hxxps://www[.]f-secure[.]com/v-descs/trojan-downloader[.]shtml

Analysis

max time kernel
377s
max time network
379s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/10/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.f-secure.com/v-descs/trojan-downloader.shtml

Score

8^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Bloxstrap-v2.5.4.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 18 IoCs

pid	Process
5848	Roblox Fast Flags Hack_84277591.exe
5208	opera.exe
5348	setup.exe
692	setup.exe
1248	setup.exe
2132	setup.exe
3120	setup.exe
5796	Assistant_114.0.5282.21_Setup.exe_sfx.exe
6008	assistant_installer.exe
6076	assistant_installer.exe
5180	ContentI3.exe
5724	7z2408-x64.exe
5732	7z2408-x64.exe
1008	7z2408-x64.exe
4496	7zFM.exe
5392	FFLags Hack.exe
5312	Bloxstrap-v2.5.4.exe
6508	FFLags Hack.exe

Loads dropped DLL 44 IoCs

pid	Process
5348	setup.exe
692	setup.exe
1248	setup.exe
2132	setup.exe
3120	setup.exe
6008	assistant_installer.exe
6008	assistant_installer.exe
6076	assistant_installer.exe
6076	assistant_installer.exe
3324	Process not Found
3324	Process not Found
4496	7zFM.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
5392	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe
6508	FFLags Hack.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	opera.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Roblox Fast Flags Hack_84277591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ContentI3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733162586738747"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{AAEAD61B-FD8C-4E91-9321-520928ED4060} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ae31300e9b1ddb01	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 187e5d0e9b1ddb01	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Opera GXStable	Roblox Fast Flags Hack_84277591.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5524	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
168	chrome.exe
168	chrome.exe
876	chrome.exe
876	chrome.exe
6888	taskmgr.exe
6888	taskmgr.exe
6888	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4496	7zFM.exe
168	chrome.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
3536	MicrosoftEdgeCP.exe
3536	MicrosoftEdgeCP.exe
3536	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe
Token: SeShutdownPrivilege	168	chrome.exe
Token: SeCreatePagefilePrivilege	168	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe
168	chrome.exe

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5208	opera.exe
5348	setup.exe
692	setup.exe
1248	setup.exe
2132	setup.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
3120	setup.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5848	Roblox Fast Flags Hack_84277591.exe
5796	Assistant_114.0.5282.21_Setup.exe_sfx.exe
6008	assistant_installer.exe
6076	assistant_installer.exe
5180	ContentI3.exe
5724	7z2408-x64.exe
5732	7z2408-x64.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
556	OpenWith.exe
5588	AcroRd32.exe
5588	AcroRd32.exe
5588	AcroRd32.exe
5588	AcroRd32.exe
1008	7z2408-x64.exe
4668	MicrosoftEdge.exe
3536	MicrosoftEdgeCP.exe
232	MicrosoftEdgeCP.exe
3536	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 168 wrote to memory of 4472	168	chrome.exe	74
PID 168 wrote to memory of 4472	168	chrome.exe	74
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 2112	168	chrome.exe	76
PID 168 wrote to memory of 1932	168	chrome.exe	77
PID 168 wrote to memory of 1932	168	chrome.exe	77
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78
PID 168 wrote to memory of 2572	168	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.f-secure.com/v-descs/trojan-downloader.shtml
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaffc09758,0x7ffaffc09768,0x7ffaffc09778
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=168 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4376 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5056 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1780 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3036 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5196 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3044 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5360 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3024 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5844 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5740 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3024 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5564 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5884 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2880 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5216 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4796 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6472 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5264 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6768 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5164 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6784 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6816 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6928 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5608 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6008 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6940 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7012 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5284 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3008 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5536 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7968 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7988 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8188 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8156 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5736
- C:\Users\Admin\Downloads\Roblox Fast Flags Hack_84277591.exe
  "C:\Users\Admin\Downloads\Roblox Fast Flags Hack_84277591.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5848
- - C:\Users\Admin\AppData\Local\opera.exe
    C:\Users\Admin\AppData\Local\opera.exe --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe --silent --allusers=0 --server-tracking-blob=MjA3ZWI1ZDM0MmQxODNlMjZiNTAwMTJkZTlmOGJmNTRlNWI1YjE0NDAwZTZjMzkwZDI5NmEyMjZiNzRlNDRmYTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUluc3RhbGx1bmlvbiZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1NaXlQbyIsInRpbWVzdGFtcCI6IjE3Mjg4NDI4MDQuODE3OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6Ik1peVBvIiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJJbnN0YWxsdW5pb24ifSwidXVpZCI6ImVmY2Y2ZmEzLTU0ZDMtNGE1OC1iMTI5LWJkZDQzYWJhMWM1NiJ9
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious use of SetWindowsHookEx
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.94 --initial-client-data=0x304,0x308,0x30c,0x2e0,0x310,0x71831a74,0x71831a80,0x71831a8c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5348 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241013180647" --session-guid=27d5c234-cb0d-495b-a6d9-13d4e0e4a2c6 --server-tracking-blob="YTA5ZmU4ZjdhZGJlMmQ5Mjc4MmM0N2JhMzhmMDgyMTRkMzE3OTBlNDRmMjcxODQ5Y2VkZjMyMmU0YjE4YmEwMjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUluc3RhbGx1bmlvbiZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1NaXlQbyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyODg0MjgwNC44MTc4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiTWl5UG8iLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ikluc3RhbGx1bmlvbiJ9LCJ1dWlkIjoiZWZjZjZmYTMtNTRkMy00YTU4LWIxMjktYmRkNDNhYmExYzU2In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC04000000000000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.94 --initial-client-data=0x2f8,0x2fc,0x300,0x2d4,0x310,0x70b31a74,0x70b31a80,0x70b31a8c
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x5917a0,0x5917ac,0x5917b8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:6076
- - C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
    "C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5180
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5144 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7176 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7956 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8164 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7960 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7428 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7312 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=1692 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5532 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7112 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4296 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4548 --field-trial-handle=1592,i,15933486323316091886,12659798209545904585,131072 /prefetch:1
  2⤵
  PID:6780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:556
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\FFlags_Hack.7z"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5568
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=37739E2A363A4A7B51912E9C16B64E9C --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5616
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=892B5D84E534190C290491C7218F0D04 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=892B5D84E534190C290491C7218F0D04 --renderer-client-id=2 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:3536

