59cfc3c42cdb11047a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6FEB.tmp

Filesize
15KB

MD5
44526eb1eeac5bf5008acaeefa36fb4b

SHA1
026f5fc3749b7b5db0dda03a0719aed621cc7be2

SHA256
bce1fb9c37b96289ad65ab3bda6cb93982ed61a221313fee3d1f4bd7cc2aef80

SHA512
313cc4a63b9437ea1d8919c0e619cd91cc9fe337d56c93ed6646a485759de26f4c867125960b508c3c9005d121a2c335394e8ef37e2ef8437bcc80a5cbb9e09e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7059.tmp

Filesize
8KB

MD5
2588f8de4611a43b3669c30c5c5481bc

SHA1
4aa03a47e85822ea273f322e479e69da01341812

SHA256
c9f7460d59985d076ec2a2aefedccc9976b15445439498419db29e59e6f08fed

SHA512
66095c365ec19b26a5c294845776559915be4cee0c02a569cbce8909c9f1f8c3ce63732dad329ff37e97e3f56b0941b1427632c72fab28523a9efa09b2011266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7154.tmp

Filesize
15KB

MD5
09b795cd55cbdf2aa658c165d194907f

SHA1
26ecb42dea976a4357898794a5620665128cdf07

SHA256
c07d306236722459581b1dacd878d1ef405b491f7f6e00320ecb3a626f15d02a

SHA512
139bf4e73396b659c6d60df00a9f2ff7f7939ed5ff4d445ac1812c657b9ec0f65869c8911db72334e8c0fc995f2781cc83acdb44632ac8dcc0e95c808eecfecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7165.tmp

Filesize
15KB

MD5
90a6f65115ff63ba58dfd275f3b41ae4

SHA1
8d60e00482ca74ea24ddc57c6516b1a9afe02362

SHA256
fd9a4eae674a8f828e07c70dc9b7fb9035cfbb538fc48720745f07b95898dc6d

SHA512
0fefbb223bc3012c33ecb31385f812b1b5f18dde21373c2f1fae952859b8c7ad549c4242e62c1a7bddfc5e95af8edab3922b76bd7ca74057c0d65c17bdebb745

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7195.tmp

Filesize
15KB

MD5
16da4129e42a9bc5506ba4ceee59791d

SHA1
05895bae4e94a3fcc1a3f85bba84babb3073cf4d

SHA256
d433c8cb211abf366ed18af284a27d9edb4741ff7a8ffcbd8109493d8e872feb

SHA512
e21c7b569e2e163ec5aa56f58c8ac5c2d9778d7adbbe2480e09508b56cb6f9e724e6e8ad28cb95e386f02adb33440aa4ffe3bc7389e645b137b9f4992d2d7d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7196.tmp

Filesize
15KB

MD5
16d5eb112056a88b34dd68daab2c8cb6

SHA1
deea1c274310769e7de2fb60729557b9ed36aa72

SHA256
807ba247ac3d890a7a4bf70fdd0f1082af250e050a23a2d6822278acc221d132

SHA512
7de090abb1a87617353726548e51627b590ca3e8653ff445b99fbe6081dd816036fc15f45dfae724894cfc891cf8d649bc71f19e9d4a0961104208082a11bf7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp71B6.tmp

Filesize
15KB

MD5
73b00b411936ec502661be18b33612f8

SHA1
bb3ef8344dd56b964988442877ce9b57573e97f9

SHA256
b784aa1596c06c457a9f179498f1d5e38a4a7b8e4a9d81c9f9b3ebe7f57e3a2d

SHA512
b423cd0517fd1315026539c57ece37740a10b5d120f4e17e68d18980c650903389993cbd5873c9d403179e5781e70f7d95213fb26ff98e43e33b2d6095001ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7292.tmp

Filesize
15KB

MD5
23769bd5c116a3d9e36ab17dce20fa4d

SHA1
c34be63b2b2b6bc8535e2ecfbd9de556b4f3bbd5

SHA256
13c23916e141e116e57cb1206e12405bea990bf75d87c6c7c42c4baf00d33b61

SHA512
43a3dee923880bdf74605e3a665a8091603c03bafdb11860061d9a5a717b3b2d4e926ec6425df9fb8b95c83d5a928e6636098c056d7a77f95b8ed40fae34c3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp72C2.tmp

