agenttesla | hxxps://dosya[.]co/2wc73yr4es21/ErisimEngeli[.]zip[.]html

Analysis

max time kernel
1194s
max time network
1199s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dosya.co/2wc73yr4es21/ErisimEngeli.zip.html

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/2096-922-0x0000000005F10000-0x0000000006122000-memory.dmp	family_agenttesla

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	BTKInternetAgi.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\btk.lnk	BTKInternetAgi.exe

Executes dropped EXE 1 IoCs

pid	Process
3532	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5628	powershell.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BTKInternetAgi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NDP481-Web.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BTKInternetAgi.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	BTKInternetAgi.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	BTKInternetAgi.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	BTKInternetAgi.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	BTKInternetAgi.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	BTKInternetAgi.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	BTKInternetAgi.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3856	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701905763636712"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
3532	Setup.exe
2096	BTKInternetAgi.exe
2096	BTKInternetAgi.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5628	powershell.exe
5628	powershell.exe
5628	powershell.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe
5004	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5484	NDP481-Web.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 1500	4520	chrome.exe	88
PID 4520 wrote to memory of 1500	4520	chrome.exe	88
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3272	4520	chrome.exe	90
PID 4520 wrote to memory of 3560	4520	chrome.exe	91
PID 4520 wrote to memory of 3560	4520	chrome.exe	91
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92
PID 4520 wrote to memory of 3048	4520	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dosya.co/2wc73yr4es21/ErisimEngeli.zip.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff89845cc40,0x7ff89845cc4c,0x7ff89845cc58
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4804,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3280,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5380,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5484,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5672,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5456,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5392,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5488,i,1705807524457299532,13679505637981327000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4420,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
1⤵
PID:404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2528

C:\Users\Admin\Desktop\ErisimEngeli\NDP481-Web.exe
"C:\Users\Admin\Desktop\ErisimEngeli\NDP481-Web.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5484
- C:\42e94e75842db8354f23c5\Setup.exe
  C:\42e94e75842db8354f23c5\\Setup.exe /x86 /x64 /web
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Users\Admin\Desktop\ErisimEngeli\BTKInternetAgi.exe
"C:\Users\Admin\Desktop\ErisimEngeli\BTKInternetAgi.exe"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2096
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableRealtimeMonitoring $true
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5628

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:5004

C:\Users\Admin\Desktop\ErisimEngeli\BTKInternetAgi.exe
"C:\Users\Admin\Desktop\ErisimEngeli\BTKInternetAgi.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:5136

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2776

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
PID:2948
- C:\Windows\system32\taskkill.exe
  "C:\Windows\system32\taskkill.exe" /F /IM btkinternetagi.exe
  2⤵
  - Kills process with taskkill
  PID:3856

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5044,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:8
1⤵
PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\42e94e75842db8354f23c5\1025\LocalizedData.xml

Filesize
81KB

MD5
075961c7e742c66ee4cd8b614a778141

SHA1
a5541fa0487135aaed1c336bba79e8025ac2804c

SHA256
4198a6ae89b0be8bd07ed3c18dea6ca87239a5a47343b73ff612ce0ab47e08dd

SHA512
c6881fc501805d0cb5aa9b42fc14029404a236166699e3845586e0609c26e4536bdd6ca2181e1139f83d5cb78c35d0fa7d158134f522fb9f4736880e330fc8f6

Download Submit
C:\42e94e75842db8354f23c5\1028\LocalizedData.xml

Filesize
70KB

MD5
8b37256ce099957b91ebe1d51ad8f61c

SHA1
6bf4bcf46781126ffdce92e39ad4d1d912e75ac5

SHA256
7d6777e8c9484229c1b8e3f2e354a88f57539503c2c56f2b0ee47679a6ef9cc0

SHA512
6659dec6fae7a7f733a0c9e44a04f178a6732e1b9b785833c63efd8ed6e25adabb58e37b2ec039dacdb071732f8ee42ceb297cb2ec72b67e8d25eb093d5423a5

Download Submit
C:\42e94e75842db8354f23c5\1029\LocalizedData.xml

Filesize
87KB

MD5
aadf97951359a8267f7990cdd2cc950d

SHA1
61f626b44e252e916c9c70a4222efc9c21d951c6

SHA256
e28d2d89fc269d25272956cee4d7150a30706f58ad305e84e3c1c9fe7ac0ee86

SHA512
2d352cf7d8d167b2a9fd4416582328d894619f2eb213fd334e1b15ef1044735a69ffca36fba02d9d1af6355e9d1a55d38c3b7f5339ecacb8c1dfdc4cc50c5342

Download Submit
C:\42e94e75842db8354f23c5\1030\LocalizedData.xml

Filesize
84KB

MD5
e1f2f586d75650df1a751d86bb659df8

SHA1
283097241e6b1acc8f30ca822585df104c918e51

SHA256
615a6380adcfa3a0e7a5db2df9b98dad650678d8c46b1c7c3f2d2854204f079e

SHA512
b7fb3e366a7e5cbaaf99e8e14731653dd14885cd0b3d5462c091113f12800478ff2e5bd351bd403abaeef3041cdd5a7693825e488f27ec48d087686c95daa774

Download Submit
C:\42e94e75842db8354f23c5\1031\LocalizedData.xml

Filesize
89KB

MD5
74d28384c38283518c6490bfd068ebf1

SHA1
c52d2fd41a59691e18871ec64db10c43f241fb6c

SHA256
01afd814b009538f387812f6940c863a9d0cd7dc4159050f34f82e50ecbc33f8

SHA512
e23ae604eafab0c3a0d8aeb07321c0dd629d21c5ba47d37958f48f1b9f27d89de4db880ec3958ad1e5f2165a69bed18d61f73f71fd743a2d7eaafdc0ef8d1cc0