C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\FFlags_Hack.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:4496

C:\Users\Admin\Desktop\FFlags Hack\FFLags Hack.exe
"C:\Users\Admin\Desktop\FFlags Hack\FFLags Hack.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5392

C:\Users\Admin\Desktop\FFlags Hack\Bloxstrap-v2.5.4.exe
"C:\Users\Admin\Desktop\FFlags Hack\Bloxstrap-v2.5.4.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5312

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4668

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5840

C:\Users\Admin\Desktop\FFlags Hack\FFLags Hack.exe
"C:\Users\Admin\Desktop\FFlags Hack\FFLags Hack.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6508

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:6888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
117KB

MD5
99b88f4d6d13713053db06b449ed6a9f

SHA1
f718e09a42e9ec49db060589d24135ca6929e8e0

SHA256
f830ddc5280d00e1cb160f9e5dd114292d5efef66c23c3c03c224894250bac2f

SHA512
9f1cb9ad8023b340c82e987bab33cddd817e3ece892aca7350650343396d4dc5d00cfd99c0718a862280c81d7d525c5e870390e1cdfdb4987b6663b1394cf1fc

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7-zip32.dll

Filesize
65KB

MD5
82e994d93bd2eed9ec406e81c27542b7

SHA1
f7b4a033baa1cdb812d8d606535bc04aca264beb

SHA256
96313194a8ace0d6fbe037dde8c85d1430a5fb1d8cc62e68bdf41fe2e838f440

SHA512
993f86492114029186656cee385b9639efde6f3c3d6ad853413a7f187f65c938a44665aee98f01e206388ff1f68979f16cf0edebc298cb34bbb183ad048741b4

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
549KB

MD5
0b24892597dcb0257cdb78b5ed165218

SHA1
5fe5d446406ff1e34d2fe3ee347769941636e323

SHA256
707f415d7d581edd9bce99a0429ad4629d3be0316c329e8b9ebd576f7ab50b71

SHA512
24ea9e0f10a283e67850070976c81ae4b2d4d9bb92c6eb41b2557ad3ae02990287531a619cf57cd257011c6770d4c25dd19c3c0e46447eb4d0984d50d869e56f

Download Submit
C:\Program Files\7-Zip\7z.sfx

Filesize
210KB

MD5
2da1e169833d1ac3697ded688d0c5a11

SHA1
59937a1f6c4c2b67870a9d5eff222fef230994cc

SHA256
6b57604755bd4410a4f1adbce90498e205f4255c5786d5c4ddb34327c161b125

SHA512
9324e6428cc92ef928ccc730eda904559c1e6dfecfb79e5e6961b4f129e9ea3accad96e725cb9edad05ed82467c5c72cba7f284d295de19854b711c89f6ad94f

Download Submit
C:\Program Files\7-Zip\7zCon.sfx

Filesize
189KB

MD5
dd69f1774b4a3feef30e5923f846fba7

SHA1
9c31dc7109a1051faa0253e0b666faa0ebbfa66f

SHA256
062c989ac695cfafdb4c83a8517b2f6716e1a8a1255360f01a49216c4a21884b

SHA512
6afa3746630ca882bce8410e76cd3e3e0acc5662d48be6c8d54577a0a3d836446b041b1293567dbb357389967c9fa3a02bdf2be0dbb0142fbfa74d1be565cdcc

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
692KB

MD5
4159ff3f09b72e504e25a5f3c7ed3a5b

SHA1
b79ab2c83803e1d6da1dcd902f41e45d6cd26346

SHA256
0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101

SHA512
48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
6KB

MD5
86d07103fb8d487d17d33974c0bdc0c2

SHA1
d0318dd9296b5fd92a190329faf5f16f9cc131c3

SHA256
ee3d0eb585da90d0bb36a2f3d2a7fb5fdce5336141ea8f779d7450d8a4b16c42

SHA512
367edb4e86c904d73078ad0cab8c627ab123bde3d647aa21ed695bd54146f7669791e9f38dee27070bc9608332cb0fb6d85798e22e05c505624cb7b6d4ace3af

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
df216fae5b13d3c3afe87e405fd34b97

SHA1
787ccb4e18fc2f12a6528adbb7d428397fc4678a

SHA256
9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34

SHA512
a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
f16218139e027338a16c3199091d0600

SHA1
da48140a4c033eea217e97118f595394195a15d5

SHA256
3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb

SHA512
b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
5747381dc970306051432b18fb2236f2

SHA1
20c65850073308e498b63e5937af68b2e21c66f3

SHA256
85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72

SHA512
3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
1cf6411ff9154a34afb512901ba3ee02

SHA1
958f7ff322475f16ca44728349934bc2f7309423

SHA256
f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f

SHA512
b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
10KB

MD5
9cd3a23ca6f66f570607f63be6aa0001

SHA1
912837c29c0e07470e257c21775b7513e9af4475

SHA256
1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615

SHA512
c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
10KB

MD5
387ff78cf5f524fc44640f3025746145

SHA1
8480e549d00003de262b54bc342af66049c43d3b

SHA256
8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f

SHA512
7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

Download Submit
C:\Program Files\7-Zip\Lang\be.txt

Filesize
11KB

MD5
b1dd654e9d8c8c1b001f7b3a15d7b5d3

SHA1
5a933ae8204163c90c00d97ba0c589f4d9f3f532

SHA256
32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30

SHA512
0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt

Filesize
17KB

MD5
2d0c8197d84a083ef904f8f5608afe46

SHA1
5ae918d2bb3e9337538ef204342c5a1d690c7b02

SHA256
62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f

SHA512
3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
14KB

MD5
771c8b73a374cb30df4df682d9c40edf

SHA1
46aa892c3553bddc159a2c470bd317d1f7b8af2a

SHA256
3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc

SHA512
8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

Download Submit
C:\Program Files\7-Zip\Lang\br.txt

Filesize
4KB

MD5
07504a4edab058c2f67c8bcb95c605dd

SHA1
3e2ae05865fb474f10b396bfefd453c074f822fa

SHA256
432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8

SHA512
b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
8KB

MD5
264fb4b86bcfb77de221e063beebd832

SHA1
a2eb0a43ea4002c2d8b5817a207eb24296336a20

SHA256
07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203

SHA512
8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
de64842f09051e3af6792930a0456b16

SHA1
498b92a35f2a14101183ebe8a22c381610794465

SHA256
dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77

SHA512
5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
dbdcfc996677513ea17c583511a5323b