Filesize
15KB

MD5
6254ccfc94c46d5c67af90646fad2d9b

SHA1
654b85c663984f11a5b08656702b308b3c9180f6

SHA256
aff4a12b8e375137ac517e97ad148b062dd508f193d3aeb163dfb7a0cc17972b

SHA512
2d7b2b1b2b9fc8a9cf404b7abb7716667345529405d1b0a0c7b3f2dfd5c289e0011c9e0201625bea777708a9c09bd77004591b8f37f6cb6746226ff58b680f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp72C3.tmp

Filesize
15KB

MD5
bb61d94ff2588f124d3b130c9528de3f

SHA1
c213ab029faf1190339fee4949d96002546ba9ee

SHA256
c7952c4abc49727c04f32b5141efe3ba87f246689166c10aeb943c2edcf9e7c5

SHA512
1485de46867a2b8c37eda14bfee2dee165052d317b94d8595ada0085c224ce19fa84237965747cde10f7ef8aa08962797672b09f615fd6fe4d779e435bb9341a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp8DDD.tmp

Filesize
11KB

MD5
f311859eb25de64029f6abb4e8f3e400

SHA1
ba45eb3bd1f295d2c7c074e8e913b209604387e3

SHA256
d924acd29c86dc46fb4ad73c4dbe8ee201a9a3bc0ce87e89acbe64c44198e751

SHA512
072d152ebd6dd02ce21a9b50ee63a0000a89388ce4f853c249ea08ca027db75e7e1592316e25a33cec7268ab62408b7aa0637f87a89abbd3665f91b0aba4e66d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp8DDE.tmp

Filesize
11KB

MD5
f3ff084d7f338b9d65116b7a9efee717

SHA1
fd09705c7b5d13f195e8c868238f3339f6730482

SHA256
cbc841bf8089867e3de7b9462ef56ca78e327e62a3bf0f12ab4e204e5da09f48

SHA512
b725062d074df074be3e02dc737c248a9c957b59e7220dd1246f79a5683132ff204639d4a3ab11ae296d715e6a17264ff90b927f13963156b0a8606f4392d024

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp8DDF.tmp

Filesize
11KB

MD5
5dec5c635fad4011401066dc58df340e

SHA1
5df667e28bec71b5069207639855fabfbddf8510

SHA256
6f1998f87b691dcb652213c8304a1d04282e07f61c7944abc8aee55f11fe035c

SHA512
a0f5d63f10382d3ff126a91eb2c388a32578168186ad5bd6b27fb02ab5e18c37807acfaf7c5abf2d23877f20042baa00be20d00991a21563418758081fc3adb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB444.tmp

Filesize
10KB

MD5
f428ebadeb3143e36561130aa3ff4ea3

SHA1
33aea6fdb855254d842b249c5b0ea4dfd2d68a28

SHA256
186cc766cf038eaa1036e60821a314033d42686d3692ee27bbb1822cfab10f2e

SHA512
645ed3df08ce91eafa2f48da919bf4a809f73da163e47b3a4f23c61502f55f5c600608606506db7c4099d5f468c07b226f66db7af4418de01eb7e27906bc8677

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB445.tmp

Filesize
10KB

MD5
c948b7e2ef2b87ddace411971f17450b

SHA1
10f08bba060926f94c70f2123b508baad7337ee0

SHA256
e57df359f4d8a4631640b52df05036e11a5ddf7fcf54d9199e0205a0960104a9

SHA512
abe16e058561f9d1862541db3c5b23e6a0aae1cd3f4554b77dbff945181864911887e2eb2ffbca1d0c7711521828be4ff83ea7c713989c06254b531018f3b0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB494.tmp

Filesize
5KB

MD5
b0a106aec8f5e34b540f6c27cc9b723a

SHA1
b7f408d3b0ab5b6aee1a21c2e47e4ae36a05a646

SHA256
58740f304df508306e1dba5f22a43fd21526c7630db3e8c8728a4c099a54b64c

SHA512
10d21da1533d2a014139293a8e0b1cff73452d0bff15730e545c771343bc057be15c9d88e0d4c9125c36e58ba7823567fd19ef25f4ebfad3b48e19472759d77a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB4B5.tmp