Download Submit
C:\42e94e75842db8354f23c5\1032\LocalizedData.xml

Filesize
91KB

MD5
233d0d1551b17f2284ad80674569de79

SHA1
67cd31126c6e5547e60d7266e61b6835b80b5916

SHA256
7106a1121056a73fed77aab7c7293dddffe0f5aecd7db969799a121ad5d88181

SHA512
c3375081c704fb05c7335929505ef4589fa728c97bb58738932b7ee05dd6e00c19d8ba14bb0a8dfce0d51ac73fa76bffa0ccc00772b73850eea37d39088a0473

Download Submit
C:\42e94e75842db8354f23c5\1033\LocalizedData.xml

Filesize
84KB

MD5
31bff8efc0cc701092ab7fe606271d65

SHA1
844cc4837ebe3eea9563df6613989b4588d6f19c

SHA256
b3048715a23d9bd77e9b3e1ec8577f94cfc8c2dd30b61dbf326871a97aa6e22c

SHA512
472b881df9128c93f9183ab05d2406146aeef8ce9723c9dcfa6e93d093d90b2db75bb4a3f784d26db187436242409f021fa8b7844aa04bf9cb58f48a6c4822d5

Download Submit
C:\42e94e75842db8354f23c5\1033\SetupResources.dll

Filesize
24KB

MD5
49a9bedc81cd400abbf794f272883a8d

SHA1
dc9aa0fe56bc4f0d5fee333eb28a29bb4750eed1

SHA256
197cb97902aa576a8a4dcbc5b4615a28943b1941d67c6fc163b5b4a034c650d0

SHA512
bd579834eb275cc07d458052317f1851380c5a510869b224c0441f70d2cb468c5cea034649704c9cced28cf2425fa1c67c0f8c22011b81ce98ed243647422415

Download Submit
C:\42e94e75842db8354f23c5\1035\LocalizedData.xml

Filesize
85KB

MD5
c78dddce3189c67c23f60561dcacd4a8

SHA1
e375a6d1f71709ead1ad4139b1c16476019666d2

SHA256
e9353dedb338ce826b3b990851a955da1b04e484a378cac7c3c17a2de26d14a4

SHA512
a58d995936f5c5310e04f7514c177a071f3451638f0a9692593c4d505c5f48caeca1cee9644b092bf32bd70c52bb956f0b87ac748190aea2040adc3afbbab3b0

Download Submit
C:\42e94e75842db8354f23c5\1036\LocalizedData.xml

Filesize
89KB

MD5
d7e814adae1a18958416b7e29ae7078b

SHA1
857fed2c8766102d1a64d91eccb0661f6de750fd

SHA256
c8c847bf9ddf8998520123ff0a638c6e9843c860b68943275b7f0256f324c4ce

SHA512
73ad8b3d24ace1795c93ef807b3e644512fee2a295eea05a93fea07d131746aa99f895a68075efe44c2c4e305da3881c27a342d2fa13dd6d1f258a9cc669491a

Download Submit
C:\42e94e75842db8354f23c5\1037\LocalizedData.xml

Filesize
79KB

MD5
a258bd1060df46dcefe6257d4af638dc

SHA1
9e989db32e94499a717c93e889ebf47787509a42

SHA256
83120845e156ecbd401a9047365647cf8e9b2ec75d9295237da33c53eda365e4

SHA512
6f69aa98e264e3de3669f52e34140bf3a1bc333e3e3c4e06228eb1a78aabde380c8a444d9086a1f1188c49ead7ca73962db488dfb8e4e13c09ebf539ae53d011

Download Submit
C:\42e94e75842db8354f23c5\1038\LocalizedData.xml

Filesize
88KB

MD5
1b59e64e51b3f9b96e8897d5b9b17c37

SHA1
1fdd8951133add26ae062da306133980e31809b0

SHA256
5dfa759937eb0ee393d94485e0ac74546d344f342fc3d42ad33847ebbd5163e4

SHA512
f1cb4670805ccd1327a7ea31b98caccc7c5bc7cb7ea7817a5749b0e176f4bdae36339d25d1037f9cdb19a47bcaac4e53fc49656c365ee7981473264b55f2a996

Download Submit
C:\42e94e75842db8354f23c5\1040\LocalizedData.xml

Filesize
87KB

MD5
3192c0f7f30df881ec199d77b095b93e

SHA1
dca1cfe248a9de56f2d207d5f1979c92e006831c

SHA256
5dceb300d25c68003d61437e3802f97e1d5503e27032989338f7d260c7b0904e

SHA512
42a5f98103e23d7e8d7a34f8ba08d027ac4317d92109565b5f3fa4fd7057104d3a12b88846bee1914451cff59ed1b46e9146592784c09cd724bf004eb65864c3

Download Submit
C:\42e94e75842db8354f23c5\1041\LocalizedData.xml

Filesize
76KB

MD5
4cfdb16e84869a51119e17a545ace7a2

SHA1
5eb358e13291d65ff8805513254b02ff3b83d7c6

SHA256
1c2587f7c0d7e57494061d24638a83c8f9d33a4eb192cfe6bd65c172fb6a76a4

SHA512
381878c16a98aae9ef688bf4735b13d2d42b2c115d76c1677f5c275db3745b35fac35468f11d80284307a6f5ed93265fa2c378a5199284d848fdf984f2a88daf