SHA1
d655664bc98389ed916bed719203f286bab79d3c

SHA256
a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2

SHA512
df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
6bdf25354b531370754506223b146600

SHA1
c2487c59eeeaa5c0bdb19d826fb1e926d691358e

SHA256
470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb

SHA512
c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

Download Submit
C:\Program Files\7-Zip\Lang\da.txt

Filesize
7KB

MD5
c397e8ac4b966e1476adbce006bb49e4

SHA1
3e473e3bc11bd828a1e60225273d47c8121f3f2c

SHA256
5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478

SHA512
cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

Download Submit
C:\Program Files\7-Zip\Lang\de.txt

Filesize
9KB

MD5
1e30a705da680aaeceaec26dcf2981de

SHA1
965c8ed225fb3a914f63164e0df2d5a24255c3d0

SHA256
895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563

SHA512
ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

Download Submit
C:\Program Files\7-Zip\Lang\el.txt

Filesize
17KB

MD5
5894a446df1321fbdda52a11ff402295

SHA1
a08bf21d20f8ec0fc305c87c71e2c94b98a075a4

SHA256
2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908

SHA512
0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt

Filesize
7KB

MD5
bf2e140e9d30d6c51d372638ba7f4bd9

SHA1
a4358379a21a050252d738f6987df587c0bd373d

SHA256
c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed

SHA512
b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt

Filesize
4KB

MD5
29caad3b73f6557f0306f4f6c6338235

SHA1
d4b3147f23c75de84287ad501e7403e0fce69921

SHA256
a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af

SHA512
77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
ed230f9f52ef20a79c4bed8a9fefdf21

SHA1
ec0153260b58438ad17faf1a506b22ad0fec1bdc

SHA256
7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95

SHA512
32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt

Filesize
6KB

MD5
d6a50c4139d0973776fc294ee775c2ac

SHA1
1881d68ae10d7eb53291b80bd527a856304078a0

SHA256
6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da

SHA512
0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt

Filesize
8KB

MD5
c90cd9f1e3d05b80aba527eb765cbf13

SHA1
66d1e1b250e2288f1e81322edc3a272fc4d0fffc

SHA256
a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8

SHA512
439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt

Filesize
7KB

MD5
459b9c72a423304ffbc7901f81588337

SHA1
0ba0a0d9668c53f0184c99e9580b90ff308d79be

SHA256
8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c

SHA512
033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt

Filesize
12KB

MD5
741e0235c771e803c1b2a0b0549eac9d

SHA1
7839ae307e2690721ad11143e076c77d3b699a3c

SHA256
657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7

SHA512
f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt

Filesize
8KB

MD5
a04b6a55f112679c7004226b6298f885

SHA1
06c2377ac6a288fe9edd42df0c52f63dce968312

SHA256
12cc4a2cef76045e07dafc7aec7cf6f16a646c0bb80873ec89a5ae0b4844443b

SHA512
88c7ed08b35558d6d2cd8713b5d045fba366010b8c7a4a7e315c0073cd510d3da41b0438f277d2e0e9043b6fcb87e8417eb5698ab18b3c3d24be7ff64b038e38

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt

Filesize
10KB

MD5
a49801879184c9200b408375fc4408d7

SHA1
763231bd9b883692c0e5127207cbfc6a2a29bc7d

SHA256
397a3af716eb7f0084f3aa04ad36eab82aab881589a359e7d6d4be673e1789a8

SHA512
f408203907594afa116a2003d0b65d77c9bca47663f7f6b26e9158b91dad40569e92851bf788a39105298561f854264a8dc57611637745e04e68585b837702f2

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt

Filesize
6KB

MD5
06b08fe12c0f075d317cf9a2a1dd96bc

SHA1
0062ba87b9207536b9088e94505d765268069f63

SHA256
6ba88938c468e7217bd300b607d7a730530e63d1f97562604ec0bb00d66a06c9

SHA512
9f9fb1c045d92c1f8035d547554457e3466ae861a04f1cd3f57965e4a92f0fc433b2a7b3e9e1e71588e97f8c73d5914a750deded5d3056e327d7efe19a220198

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt

Filesize
5KB

MD5
03d38f09189799a0d927727d071c54b6

SHA1
17ff3a2c83e6a0b0733f2a9a8ce6b83af4f1b137

SHA256
c1c050ed6fe2f8fbc048fd7d82944b8ada784415b6e62316d590c3c7aa45e112

SHA512
e511c1a271a3d78cb7f6111759eec4d7cfc2d46f71f87aa3c4ac1bb11cd4e55e7d4dbe54f9c5107025ffe8c5fcadad4359dc673bc802b82388e74a8f2fa60ff7

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt

Filesize
7KB

MD5
236cfc435288002763c68c4bbee7b39d

SHA1
e74a2402c2cb744dbed8ac1c2154fb1de38148f9

SHA256
b18730124208d26e5e88b76bb99985bf61938d7a994b626b2de5230557d2d8dd

SHA512
fa6941594454cda55e081f15f367f430559849d218895b0b157a2204e8b30ae95db99c62981a9c30a152a63d1bdb8edd975bf06ee5adf1f31b42a2c10cf11580

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt

Filesize
8KB

MD5
6cd7c2b4d6bba163b1623035feb4297d

SHA1
5df07bcfd1edbd448b566aea5789ef251303de69

SHA256
9280ab90261b0c8f206eef7196d7531e4e4932c9174ab899cee4f8ed97cc87c6

SHA512
7ed13085ebc2545b434f5671f958f7a5faa1bc29f7c10721a972afd2c886fc39f0a6e290e70f1f8ea798199ca26974257eaf9b8445652c9b02c789e198191a3e

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt

Filesize
16KB

MD5
93cdc8832328a22e198920630d597268

SHA1
315e5b1c77fb4e2d0c3cc1f48b6db4c79ce9488a

SHA256
c6e54e2a93b821bc974209cd7e2d10e9fbc4ff07d238ae84f552e4ade271702c

SHA512
e8355a42f3a3b5f21d5d4c7a21324433c997ad39412b3bcdcf26edbd5ef882179168b2b5618f9fe631b88407608ab1a83bf139db05c09b608fddf01694b710df