Filesize
5KB

MD5
101a5835af76134ea87e8f96fc3bb43a

SHA1
c19f519899d1f8d6109ff3cd50002e19d0cb826a

SHA256
3881cd7878d91e75094bbbf36a8be307f0dde5977b058fed6f4ad012281b5752

SHA512
1222eb6dd23e1609e600dee1acdab2dbb06c9cffc381489914d483b65dc8e6fdfc0bb5a3823ae52cad1c87d0d5ab3f66006e5c0905d27c8247a0de7a654dd733

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB4B6.tmp

Filesize
5KB

MD5
959c1202ecb449422bf17049a028d3d0

SHA1
9db56f688a1661ee1d63d05aa2b0f07189d0e31a

SHA256
c202891f2063a8d07655080ea9760e7f7c4684d82579ac52507503374304dc74

SHA512
8bb5459d6785f918dd07da7b615cb286ad84b79832ff6b4bd0635c9cd6b1821859bc8a9cd61ecb95a23373c15bdd4eb04101384097502811e3b3012de6ac2ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB4C6.tmp

Filesize
5KB

MD5
8576eb643f19108ddf935cea9c5b857c

SHA1
2de485f5c76f26e78ea3d8d67c0ced8412f3f9c0

SHA256
1cd7430c23b31c7c0adeec7ec5d0fbc31af515bdd1ebb8b9591b2bd62c52863b

SHA512
82204abe637c5324c40cac0161e3374668779ea982a9eb1eb86485e79fcf15e42851d1316df06c9b75477864be0752b9a887a4aa309745176bc7a50861c448a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB4D7.tmp

Filesize
5KB

MD5
b4e32d6b3d5a9498893505cbfe92ac9b

SHA1
d890cdd0cc50d9d12018ce90604c36eee2448a8b

SHA256
428fd7b25e7d07326e57c8134135b39106c2f0d2b94c29d866cb6af70a5072df

SHA512
781ce7ca540198900eeb22e697507e45819486bb1afb9170821a7cd6dadef6adb1cb23cec95c5049d07e2c6e6d73c7c878a767ead7c1814cfbabe48f9d9668df

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB66E.tmp

Filesize
10KB

MD5
9b786e573c7775c51d24b75e88f9af62

SHA1
aef2a7f2153b763ddb42dc333f5974cb16b45d7e

SHA256
4f62a43acbbd4e70717933d4a268c12b04909d226ac8ae061609a09dcd42258a

SHA512
5165309af81a143079f3b3c6f55ce2727f9bb7f96972cb257d3a0261213fc59cfaddf31d6ea9f4772b1b05ee388463b608dee4f9d11155dfe1c2feb071506d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB67F.tmp

Filesize
10KB

MD5
2106693aae8dac12cbc405052573863f

SHA1
b9ced2bb0c856f29e2691691fb2f2250e73057c3

SHA256
ed5e34ee371e657b96a306a1663fc0591d1afb6469e6a718ce6b3ded719d151d

SHA512
32d74d543328766415d2f97fbaaf60424ca3d32389f1fbe06baea47d48dab2202c2e62f7821c50e350dd6a4f8580766732cc97a699b1c0079ed548dfcccc9068

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpBB7.tmp

Filesize
17KB

MD5
d85825b140d20c2a24d581f9e88223f9

SHA1
4324b42ea3d0a60cf350223c1e0bd4d50c876fe6

SHA256
df145aa2608709e7f5d5b2d0128ceb29326b3971263481048a7045540fe9f581

SHA512
4590be882dcd6bc03ea206d6aaa662ceb976347850c9c44a96a626758a6055c5ce20024c72827bed3c20b7a19bbcf380210c336f8a825a319910cd0d37f42801

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpBC8.tmp

Filesize
17KB

MD5
5eec3f3bbf2955e3fbcfc1b5a9f31f8a

SHA1
056ee81de93eb8cf8d3cb4e3ba48899ba731ffa6

SHA256
69a2ce55a08b480e6da1013142a066218f373980ae249bb72e7ab336021869f1

SHA512
15b52c8d92f160a1a3e4d35a4e2d3dfeeaaba4f61334615151b8d511c2408fb42be43bbae856c0b6700d97b3e20c9e6db9624ec95637cf73b1df28b60b48915e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpBE8.tmp

Filesize
17KB

MD5
19a6bdf24f37a50d0dc1a85113c01a0c

SHA1
e78d6b313749319665d1a747ebc0d6dcd4f2dee4

SHA256
82f66dfee672ccbfc3375a39233a9834583f0eabf51ac41a322be476a9955fe9

SHA512
5a3c31a4fc146b483f4023380e1547b32c74287c910a59fde0ce378a7c47144ef1eaa239c6fd1c07902bf227d06207710c1a7596374bcc2031996da071a7283e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpBF9.tmp