Download Submit
C:\42e94e75842db8354f23c5\1042\LocalizedData.xml

Filesize
74KB

MD5
401f386416c7c37f92da9ec1688d750b

SHA1
c6565b80ba557827e3e6b96901f27fdcd1b525c6

SHA256
721cf8956fb2fb01df302713351eb9721cfccff096dc429d02b0f2b150855919

SHA512
f4ac60826287262b87bd407c85091d583ac504645faabd6fe8e116ac50e35908341d85850e8888e5928cb8235101e6b7a1074597946d584550e8aea6a7fba591

Download Submit
C:\42e94e75842db8354f23c5\1043\LocalizedData.xml

Filesize
86KB

MD5
18efd16361a280efe263f261a4faa21e

SHA1
6e5bbbc46b2decdb00cd957d02e27bbbf2a4d880

SHA256
88de82f8c0934f23e0eb16224def959ff55da396610bd34149e4fb9aab24fb03

SHA512
b4bdaf600c5a855c040db974744b780c4860474c38ec453c4bfdc5a11c8beff65437d17c5ab0c3c78b5b861d93b0d41f1c3f4d5d435d233ba3719f78c9058446

Download Submit
C:\42e94e75842db8354f23c5\1044\LocalizedData.xml

Filesize
85KB

MD5
a9998c1f395c44bcd41faa0ae60439e4

SHA1
4a267707c7dd8a24eed4c433b3c41b7e1a6a936b

SHA256
8165d0b468d73347a495f525dc81d847bb84b3391c8af1abc95e2b8f4a51d620

SHA512
9f0fb00c34ee788f9e8058915794b822fcb31f1c35a1d47ce5da2b15bae904cab513d55111ae4cccbf4da2587a4c3e045f0cc2e95654c9b5631a3a4a86632bd3

Download Submit
C:\42e94e75842db8354f23c5\1045\LocalizedData.xml

Filesize
88KB

MD5
5eadf11a5b9af3f40b21328474ba3b7e

SHA1
af456b6123f9adf4ea0b926124b926ea3056248e

SHA256
4362c962c7611190999b36e139370245104b66398ebddd56b210810440c43e88

SHA512
e0f0c32c736d23d40508daaa2fb7b7033034154869a4f411aa4ff96c7ff197d97b1d89eb4a6da1dbfeacdd3373c45f22bdda70554521bbce409c051ae4573e42

Download Submit
C:\42e94e75842db8354f23c5\1046\LocalizedData.xml

Filesize
85KB

MD5
361a4c229849b55e4540943b5c04403c

SHA1
46a0751432df223c936393f21a7543a3b314157e

SHA256
c2afb880f0986ca807b1dacbd5a9f2a5b9be4930c29379cdd88a6ebf9b0618c1

SHA512
40ba8c19286f992e5742f342532161062c36504aa3a364cdaee15e2e3ab750012d6502278d064f45b3df13b3063c66a361d688adbcaa6eb7a657c9a50e0e9380

Download Submit
C:\42e94e75842db8354f23c5\1049\LocalizedData.xml

Filesize
87KB

MD5
f65088c4998e6ca3a872fc66bdd2a192

SHA1
c697a3a043a6104befd6f8e1b85e746c3d84e390

SHA256
3b2c633bb0a7342418aef0ce29331643a4cd48a572ddbb90c3d3433d135fd952

SHA512
a5938da7cab6e963c553de1c135ee9c7ec565fc97ed4d433dfff9debb5d31ba3bbf3d1b8a12e814462fd92f4c39680ae71dbd2e3df846f23a1a98921f3981992

Download Submit
C:\42e94e75842db8354f23c5\1053\LocalizedData.xml

Filesize
84KB

MD5
a6f6198758552f453df96c4a8fb84134

SHA1
c40dd5faafe457c6c814695b4885f065f9d2f4bd

SHA256
b28bd460c2df31315297083c5507c233a569e1e89547127191468598b35eb36e

SHA512
9b958a0556d5989f71d1e38848c8b6b54ff6bfe292ad599b81e808f4c193cd41a23885d806539a0c246b811519a73d5fe7b0ce679c53119cfa97f999784fb66b

Download Submit
C:\42e94e75842db8354f23c5\1055\LocalizedData.xml

Filesize
84KB

MD5
c515bca575c7e7e7dba8c1ac2a3031d7

SHA1
3aa307513e55a2ada4866ff8fcb2de4e5184a1ad

SHA256
98b5b75b8a89606dfcb54c622884671211199dffced96c29269010b81b06231a

SHA512
5a8c51f55aa6ae44f0a6932a30f0054e8c012080696d5fc784a3ec89aa63275978440364e6b9663eab5466af459594fd1c5d517c629f312bc9b4943e9e040a29

Download Submit
C:\42e94e75842db8354f23c5\2052\LocalizedData.xml

Filesize
70KB

MD5
83242627ea9f4ea7c346a8830026eeb5

SHA1
75a8f52fa3e03b2f04b168d517117f80212b5672

SHA256
4577902142bb96b849f6b78866a5e81c761109a454470948902a40c73f7b9b7f

SHA512
cd27e3ad4168b7bb61b2336f73cd9f61516b953271aeecafbe22cbcffe18ef45d4a4e2c7513c3986939ffd635f2e7d1868798182ffcb4ae0e7aa207c5bc67bc2

Download Submit
C:\42e94e75842db8354f23c5\2070\LocalizedData.xml

Filesize
87KB

MD5
50b9f5f566fd83ceeb0fd0992739388b

SHA1
c040e31d59580541bbcbd662598e8d3fbf52b51e

SHA256
4aa6b559e8993de92797e0d1c595cec0bf305403dd275a231f8417ba4c09c1a1

SHA512
87736f5db8bbcbe4924667e8f5820dc5329e902632d22480ac4768023215fd0db399f442eb1ba76ab2c5c008e58611f006cae4307605a5340380127fd83f70a4