Download Submit
C:\Program Files\7-Zip\Lang\he.txt

Filesize
10KB

MD5
0771f160d56b1890a1cdc2ca040d2616

SHA1
36e69202682bf6993273b521424ec082998f6ca9

SHA256
03b4ea89cce3aa4193a7e3e1e6180dab8359388df3b574379935ea39d7b8d723

SHA512
b452c75292c7d365aa5759fb3f49de674255e839caa687436474b782f615b2ad86a11a58809a5bb60115b070c9b738a461db24e70502598a3bfeccf373220dbb

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt

Filesize
17KB

MD5
18d9c82f12e07b71e03d6086deba0dc3

SHA1
c6c11c6f1fc00a25dd53e1c78f207f6c8c8b8b13

SHA256
5f79ae167a917860f95f73e5ed007fe250f30af794bcfce17941f9ef87d22a05

SHA512
196a859d52a1a742b98460eaf113552dce2cfc63378b19d2902beabc1e66cbd9e26bf37fc26453832aa10929aaf0196ed9211332e63c830b0e5946013c82bdc1

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt

Filesize
7KB

MD5
9d8216183493ac2190a4d6e142ecab9a

SHA1
e534ebb714dbae2a9e12accbe96c6f2568b814c4

SHA256
210af273246d30cfde87295cd5f4ff135b0bdfb04fe7173bb60f935e685b8e10

SHA512
5b56560ad70652c9c6287f939b25676d8149c000c2388365197354dbe38c5cba5c25f0a3a529f0601a5b5d964b7278ab3a668e8469cf0ec718821fdabcf044bc

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt

Filesize
10KB

MD5
a41e4d16c3b29603832ffd1bbb82283e

SHA1
15695a0bd98d429e9ab191cecb185b70cc492668

SHA256
486a382483096e9a86ccf6ca02123e48025de5055f1880af7f001c5c3fa25114

SHA512
413dd8c87015ede7868f992c25d568de66e1bd765c7a43066d8da8cf350f3620c77091f075020862ff6bf7c980c6091e92c5c843b3d57957c7516f5b0f51bca0

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt

Filesize
13KB

MD5
fe73c2aacf07d5120aedd08792cb8268

SHA1
2c6e7d2ff42c5f65ef5f4c27600819354caa03b0

SHA256
91aac9368bd116ab11fda0b70ee4d75911a65713a272a3ba55d1435c33250f5a

SHA512
79dbd84fe71888b7c9fdbcd23f2d4735f731e3c2c7724fbd531c3ca531b1992e756b13b66889af30ec46770d350fcfaef2d7abe607594a2b4b92f60ed326d537

Download Submit
C:\Program Files\7-Zip\Lang\id.txt

Filesize
8KB

MD5
ba3591ccf26438cbe93e9c1d56bd1818

SHA1
758619a702d5a0794e4412aa6ae93fc46ea3dfb9

SHA256
90308689870ad079e1206a877157f7389bc4351a6b104ffa2bd9311409d6d92d

SHA512
2e9066bd733caaa9cedde2346be543d4360bd796e01bcb669602c9e6450ca5a2718cb67613469c11a4d2aa8c458d7fe9c59ab8eb9bde39846c195ce2cc22686b

Download Submit
C:\Program Files\7-Zip\Lang\io.txt

Filesize
4KB

MD5
0861ae63da2d00590369bb11b3857551

SHA1
8272f4761a3f2aca2bfaec6fcf08c82a9f36a65a

SHA256
b87a4fca8a0024a915ae86e36951cb7cea442948d9982d4247e49492445ba664

SHA512
70997d6775e1c91d021fda2143c831fe8396094e50337da3c4897da70636b7f10b363f35b997213a462b467fe6754d2c33e009e84363063eced871a2591cce88

Download Submit
C:\Program Files\7-Zip\Lang\is.txt

Filesize
8KB

MD5
c8f31d6adee368ca0aa00350df0d82df

SHA1
4146c7c62dd46b2c43c92cdf33e45fa7e2272d04

SHA256
dc61090369e1269a68c75e472d863aaf42207f702b3d3e12ca48d2852e1478e3

SHA512
758af54a33dc243992324974f01707c8027be7bdc7d07187a28038f4c9d8f7681d989b66f56a13b86e99c8bc74d80a70fa44bd5dd9532c99b78df7985b397ed8

Download Submit
C:\Program Files\7-Zip\Lang\it.txt

Filesize
9KB

MD5
aa7b46b6ddd673bc06bd90187e552743

SHA1
2c11a1e5f97ac1415073c2c953cd92018cf3eb93

SHA256
efb1aed5c52af731a733c720b6f5479898c9de28367a5de4c80f697fb745546a

SHA512
10c262122417b081d0403f9c917a4beba34078ca52e88478ebd2c0b6956aa6b61b34511fac71e87578d56ae1f5acdc265cddac8c92b9f14757daa75042dfc7aa

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt

Filesize
12KB

MD5
a0c7eb5d5a5dd7ab6f4c1e4fef092256

SHA1
f121129211dbedba3c440267fd9bd1c636e263c2

SHA256
9f70f1943a8e0a9b9040d1f769ca2494c2b83ceb8dc55b08db1fc3e6973ad835

SHA512
f864c9ac99edc97968feca96919a412e87c27457f5e0a8956dcecf37351ce7aeaf0e745343a649743d665b46be108b3cc5bafd92029d25d5a5d9bf6c390e5149

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt

Filesize
17KB

MD5
c99e6572f5638599dbca2ceac337a320

SHA1
73c64554a00c6d5a3dab8a2e7bd50426d6c7b6f4

SHA256
8dd6073b585dd2e9d8cdd8e0fce7dfeaf2f5a2d8bfc3059f67eaa3d8b5eb2d9e

SHA512
cde3d44793d1abab3b8d0ba71d1af85c7ca49b37f4331b43d546d1f2022fc9cedd1188869acee5bf9b74046788daf26f4e4658af86663065339103d2a602f7aa

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt

Filesize
7KB

MD5
ffc17520fb68fe464650b2f78e15ab5d

SHA1
2b83034ac04640160ddaa8e797faa5d8c80f956b

SHA256
24f7325271dd7ad2b63e977841d2f06ed0194bd9257f0db460df32baeeec4746

SHA512
4f1483796a8ef95b2be61811a6566ea2e19564f37733647b6eb4e1c82a8da8fa927afdf024a247fc7e70088f63133a7843fe6129b77b2ada01e39a1e814429c7