Filesize
17KB

MD5
938ca6e0d5529e0593e38f22dc0ed295

SHA1
95fc08e53839bf879e28d2e81849755b895ceaf1

SHA256
c0f8b4f4026ecd802bb81b3d2f901814233ec15fd56046c7ba1c2bca91e02af5

SHA512
25d2ef074838d240017d5e72d651f96ceb08111554b72a683bf69ba88d2a7266fdeb576bb5d11020b476b7a8ac92f98c375a6d61ffa0737e746a4ed724b1793e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpD5BF.tmp

Filesize
17KB

MD5
5547e4493471b9d67f40e371470b92a6

SHA1
7d1f1533bcd320a26d474c3d729ab24883aeb026

SHA256
1bd4c1694b5e80ea5e53b07cfd5c0d16605080fa5967ee6d9a0cee132bfedc6c

SHA512
ade9444628644a8d72ea948ebac9b31d2a83f3b79a1020d026de23309238c4e10679163d0fb248c39d14a0304ccd9e8d6ac82c2e7a5c6fee1db6c0bbed4723bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpD5CF.tmp

Filesize
6KB

MD5
24f34a44d6558703cdb098591d39182d

SHA1
9f7466e829f7aa6df3de1977dbcbbb1be37567be

SHA256
1386dfccc7a3002cbd626990806c3dcf0241cb8e175dd0e5a884c8a5407fd164

SHA512
8b3586cb976c9f9717885b90f1339ce44253507b685c00777746d8d2455a4aea28db8c844fe864a69ec3a44001e84d61b4615618e0e4bdbc34914cb09e968f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpD5D0.tmp

Filesize
5KB

MD5
bf7f19ee2a06be76d781dacdce5ffbd9

SHA1
fade5c548cec29ffbba83cb095e754c7ea00baf6

SHA256
94322ac6ef85e38774ea73b3d29f381d11bfab0e570dc48b272148b7660a5eb1

SHA512
23e33fc88b2d1da35a4b0d4a7413a5e24bbf2d44b60209cde5ebb3e6f42f4c9d13dfbeea233a4757a036615e63c8c037156efda0f83e5420b1eb1b01e97b3abd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpD62F.tmp

Filesize
17KB

MD5
fd21d4a3095842fae7532e41432f893d

SHA1
e6200c3905a6fe90eef177f3907a6b16c2715a7b

SHA256
5a58fe9074efaf2a0241b121d0dfe69d8e631ec8b74bddd983432e2c69bf6f35

SHA512
5a27a52f5d734ba4bbdf5c7f90d2a25befe015af931b6ce85f12f5c93dc4ddb26d119052a8d6ce405d5a591b1619e3dac81d5d9bc7403b4d63bfaf4831304ef1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
17KB

MD5
8baad0110a9de526300ce4d845641ac0

SHA1
68f5d3016c1232609842af77936d77e8d840bf73

SHA256
da538453453715ee67c812272cb4d89a6f11a4f4d895f338792642ac5c312435

SHA512
1d21ed471d6bc75aa30c56f04873cbbbcd0e295d4b71d5ef4ca43f51259a9965dec9262488a69563519335767727cb957bef3ebe88b8a9063d8885c2a6fa5632

Download Submit
memory/1744-252-0x000001A478BD0000-0x000001A478BD1000-memory.dmp

Filesize
4KB

Download
memory/1844-2247-0x0000000000400000-0x00000000007DD000-memory.dmp

Filesize
3.9MB

Download
memory/1844-2153-0x0000000000400000-0x00000000007DD000-memory.dmp

Filesize
3.9MB

Download
memory/3236-266-0x000001B56CBA0000-0x000001B56CBA1000-memory.dmp

Filesize
4KB

Download
memory/3876-229-0x000001B595170000-0x000001B595171000-memory.dmp

Filesize
4KB

Download
memory/4368-264-0x0000017FBDF90000-0x0000017FBDF91000-memory.dmp

Filesize
4KB

Download
memory/4684-278-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-325-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-283-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-285-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-315-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-336-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-334-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-332-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download
memory/4684-330-0x000001BACC600000-0x000001BACC601000-memory.dmp

Filesize
4KB

Download