Download Submit
C:\42e94e75842db8354f23c5\3082\LocalizedData.xml

Filesize
86KB

MD5
14005b857dd90ec8bde8e80c3cb0faea

SHA1
7aa4e6f4c9feb808b2dc95f7541bd10aee02874b

SHA256
9d3fd31e3826b91d68ea34a6961cf288e23251cdf8faf0aad02653a55c53f2e0

SHA512
5ad424144a47fcc47ce5a33225a7cb1017b4278b5e3241da48213e132c4cef549ea3c107e7789f42886bdc0a343f50fcd0fc0b287efaff010bc1186251c5c0ec

Download Submit
C:\42e94e75842db8354f23c5\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\42e94e75842db8354f23c5\ParameterInfo.xml

Filesize
1.0MB

MD5
4a0c5e0d81034c74bedc85b7f4759888

SHA1
d2c13fca6d918c7b4d25c8b9290bac053c551694

SHA256
5b872fc7d87f00634137d4051ee6f4cf481f9f7e0163ae7589a6c40a7c828569

SHA512
913425ea56c02ec136ee6eab4ab6a44e6a61f428ee431df241e2c745377d33835a6ecac69a8d02596f2adbbbf602a8afe578a05a1e3d253aa6e60e5666e1214c

Download Submit
C:\42e94e75842db8354f23c5\Setup.exe

Filesize
118KB

MD5
f7a63e2d4217b71d39e4b18b3dadf632

SHA1
c3446cd1a50f6374c3ad3446607864bee97426d9

SHA256
43290269962f9edb13d042d54973a76570f6e4b6a4af33e7362f8284b9083720

SHA512
1703b6c1b1f96febdee8663fa9e8e11939715781810f5feccc6f11b0298fed4f83f6decd975ed1c05dd0e976a12b0738040d0c09db46389a2720462a6624c942

Download Submit
C:\42e94e75842db8354f23c5\SetupEngine.dll

Filesize
899KB

MD5
9964ce1f4874a686910dbc1aeec1a326

SHA1
0b434c566f6722c765245a1228b7600fd10ba1c9

SHA256
3a45fbe9c5e03f67b49808c068eb2ce831e4eebdd1b38e520e4be5a5537a72e4

SHA512
8d123ab8e6b767a80d122b021a77460373e2b0841c92375ba1f56830529a2610bbf3749ce95aa64b67f45591378246409f035518feced582c7ebe1b6609dba99

Download Submit
C:\42e94e75842db8354f23c5\SetupUi.dll

Filesize
341KB

MD5
b90a60068318cefa24e3344c4ef71649

SHA1
e61893f999442bbf6c0b1fa4c154fddb3be721f1

SHA256
1f757ea33835920a08fd9558f973761f70bc63a8c01fda4db1170e19ebf0c73d

SHA512
372d17ddc5ecc1190a81be67d1e9a256e9d52d1225a0de064dcebc3b7da983412a3ec1c5cb4f3f1abfe5a1fb3cc69157abbdf05e1c6bbea368d0a357afbd611b

Download Submit
C:\42e94e75842db8354f23c5\SetupUi.xsd

Filesize
31KB

MD5
a9f6a028e93f3f6822eb900ec3fda7ad

SHA1
8ff2e8f36d690a687233dbd2e72d98e16e7ef249

SHA256
aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848

SHA512
1c51392c334aea17a25b20390cd4e7e99aa6373e2c2b97e7304cf7ec1a16679051a41e124c7bc890b02b890d4044b576b666ef50d06671f7636e4701970e8ddc

Download Submit
C:\42e94e75842db8354f23c5\SplashScreen.bmp

Filesize
117KB

MD5
bc32088bfaa1c76ba4b56639a2dec592

SHA1
84b47aa37bda0f4cd196bd5f4bd6926a594c5f82

SHA256
b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7

SHA512
4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

Download Submit
C:\42e94e75842db8354f23c5\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
C:\42e94e75842db8354f23c5\UiInfo.xml

Filesize
63KB

MD5
c99059acb88a8b651d7ab25e4047a52d

SHA1
45114125699fa472d54bc4c45c881667c117e5d4

SHA256
b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d

SHA512
b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

Download Submit
C:\42e94e75842db8354f23c5\graphics\print.ico

Filesize
123KB

MD5
d39bad9dda7b91613cb29b6bd55f0901

SHA1
6d079df41e31fbc836922c19c5be1a7fc38ac54e

SHA256
d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6

SHA512
fad8cb2b9007a7240421fbc5d621c3092d742417c60e8bb248e2baa698dcade7ca54b24452936c99232436d92876e9184eaf79d748c96aa1fe8b29b0e384eb82

Download Submit
C:\42e94e75842db8354f23c5\graphics\save.ico

Filesize
123KB

MD5
c66bbe8f84496ef85f7af6bed5212cec

SHA1
1e4eab9cc728916a8b1c508f5ac8ae38bb4e7bf1

SHA256
1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd

SHA512
5dabf65ec026d8884e1d80dcdacb848c1043ef62c9ebd919136794b23be0deb3f7f1acdff5a4b25a53424772b32bd6f91ba1bd8c5cf686c41477dd65cb478187

Download Submit
C:\42e94e75842db8354f23c5\graphics\setup.ico

Filesize
123KB

MD5
6125f32aa97772afdff2649bd403419b

SHA1
d84da82373b599aed496e0d18901e3affb6cfaca

SHA256
a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5

SHA512
c4bdcd72fa4f2571c505fdb0adc69f7911012b6bdeb422dca64f79f7cc1286142e51b8d03b410735cd2bd7bc7c044c231a3a31775c8e971270beb4763247850f