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt

Filesize
7KB

MD5
5af10c5616e0487d236c8cbe2f23a7a4

SHA1
2049e1a82a0af13a8ed2cf9e4eb51f1dfd377480

SHA256
f249930089c374eab59078cf16b8652d443cf2a47485d737ae5a9fca2957d6b9

SHA512
8e2db2769d8c9d4af435986bc58f66f570c4d85bf7c8a2b9369f546cf45c0848a07986582e8e7f76a9aed569da2774e5b19706ec77bfd41bb6b4af86abcfcefe

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt

Filesize
10KB

MD5
407130a212cfac68fa4873b0381b2cb1

SHA1
c0c9b84cc79619d27536e9f50f25d81237b234d3

SHA256
f813eac0b284edce156dd1e6b7ea75b027f4342e04d8b8db1131894a227a4562

SHA512
e80afdf726ccc5d495f62a9b289ee31703f151ea01eba32ad7d2da306c2c07de2f9049dc6592c3c962b7cc2cbe352b8b7a19e9dbcf7b3c6b61dcc4026b70c151

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt

Filesize
10KB

MD5
e85ae412871344211d00326d3df2534d

SHA1
4a770eee2ef9f302b8190c8bbe3988a5d7c90e5e

SHA256
3ea103ffd2ff97e211c7ade3a79a882b494fe416bc56bd05f42f2e82158a7a03

SHA512
09eabfa3997f201f8402dc803319ee0ddc4007ef268ad44309fe78f9e2710d1a10930f2e89f2c0b201d1094c53f5cb7783e492503eb4737b2e3fdc1f39b69ef6

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt

Filesize
11KB

MD5
8c3f9ad9c824dcf74a09c9d406db22e7

SHA1
0c683bb56a13c3fbca664f1e4c6c98d0f7aec8bc

SHA256
b8b7db8c139b19d414cef35ae96d854d5a8364c32b0c3fdc4cac331b5af44c16

SHA512
da33d4098679a14d2f434221ef968951407727126b12404c8b6c3e2ad6fa346d9d515dea940f9109d5d196e648583124f31a1d27cf518ab19e3dcad673c027cf

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt

Filesize
5KB

MD5
28e69dd6e397fa98c07088e4cdbef1f4

SHA1
56e4a46b5c7360f609683562e617c75c28cd447c

SHA256
57ae544f3f9e8bf5d96ce1f9cfe5648eb6c1e2f5604da6eb0c80ae24bc1a40d7

SHA512
6bde04f3bbd42e73ea3e0a93e8ef69149f25dae491051d1655a85718af4d51f5247c610d87c20227f94beeeba038d54f7b213b0443382d080e87722485941aae

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt

Filesize
11KB

MD5
e50c04d913dc92251aa6781c02e0bd45

SHA1
57e68c80b23a9b1bd689ccd81cbcd91e0cae6aac

SHA256
9a9e4ddacc494eaaa386f1220837020f332a49e7fff7f0bf8c38c847390dab18

SHA512
c428caf314f79d533246cee4015411102ed836d0173f67f3b2f4c61c3f3f81be7fb2fff7d3e863e999617ba05fd6f7fef4b67cff8557e1d0c86035ed29daa2ce

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt

Filesize
7KB

MD5
58ff044fe195453f797dd1ac6903abf9

SHA1
4b8dae21dd14ac6daa1decf804336a1aae169aa9

SHA256
d9bb6bfc127938c47b43290241378887085314ad1326095934a362cd9836b560

SHA512
861300fe39ff0daca00b4cb56c4075afba2bb3a1654bcf35713251237630206f06bc63d7f339ecff040c9ea1f5b7094a11fe57c5848e91db9000f48d166ab1be

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt

Filesize
8KB

MD5
b8056cba4edeb98d298d16edbc34d678

SHA1
a4d39c3eda31f8ce72c62e1db91deeabc884ceb0

SHA256
9c15db408e32dc699f598aab30f539f91a212e5fbaee2095022e24b3f1f09ecd

SHA512
5c3fb76a5502c7c0312a32cff38f99c303225c31c3e5c6041765bc2beb0e9d5ac9cb4f543b80eca969d54723a52122601b2074afa8991ad64b92cfda91104dc6

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt

Filesize
4KB

MD5
056327042b9cfd5fcb5f788f22112d62

SHA1
fae6324417dc88e9a9bb0fbac9b4d4ce61c1980e

SHA256
533f9ff016e7bb36216665cca1065139a35d8da71651678814415ff457a9be7d

SHA512
fe853c2042251b3987c169f8241e0b3b0f1c3ae039dc7786b07e0db07e8a6b0f89e1d478f27d3c8dfd69473e6c6118ce13a39d7de84a22a3c2a660652b852660

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt

Filesize
8KB

MD5
c16e6946f912b49963bfa7e44be2f7a0

SHA1
496922ad3e59737ac64289ee685f2fadaa942755

SHA256
90efca5f6b8e37b963f7e42f700938440171942e0de0ab8baeb08912c0952957

SHA512
55feea50104ed2249e6f5018b6883f89acbcc0396e80349653356f40329c4a420584b29734cd1ca8930e9a383da427ec979815cc3da3f6f59ad8948b2262e874

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt

Filesize
7KB

MD5
1088565a362ebad250975f46f8a94328

SHA1
406593ac2e74b8911dda720952b7aff6c4b5c145

SHA256
c6a6cc400ee7420bfb680d71b43a9be1fbc75d7b98ae2b6ffe98229d5eefadca

SHA512
500093986ef49c23829d99251f0adcd20a6d348a91c74362e95e6d8e73b83f7ad665cb49da3e47da1ec671842abcc2d824850d243ee8d39c41e3568f9c2c89c4

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt

Filesize
19KB

MD5
a10d62cb5875cc96d53e4bc02724f366

SHA1
bb8d2f73109084a9a11246733e5da148d964d6ea

SHA256
2e488ef05895b93aca2b5f72ea08da887722215d1b4cb85b12942ea32641da2b

SHA512
b01fcfa48883431ba98522c74a8ae9511bd6f122613e80a0439a049b8f509d689b89a59f280335532af284a351c52f44313a4961ea5acbfaf7ea2617af75e797

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt

Filesize
20KB

MD5
2be2f9c77556ca413b590b8477df5499

SHA1
dd5ce617642c977470aa20c6dc6815728c779245

SHA256
5a85cc532f802da683374c3f4c98e3f37425cf304d6772ba554d2c49bac7be0b

SHA512
3ba82549752e6bfe6c1f1706b205747d70f2f3106c49ea08d35e82047166c3d5b26457d6bf00fbbd0e9cac4ae8ec38123f533de3f68ed466f219c551b5417c40