Download Submit
C:\42e94e75842db8354f23c5\graphics\stop.ico

Filesize
185KB

MD5
7d1bccce4f2ee7c824c6304c4a2f9736

SHA1
2c21bf8281ac211759b1d48c6b1217dd6ddfb870

SHA256
bfb0332df9fa20dea30f0db53ceaa389df2722fd1acf37f40af954237717532d

SHA512
16f9bf72b2ddc2178a6f1b439dedabe36a82c9293e0e64cfaccbf5297786d33025a5e15aa3c4dc00b878b53fe032f0b7ed3dee476d288195fb3f929037bdcdbe

Download Submit
C:\42e94e75842db8354f23c5\sqmapi.dll

Filesize
221KB

MD5
6404765deb80c2d8986f60dce505915b

SHA1
e40e18837c7d3e5f379c4faef19733d81367e98f

SHA256
b236253e9ecb1e377643ae5f91c0a429b91c9b30cca1751a7bc4403ea6d94120

SHA512
a5ff302f38020b31525111206d2f5db2d6a9828c70ef0b485f660f122a30ce7028b5a160dd5f5fbcccb5b59698c8df7f2e15fdf19619c82f4dec8d901b7548ba

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c2a73ad6ce9bbaa7433a4d38fa0a1aa5

SHA1
a38c57f95096c59ce0106fa5c983ee2ef8aef9fc

SHA256
c9480e1bc2c4cf37d51e948bfb0d0aebd1b36bbdf6ce38860b518d6927cddef1

SHA512
5b71d701bcb84e9eb9cf3f996d91c353b616100b8e2c28035233630a77aec495624bf0561b081acc883ee808c79a46a7a326fc4d2703aa4fbe2b0d23e208edfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
2.4MB

MD5
9941b21868922cc214ae69b1dbc7452c

SHA1
9a4e7d8d0ced13948423aca12e9cd772d2c62bd4

SHA256
79adb6b9405c73db160ea4be1b036c32197b1890bdcf0b32b082a703efeabf18

SHA512
9e3c74a4a6a293bb7cb9066ebbcdb2b9bc9862b8928b9e73c29109db56e0d8d62b60589089f0b037b3e0744995c5f71c01c9583b078e517c24138f4ff973f665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7c7adc7e89f6b4c434d394e352fdc319

SHA1
3e9cd9cdcecc120a88f4f569813ed5aa5a282e89

SHA256
e7b7d3760bcd7d09ab1862bd249f8af356dc58c4d4a03c68c070101c833f951c

SHA512
38b0ce1cb075c73ba7ac85acff03f566ab61d66f5d4e471cb59bd633ddf814d0857323855243101cb177ae41dc4636476bc44a2ad87fa9bccb43730e4c5aa2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
723dda99fb76227379774a5d72c5a8ee

SHA1
64b03d23945a61f16ba7c61227e41dee89a0d00f

SHA256
e8b2305d1e27237bb79ad5cf93ea2ef9ad574530617546ca6123e693b7feddd8

SHA512
9a15c34993c5dcaf001b56a27f86d40704c1b1e0b90fe403773492425746c3cc3404535bf67d8f01e00a7d26e091fefe332c93d01a0f9decf4d7923302dc0d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
66a0682184c81062e0b3c5e339d80db7

SHA1
72c15ca73d69b6630bb96c1d1c2cff5fc7bcb8c0

SHA256
e6228d36c34e8f9ffb19c2965b67dfae60046fe063cdbd377679736e0d4cfadb

SHA512
c3bddc9b48c5d8af6b1566e678fe7a0cd31f0ff6310c259a868dd4e0440b97fec4888a559c017b2b481b694b8a2d0f6307c4b19bc4f8616ba0bfecf9f77251d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d0e505ac6e981c631ce7a42bd82bf85e

SHA1
fa08ae5b827481cb538fb645e3a772c8ddb33c9e

SHA256
3186024a0780a5b05742b36616e988ebf375e3ec34d7543ca5ecc21f6e1d33e9

SHA512
1b82d5bdd88c988c83e4aa67ce362deab420808e2257bc55e4ae02e3a54fd31cad5ec381a0d328b8355c9ba9a69fe53924e15458353f6c33154589a9703d0c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
803f262f5528cf7305a27bd6e5f03922

SHA1
a6c5fe2da94cb98f0b7485440433b7fb4d4411ef

SHA256
70f8099cc3b643ec1c6e7fd6448b48ef40ead927ec8896c2c0c67cb422b666d3

SHA512
90dc6220aa7e68263c1b105b9ba73d335fa91b35ceff2557e3b03e2be75221534841091c9aa6725963a4214cf79bc1054d91a9948738854825462b6916cb9c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe7a0a1cf7f26f59b27b4a1b67a67451

SHA1
66fbfaa2a890eaa3e4295acdda49cbad153dcddc

SHA256
67bb447d6db0b9ab401fd5855ad15dd56bce8ade1c9cfab8bfcade79db42caaf

SHA512
48616e94de2c9ff14b14eda014a6fb9f7b6043ee19c551017268fcbd1243014de4bdf396daba1ea71500824aa2c34d1fcc19aa7b0d83892330e896cea840a002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cca1b9bda3d9fdbe913ec21ec6ed912e

SHA1
d318fd65f10de07e9e322e9764e793e66a4baf26

SHA256
30f88c3e4a3b89dd0cf0adca0339fad130d34581a2cb81d4cbbdbb963ec7e9e6

SHA512
b5af79e4caa0f0e9973f46cee8bd4e31a28d1978e1643a98f05635b11ae3ce607813bc93289f4200e0b269ae1a95dcdb7c3a23ba961bab1d6c6ed418c527d668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
124d781aad80130a2f807e6306717fb1

SHA1
270ef1253c46b53e8d12d56aeb0d298168df5d36

SHA256
7f60e8493ded0be629ea24d2b7f7ca64e7588af35cce33bbceb1941f151e685d

SHA512
9d6746a32c9f04431dfddb860febd2480859996643cf4806783517540bcbfd196a030b7f27f6efebff7d030d153c3914abd5f4608e703df56f1d1925bdf9f8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
756dcb36b773478f1d5365853c3004b6

SHA1
b7da85ab9446a747ef2434b89be9a5a9b92e6604

SHA256
3fb62338938e21739271acf31929cfc6293344fff1851da76c974e2dd1156117

SHA512
00178eb0bf29547a43bc764d325c88645bb95462642692d8bc1773efb3645ab99c4a1469a4c20be112b118c5f456880d3ae106855ed9a58d34d79ba89f012d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94345072b1f1249103c3f1af72bef8a7

SHA1
047245b9de8f306e05da6db76201b2b8ca8f51d2

SHA256
c4bac08af860ffddcb9e0c03f77239d7383c215027c4a625e20492511843a919

SHA512
4bb7f76697f58755c3df93263a5d3eb409f154a115c3a560c3b66e85a0dc37f2d9430a8693145a9680f1c973bb00daecffbdbaee4bf82b89f0fab0a1e4a2465a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19034607f33acd6fc28d6703ad38e5cf

SHA1
f335678327bf5723ee3e12b233fb30652659fb10

SHA256
43b4c662bccf1b64ad1e4fdc0080c29d81e9bc99de3c2795b07900962a4b602e

SHA512
c807329fa588aabb71228cbe10fcdf4d246de8a542b0377585f005d31d5bfd94b8c037b6b5b123388b5ec7339029e22d3913ee0a7cd3fd19836974df0a0be4b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f49a99e9e68c11b1b4849e07e802316d

SHA1
36cdfcbd78dec07d5c32aeb23ad29792ce4d9e52

SHA256
46338ccae318b3d41f26189a9649386dcc08ec48d7dd2020ae7fcd74d5fe349d

SHA512
749c86d7d5450b78a340e06483d9f89ff79315a265fdea9a3f606d78480119fa4e71e74077a6b9e5a2c8c9d0e882ab334ace309dd43b534b8865440dae175d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84bce816ee98c52e558bc0be742101da

SHA1
be097cb55bf3511027741899d93eb68548dbc50a

SHA256
00c188f4930d4d03ead188da0ec6ba903e35813b607e6bac1fa0f34aa2515647

SHA512
42279005ceef09b694f930720764c50c80c18f9d2f8ea9b8f010795a403d532450dc00e5a7f99a32c2ef84d2d036b693171ecb97501afcadfd91ae01a21cea9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4954099a09187bf3ddca2770f7955eee

SHA1
e5dd31d5570523f15680352605bc06f6d7d03bfd

SHA256
2c90d8e3b051dd4b6a2e7d232f55085c6d0ca19f0648beb89cf797e5c8a58733

SHA512
5309e62982590505412694c0d0c0ad3a1fe010f9832c0b042b97be7dabca290a6b7f2ae33516285d9987be6976d1dd4aff40c506d5863afb662f46f6a596fb2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
da30107bb559d03080204a795f252739

SHA1
9c7f45c785a29ba77535bc9ca6da47bfef3ce35f

SHA256
7e1e845c43d46d29b04c95243b6d819a5476872982e2b42b50a0d76b9aba3005

SHA512
f71b3e23c50ff8ef871fd45713e378e340078bdf397a84b98328a5b720ac60ccaf1c36d2f1a1e71cde3f639a624b36d34f4172ef01aaaf80e57c5365962702d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c41f3c5e692204630b02bdf97f90c198

SHA1
16837a8e03869604c1e5eae48b812b429b01e5eb

SHA256
b9127a58043210666d153f6e63b01ea9d9ae4bdb3125799c2576682ff1a67237

SHA512
a4ea47f699e9a36df570144d8bd7c8e2052995aa610149e7d8013369ab3d11001599ec2a75144e9615ea894998cc5abb3e18c1209b8a0cdc7f0fbead0253e31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f13305cdb0784b7ce840536788ad6576

SHA1
aa1c32b656758e14b98569848f0ddf4e904dc2e2

SHA256
9791ae66df091380bfdef771cc848d5a49af3217c67d79e47f02af3860593827

SHA512
619307f195f2926e28ee4988bb83a25ba7a858717a7b0b43469deb976716becd2bb438202fda7eb782b45ed0b099dd0a6cc35bab3566fac8912fcfd0bcbde3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e77ce721f493275e18cb7bb9b8d38030

SHA1
e6cc5585f6e0e83c16e71962ad3a1648d5c05060

SHA256
23d9447219f18ac43d2030910e788a8e69b738efb52ae0f5324487ea18df90db

SHA512
5e56d1bdbb00958d0088062a7ec3b5bd6dc107ab13158c587a6f28da8a868ebe285908e02c6568a9d90791be3413bd5dc78d16ab4411efbb10119549c87208c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
325bad9ee2387093822677f74ca620e7