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt

Filesize
10KB

MD5
b681f52bc54b1b340a3184cde7ff59c2

SHA1
ba8d38155c0c81416233a360f7387eaf48c57db2

SHA256
f6d67ce2eae4c125bbf54c04ac783005bddc07007398cabd3b9603020af67bfd

SHA512
82fdb75b2f2a06e3cbbeaf1dfe84b196908286b9518194485dbbb168777181fa86a7e37136756544acc98165860e8ca61b83545f6cd1f13ee91bfa995a5df0d2

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt

Filesize
4KB

MD5
e3267c5ed8158da2b7e2679107ce1394

SHA1
6550cde7359a1b3450d8c0937affbf0252fa4b82

SHA256
c88bc7ea0c20769847a0403e188e273a0897d1c77dd72cc4b45471fc67e0d5e1

SHA512
63c185613c5855379dd4cac3d2cf264d6bb2a0e9b483b22eab93b7e8b9abda88bee2f80fcd24f0e9be0972a04f6c725cb20cae678e3e4f61251721b5bdb1cdcd

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt

Filesize
5KB

MD5
3b1958da0544a6c318d18ef5779e81f5

SHA1
67e991a6525da165145c4584c3d9b398583d7e68

SHA256
f349529ea4584eba51cd519b8a1d535d2daec762cd7369673b237fa03a526cc7

SHA512
e9b5e76fc908bc193738781fdbebd894ae310f6693f7b52d4369bc4f979a8ec9e2201e5a2056fbfc380fdad3143f3e5a3bc00d7ccb00cec078bc0e8caf318861

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt

Filesize
12KB

MD5
04cfc22f9293329c5ea7ec5c4a14d3bc

SHA1
57aa51dec6bed50703054060f46918aa26ae0e4a

SHA256
e016e8872f2de7cbc1f4fc786c747cc26b2e250e6c1b8f1c46040b72c523d90f

SHA512
5099e2a8b6be04e2124280711af1bf5807dca5df93dd33cca416d56337adad19903aacef3872f550d16a82f8f1471ec5d821d6e4e096e817a8c4d8340291d402

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt

Filesize
9KB

MD5
e888911310c0b6d7a1932de36ad27250

SHA1
928d9fbdb0c0c83042cac9059ffdde48ea4e9f71

SHA256
4cb5f08449b5e22ed15f8a8cc038d021cdbcf56548587023d1ab31ab6cfc232d

SHA512
56308e46914fd3b0ef62b33331f815fe95ca4a3cf122934dd0c506a041898d94a9ed6f3e1baef386efb9aa949cd47002fa859b4843f2e32c186ecdb6055ff85f

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt

Filesize
5KB

MD5
780514af9e967d8aa65005365efa7d78

SHA1
9e060f149b110d0a0675b75d4a7b960563acca05

SHA256
db540e1a6b8ffff2497f9c1a63f85cb5f345f8cba767f05377c0365abaf7b7d4

SHA512
f85feeff1e89a371eb1143d695c76fbf84afee3699221e6e6ce7703a91ea80ac01af27d34635fa2b61b1d6d979cb91bb98affbdb1cdfae6cd04251a095eeec84

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt

Filesize
13KB

MD5
c9ad9d02c661644f79820e779a6d3f0f

SHA1
92bd000af1ea18b2fe8941ca4df15858b4b53106

SHA256
e542c19640d39f3c56bf11a9eaadb554d7e74d8ec525d41a321e97c5ae5191c5

SHA512
40d178a217dd51a188e5c2ac5eb59db62db95dd0a7063e39b1ecfad0943bb54a118767890d3aa7a753d7316aa2f0494cef8bd81512d611ac2856256c524a5d0f

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt

Filesize
9KB

MD5
f8821c75507199f4ef041eeba8b82281

SHA1
96759a3b826bb5dbc18730378d0f8ba08c1df7e1

SHA256
b4b96fdaa023a3988d514c1cb1e2914817cd538d3bb7f062778360338b73ba67

SHA512
173d6f0437a4e315f4f890f67ef93936e53205f950a9b718b8b232f6faf0ed7e33e6c72531e0c2613611f4b02f5fd1ed7cde8cbd05f2256a68fe577dae4d3a90

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt

Filesize
8KB

MD5
23502d5cdd3671b634832d5f722cf5ea

SHA1
443fb98df15b8bfd081802938e180a87ee24104d

SHA256
fa12ca0be49f4921d06268fad673838c3a4644a70dc374a931997178f588e8f4

SHA512
e1fc00a7ad4a817b32370f2c03ea10473070b9d2febc29bb87d95ff2670e8e47ff27b2c2b6d63396306dc0185e127a49f602e969166cb27073feb735cfa47af8

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt

Filesize
9KB

MD5
f0cbdaa70d567ee71c685250958ec194

SHA1
2db013e6608739aa45453d0f69ba953fcc78b14d

SHA256
6b21924caea51b395efa0b8fa5d7e2492ce6a6b86dcc08565a5a4dee5c182167

SHA512
3ae68cc6be78d6bca7304516b25733a516aaf2121fb8e62ebb9b6fd5194d261117f7ab0c142dbfb2efe2016e189e7ebb1f5be4a82253f087a34a59cfc41ef7b9

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt

Filesize
9KB

MD5
f868c8fe0f1cbded1aec5cd29754b289

SHA1
5e0113e3d5bfb938441cae077034e7735b18c324

SHA256
3c76d190ea88cc339392fdb46e005e72e16658cf07fa83487e1a77250e027f41

SHA512
6c83c388460a3dfcdeea369523678867511b8fa360caaa72dc6e042f4a281f4764f137880e5369e06e60c3b3f304b3bb8df7e6c0edc3992972e646729bb240f5

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt

Filesize
9KB

MD5
9a2fc6431192e6fc18871da5d4adc467

SHA1
eea02faf56e746dfadf67c5fe4e12a79ea2fb089

SHA256
4fd993dbae9606c062dc3511292274631335956a016b74b3061bab55f7d9c736

SHA512
a4945cd1522fd2a57960959c4937c55920520be615f3cb84cbe74842479d426aff28f3e041fa61a338b121ca3be64efc4c128ca94a48b4d994eea79a42aab7f9