SHA1
40f3e8ccfac42320f74f7ba5e202937d22932ca6

SHA256
16e824fe0d1a9d1db57c61ba96eceb609006cb60f14d434b40062ac66ba42ad7

SHA512
f3ff962c5a7c915ed749c6d31ba3e6193b978fd3e6047d6e70ec9f43293b196ec112be0c574cd7a42f6db965a80ffeecd3a2bf7061cb68cef861093c635e1e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
302e7f5cc4e2c83d80d735bbfee27e7d

SHA1
a86641a0e920cc94b6fa53f62a1bf23c47f65631

SHA256
1f052a82e0df9dc4d4f737a3cf4e8f9c4311ed63268c8f5f90b887b86aa6ae9b

SHA512
416ebd60205b2a02ebbcdfca5b30c5da70b3c883d0ad79d35ac78e4abc2b18602e1f9333fd82e45834a693b275200d47baba9e6e8ece9ab3bfecf412a0473289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a46402654c79a2d1bb9c61951ecf5e49

SHA1
ccb9e1b698fd6eae3e732b7370da1a04bd81cccf

SHA256
9ed61d76db2bb2ff1c15d140d5bf3d9889f96ba2f620b5858c53ede80ba310c8

SHA512
c54df5eec42fc70b95ae29492eed9b85e02a8c0e92ab2ff8d58140aab76b130fe5f6ba7d5c197db88bcdc6bf914ebca02009f54ecdfe2bfd62808ca6a6ac2e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8854be98d14c964f277d8737fd30fb3e

SHA1
a356a8c9e1df1a97206de5b45accc008758dc852

SHA256
f41fca193b67d1addb6ae06f21f6f74f518a1d916cb31ea51ce8041cff66cbde

SHA512
d1c76af85c2fbd30fa70a8f5556789dd252692dde6d47d23c485ba929e88ed2371d0506c29ebc2bf0f8d305ac2b42a61fd62bcf21d4e0b8a2608f45442bfd62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e4a277004b2f4bff33b34ff15e7bc34d

SHA1
b2da75f1b69ac6ad143242251f171716e2552fb0

SHA256
3a4644037ea4a31d70394ebac1389de926661bc1510b175f7ca98f65b162240a

SHA512
442c73f53fd247b6f9c8e8b1c5a0e38591776d065571c74791e16b46d0f4d754d29aa7dc7c0187e15b3bd0fa91e598d2d479fa373c0ab3d33b3ef2b3b885157e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
73043304e7c7c34f1ca67e6ee9163d70

SHA1
643c1eacc286e4cc20e135cc6ffb2a702f64ffe7

SHA256
f24d833083f8f13d28d72841754f4c3a9c3c10d5d3cd8e3aafab3aa8087e71cf

SHA512
176f7b015cbc4f128db6fc061038f93f802236bdb936ae9339026cee16edd1201d90ce0fbcbffd0bb96fb628da462a803e36ecd4c81cc15512f2fc83966d3cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
185286d45c809d6dc512adbc11164c21

SHA1
8256a2f173c2319743340fa4b459fc14f46fceba

SHA256
f04cd862e5725b8d1ef6677dd726c86af4ade2b2bdc0a974af4094e8d30cdb84

SHA512
f5821c2b063d93fca6e440c0b8445f937d02b6fe9c3b85d2771f3d030e3099111a486c89d234d87df892a02eb235c3f83b636929c012e4627bc5136b0cefbb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
bf3ef15893be35e9408e54846fa636ec

SHA1
2ce3c4a212f5623c76e9a8ab18087cae4b346138

SHA256
e9fecd8369ba787bd0769d8acad4591f7366a5d2cefadb42acc532ca86ffa3b4

SHA512
0262cc19b3bb790561d4211b7d13bda7f9c8f4d3ddd39f1edff17b44dc8d6046a902a0bfce1df9cade4a79f4923e917907028cf91224c74dc63de2dfed010cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a35463a4784b01ff526563206facdbb4

SHA1
b78ab38beb7c0832c193fa4a2ca56f27ce317c24

SHA256
f7ef08ccbd06e94f1010c1f6f248569e1d682074c2a2f42d9e745985fff20533

SHA512
91a0bfbf7f0ac1bdbdf4f18711e35ed1551c346060ade8ec769523fb90e4a1362df2a97f045bfef155465209e306cee18251ffd2cd0f401a80fb602f34521f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
73f390d200e54d9935cf060b9f405074

SHA1
d35013cb949aa0f69cad816e1d563424f6a3c01d

SHA256
50f1f877beb91d4d1cb73363f1123c93d82649a25847c4bc909a7eb7ade8dd6e

SHA512
4e4e824dfb5258d411de5636e944b3eaa96fcf1e48bb8a9019ce865d27e59a77af73674f70dc5127500b38033ddaa337a5299ad8e9d3fa615497cf2d894e049f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
850150977f0eb63b409c3ab9916b8d5b

SHA1
611eda7b2ba816f7c38887c1b9e3d974b522bbb8

SHA256
22c5eed9b75c9a827c9da5bcdb03b52940d35105e93413ddf6e11dc66bf36348

SHA512
03ab42213eae5b682ca06e9f11c3513264c40b40fca34313b103c6510e25bf49db3e073f8e3cdde16802479d08d4dfad12cf7ba2cec1e8918b86f206018efd03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e0c4b5011ce813271f8135d1df652315

SHA1
cae43ede19eefb7aba62b40b79e7105db820bc5e

SHA256
618df097d10b7f5b9152f3e3f8499dd3ea985644f125a764b4cf6a9e623bcc85

SHA512
0cd6bb8899f5c028a67b12945e2d00f066a3f04c26a983ce7b5d9bbeed3c64a23d14dde3cffaf134a33479c840667466f16fddb17d9c565ee5757377d002ff6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI6BAD.tmp.html

Filesize
16KB

MD5
d9668436c132b8e9530443c97c1e7a23

SHA1
31c326e842fabe8a55905c076b9c95747aa8b6e8

SHA256
f81b57b00cf260c1123f1ba7054dd9d3351f8242edfc13dc5698df53c4fdde91

SHA512
abb6dffe863d413615e5deee213317cb2ab827c46db1dcf645f909af5001d951bd79f6083e0dbbb2b4d7ed4f76da64b066f174b98f9c7f48faf03e237a04b7ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nd3cqfiu.5j1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\btk.lnk

Filesize
1KB

MD5
f0ebae5cdd7c7758d5ff2e6dff24389b

SHA1
38beab440e23bd04e09aaf77ba489f11361b29a7

SHA256
44cacc2395593a20422e3e8cf9dba5ffff3ccc40bc038a264bd3687602724e76

SHA512
357215f6117349b3b5f8f0753aed66457cc22f308804aae1acdf8f7efee1456836bf5f47bd29467ff06844575429bb9999f18ca07e6f07856a4d8f1d3db8f706

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
12fe98c77aa9f893b9ae5321223e1f77

SHA1
67d31491b5da7af90a93691ed3aabb3226c0ab2c

SHA256
c8b89e040a39bca2d9d3d044770a4e0f2a8fd181c5737562b4e46aec32b42812

SHA512
c7fd31001fd9fe705a48d73676312542fed94749b368b3be956b04edf253125ad929e677da6ddb3f1f4a8c6842f39ace66c9c602c34414085f38c7aa5a0f9800

Download Submit
memory/1860-1021-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1019-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1012-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1014-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1013-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1024-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1023-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1022-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/1860-1020-0x000001F538780000-0x000001F538781000-memory.dmp

Filesize
4KB

Download
memory/2096-922-0x0000000005F10000-0x0000000006122000-memory.dmp

Filesize
2.1MB

Download
memory/2096-921-0x00000000050D0000-0x00000000050DA000-memory.dmp

Filesize
40KB

Download
memory/2096-918-0x0000000000620000-0x00000000006EE000-memory.dmp

Filesize
824KB

Download
memory/2096-924-0x000000000A700000-0x000000000A776000-memory.dmp

Filesize
472KB

Download
memory/2096-919-0x0000000005740000-0x0000000005CE4000-memory.dmp

Filesize
5.6MB

Download
memory/2096-920-0x00000000050E0000-0x0000000005172000-memory.dmp

Filesize
584KB

Download
memory/2096-939-0x000000000A800000-0x000000000A81E000-memory.dmp

Filesize
120KB

Download
memory/2948-1004-0x000001B675380000-0x000001B6753A2000-memory.dmp

Filesize
136KB

Download
memory/2948-1008-0x000001B675880000-0x000001B6758C4000-memory.dmp

Filesize
272KB

Download
memory/2948-1009-0x000001B675950000-0x000001B6759C6000-memory.dmp

Filesize
472KB

Download
memory/5004-935-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-934-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-933-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-936-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-937-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-925-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-926-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-932-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-927-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5004-931-0x0000027FF36A0000-0x0000027FF36A1000-memory.dmp

Filesize
4KB

Download
memory/5628-945-0x0000000004D70000-0x0000000005398000-memory.dmp

Filesize
6.2MB

Download
memory/5628-980-0x0000000006FD0000-0x0000000006FE4000-memory.dmp

Filesize
80KB

Download
memory/5628-981-0x00000000070D0000-0x00000000070EA000-memory.dmp

Filesize
104KB

Download
memory/5628-982-0x00000000070B0000-0x00000000070B8000-memory.dmp

Filesize
32KB

Download
memory/5628-979-0x0000000006FC0000-0x0000000006FCE000-memory.dmp

Filesize
56KB

Download
memory/5628-978-0x0000000006F90000-0x0000000006FA1000-memory.dmp

Filesize
68KB

Download
memory/5628-977-0x0000000007010000-0x00000000070A6000-memory.dmp

Filesize
600KB

Download
memory/5628-976-0x0000000006E00000-0x0000000006E0A000-memory.dmp

Filesize
40KB

Download
memory/5628-975-0x0000000006D90000-0x0000000006DAA000-memory.dmp

Filesize
104KB

Download
memory/5628-974-0x00000000073E0000-0x0000000007A5A000-memory.dmp

Filesize
6.5MB

Download
memory/5628-973-0x0000000006C80000-0x0000000006D23000-memory.dmp

Filesize
652KB

Download
memory/5628-972-0x0000000006030000-0x000000000604E000-memory.dmp

Filesize
120KB

Download
memory/5628-962-0x000000006E6A0000-0x000000006E6EC000-memory.dmp

Filesize
304KB

Download
memory/5628-961-0x0000000006C40000-0x0000000006C72000-memory.dmp

Filesize
200KB

Download
memory/5628-960-0x0000000005AB0000-0x0000000005AFC000-memory.dmp

Filesize
304KB

Download
memory/5628-959-0x0000000005A70000-0x0000000005A8E000-memory.dmp

Filesize
120KB

Download
memory/5628-958-0x00000000054C0000-0x0000000005814000-memory.dmp

Filesize
3.3MB

Download
memory/5628-947-0x0000000004CC0000-0x0000000004D26000-memory.dmp

Filesize
408KB

Download
memory/5628-948-0x0000000005450000-0x00000000054B6000-memory.dmp

Filesize
408KB

Download
memory/5628-946-0x0000000004BF0000-0x0000000004C12000-memory.dmp

Filesize
136KB

Download
memory/5628-944-0x0000000004700000-0x0000000004736000-memory.dmp

Filesize
216KB

Download