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt

Filesize
15KB

MD5
447e681a030c82c3832dba0b51cc790d

SHA1
401bf38c2122ae2493470820c92d069f3f6c7606

SHA256
3e76bc88db5cb108cf8750b01bdabbb3772dbf2bf14592c6ab18b7339817d6ee

SHA512
d17ef32a1de17ec1c9d6cae6199e6623db700b18e43b3b85ef403a60ec11b9efc0ac0bb188b03d13f7895dfcf4ed37d1f40c1bfc4bee469742b712ed5de70722

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt

Filesize
18KB

MD5
fd1b984baea0e5a905f756e9fdc54e86

SHA1
4da8da9154115f6bf0962fd02db9d7e166285c8e

SHA256
02cc9032c117a7818865af3dcadbdd3c7b348be3507681cd0032dd9bd15b76fc

SHA512
1595742cccfff001c7be0a7809f2e700460ad4cbd684d5a0cc53c5ccf615046e2e94efd96ceeaca3d6fb20aaa5249d7677ab1f6faf8dab0a1b559a0c0951913e

Download Submit
C:\Program Files\7-Zip\Lang\si.txt

Filesize
18KB

MD5
5203e172ecb9f384bce04d243684551f

SHA1
5f6a09b52d729f3f6c95aba9d29bfd6c7cd0340b

SHA256
5405e5b04e670ff7a5b5242a3872803725053324ffdc31f71511ea6b2573f6e0

SHA512
ce6b058891375577eb726a15e5430bce4450a9c06d3f2d3361ffe5d39c0c47097b6d0e7cdc7b907a8e5f23fa8fa5a1866661a2aa3167d982fd5aeec33fa39077

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt

Filesize
9KB

MD5
3fdecae1ff188894295759380b0378da

SHA1
935a4797540ce26828569c50924baae230f2d41e

SHA256
b53fe26795b01f3347b614eaa499d28770d94eb5b51005c842386e97d8344cb6

SHA512
f5b87defb1837e98ea46e1e37e13180976c5910f13e18a178397c530e6f15c585cf55e54048206d1a343c298bfe136e0ccf259657b29d7a8c5a9ee2537288aed

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt

Filesize
8KB

MD5
722551a008a99008006af6ce4161537a

SHA1
294abea21d393bf624a4a97c1b4db63d3332c312

SHA256
6b53fb390da88bd79d76487ff30466ae972976d2eed030ade6d9b93991b99cbc

SHA512
4bde588e3add4b20b3dd89953136a655e0521cf3ec97e72a7ff337bf64e41f3da75f60e4e56c5b833b86d6c23fafaa92ebb0effe1d063d499ef3992c60bac8f0

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt

Filesize
5KB

MD5
69720a6d09230d9747bb2aa3c0ef650d

SHA1
4750e61ec19ba905d6f2bc5828510fd08d915af8

SHA256
b6ee3c8a14230aa7d1a17c5493e0a410c5c5c638ba7a9d81681ffed4a8de6884

SHA512
92230fee3e5bc4b57013e359e43bf5f921dcfd9cad4522e09b11ef8bf2f21f96555fc3af72618a06d953f8d68050629358a8a7312a649489d6ca82780b793c88

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt

Filesize
11KB

MD5
d95e6ff9dae7fa22083d9ed73588fe1a

SHA1
f061e9e1afe02b7b92d626432cd9da55bd8bc2dd

SHA256
817d7a33f2adb19f47f45f78c314f6ae6df4ca4da133c1f7a82703e0cdee7e20

SHA512
210bfdc206c2173bd680b6f319afda3228ac44caf611c3846ef9ae0ad11701306ba923ccc9715086ff3ca5222f80713bf9fd6abf61141232834dd95692edc7c6

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt

Filesize
6KB

MD5
9e08d57d48b4d8cb16f98736c5c0511b

SHA1
85a597b74bcb1cbf918d6366705f0b0c0727de31

SHA256
d8c5223fe423129145c5b55a756e499d4680b1df0a7115d72736f09e51c89c1f

SHA512
13e431e00f5ec0373de201897c68a55c91962bd3df6cd693448d3d5d6ebb478b51a1834ecd37b456761dce94dbc4e5214fd421fa7bad3b5b8a51051d0d8d6964

Download Submit
C:\Program Files\7-Zip\Lang\sv.txt

Filesize
8KB

MD5
9a27f7e51e2143f4258aac9975f78f60

SHA1
49dffbd91fe27a81da38becde87de6b2df28962f

SHA256
233596e0d29dad356cd31c302eb1eb3a263736f166f5a7628a753bd808668ebb

SHA512
83c6464e05c776910552591d6d4b8dcb5cd0cc8c627519aefb7b61672f4478e42fdb8e023b5bfd29c313a22deeee75fcf66bf638f8d48156e98694f110b7d324

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt

Filesize
7KB

MD5
baac3ff9fc4b6a656ac7c51d44117bd9

SHA1
feacd226efb71ee149424f39ab47ebf6f64cab04

SHA256
9fed3c0b4e67673bc1d8bbd67d1f6651fade030f98d12173c3564f2c492a67f8

SHA512
44413a73cd0de02f245cb5d8b35bb457ae136c1c2bbb76934f120f6d0b14fce928b4763475730f018c6e4b4ad4881a32cf1c99879c197cc4e70b8a992b3bfca4

Download Submit
C:\Program Files\7-Zip\Lang\ta.txt

Filesize
11KB

MD5
dd0ae446ad4c5d6f20db6ece80f21606

SHA1
cddb5dc08da094ff69e48c1af7e329f6b83fb6a6

SHA256
ae1a795105574bf2674a5de98a4f06cadd9c79debde9fc288f64b3d607fa329d

SHA512
543777575d32b9e1a67afa2380b7953b79f3031ad6421314ba1dd957ec356fc0446903e09ca70a4e61f1264fc87846c968574d3adf90f1563bae3ccca875636f

Download Submit
C:\Program Files\7-Zip\Lang\tg.txt

Filesize
14KB

MD5
ea08a1d73a4a150d7ec590b094d4e0d5

SHA1
e4f3172cf52db8da27f7d95cfba2eacfab12d533

SHA256
e029f34ddea8b1358e1f519526ef643d79be37cfce55bb5ea21b4bd0d026f9d3

SHA512
3661ec554c82f3608099e08808e5151b8d7bcca385cf09d0fd4181073a52e1e835485df0684f5091d0f5ef487a07298286db463c3971e3986a6ad9b0bf7784c2

Download Submit
C:\Program Files\7-Zip\Lang\th.txt

Filesize
15KB

MD5
6be5ba977c60f103b54c4289399ce43e

SHA1
48dff625438573a366d56ecef43bc43a10e124a8

SHA256
a1967002746961cdc4f3ad4f5f081bba6db231660cdfd5f2ab4a572eb11dd67c

SHA512
da61aa3c5389b5096f1c899ad17ebc20125b18d959f8c74aae10665f65de4a3c2069afe47380c093926180c952336fcbeff71329809d7fa59ab490849b647dbb

Download Submit
C:\Program Files\7-Zip\Lang\tk.txt

Filesize
8KB

MD5
1f610df86538a3ed788d6a8024c1982e

SHA1
3180f829602b83148c73a47ef4daf841bb379a14

SHA256
a0f485755cbc6356cfa4bef5cb6134653dc6743f4bfca89ced92d43ec31c5649

SHA512
c184e3898944b2c0a12806e0b0592fd19be05a75e7f3b2f9a69b8d39fa847e90aebe93e1e96588aaa38dcdbb9ff89c1667bca1b5a5fdfdb7f77e37a574981309

Download Submit
C:\Program Files\7-Zip\Lang\tr.txt

Filesize
9KB

MD5
cd44ef9f1c6526a18d9956517e510c16

SHA1
dd65dad1b27f26b538cb3c8fc11895a7c6a81f20

SHA256
d8ddeec7a1d5f98be9fe727d47f8bdf733e21693e988dcfe48089ac3344dcf30

SHA512
51676ae9c163686dad3748e2dec7898ed218673d15af741404c4eb30e8e8c23cc8c5bb7e33e1b7cc40de56c1acfe2639711f47bfac9ef9fae5703eaa889f924d

Download Submit
C:\Program Files\7-Zip\Lang\tt.txt

Filesize
13KB

MD5
730c16345e2a2366c2221d5f22980666

SHA1
41e92f0b3aee2436183e1263aad85787ecbabf34

SHA256
813b5264f3f2d2b632b346e800e738e04dc098c7b3a1a2af64bcf3a6acbca037

SHA512
339a9b6e5788b6b2d627c16b6dca5a942133b2f113adc21225c693951d87ee5c476a684565c2a38510a23c42e1dfa0689a62450cb2d741d4ac43a53b9b691606

Download Submit
C:\Program Files\7-Zip\Lang\ug.txt

Filesize
10KB

MD5
47c628c679ff488ddf4e14c457d2fca0

SHA1
e8da632e677a92224b5095271087a68c60504b9c

SHA256
7fd494130f9b96dfca492d495ef3fd7b4eaacf59f075172898ece5aebd1f6fce

SHA512
a4a22d6fe3c01a3e3d93c6d555b840eeecd72f396f0bcb5afd871292bca5b86f2ca76e3cf44fa71dd6c1b08d6672c50d16d0fba679a4af4aa677993a9900e497

Download Submit
C:\Program Files\7-Zip\Lang\uk.txt

Filesize
16KB

MD5
14c60b55d5400607c7b6443d10b0a37c

SHA1
b92d556ff934f83ac3beec3de20fbb909d0e1afb

SHA256
262bcc4ebae464d1c96fbfccdca7813e6f6cc8fdfd78fbb933de72a2b7ac8367

SHA512
bc5951287dbae1bc775293b1ccc3fce37c2776905fbcf9ec47e49e9a28e6f54b1349b49ebf65631d04617666eed483a91870e255fedaaaf9a4269b985310efe1

Download Submit
C:\Program Files\7-Zip\Lang\uz-cyrl.txt

Filesize
14KB

MD5
0e053b461b1840743441f2b74d73e3ee

SHA1
c3f211f45c0702531c0bb09c13eafe32634ee9cc

SHA256
dd414d39f8da2fbd5caa0c7a7a9155c5f802b4d45f2e8828a79c7b4b63bd1179

SHA512
8e2144242e9000290dad52008b3db9878b35c1c3182b74273965a5f7b4dc4afe146d2c97a5318525ade263753f08413a6fa45b7ec38f9c56d5042787d9e6c78e

Download Submit
C:\Program Files\7-Zip\Lang\uz.txt

Filesize
8KB

MD5
4479712709b19297483d020d11164745

SHA1
adbf9f8ef1c44e7f7d13ef5e0abe1f49c4ed3f1b

SHA256
d62f8d3e7aa1f2636a1ad1b2aede0da9fd725941a5f81d24a9b0b7599caf0f50

SHA512
a857b93e9991aee4cdd6730de538ab3bfd13620d0a99aea1f49859b0d479ef4f757c4d99846fc1754691802b5dafd044fc306bd31c0429dcf15eb5dc3c0b9036

Download Submit
C:\Program Files\7-Zip\Lang\va.txt

Filesize
9KB

MD5
1651078be7ce617922904ca7941fae20

SHA1
1fe33f74aaa6af59b5055b968ef6424107544538

SHA256
c0d985dea02778276ba3d3df96b50b33f7ba0c1ec7c62761f0dcd67a05b62270

SHA512
e1721ee191e1ba24212e85c013497c66d35db0e48df464d2e86762b4a0855ac04ffec59af8c259f91dff0924d977ffeb1fba92a7c9a951d5f8fddfd0b02bb67e

Download Submit
C:\Program Files\7-Zip\Lang\vi.txt

Filesize
7KB

MD5
a0612fa9eb8196659d15c67ac965a5e6

SHA1
ae733bbaef962f3a10c5855ed30b6d084c8c5d5f

SHA256
c73634402c3effdb2750ab5cf6f1083abd8771529bff6f7e513d646e0fcdae23

SHA512
74991149573fbc7b5d9bef36b0f8cb00951bebe959f2d9058c227f3e75a874e22c8aa6219bbd643e483e0d969674a9ca9004e33f116bc923a30c872fc3f7909c

Download Submit
C:\Program Files\7-Zip\Lang\yo.txt

Filesize
10KB

MD5
5d90f9c7771022e43c15a4393a0670ce

SHA1
689269a4b3aed23cdf59ed395732c592b515ac83

SHA256
de2497946932d806f822082c3cf9f2f26a18752d9973f9d09e0889a94ce4c28a

SHA512
7a8bd040989cf66dd0f15be68dfcf2799c34c491fdf900315ab82619938c79be9f18c6a5b1a4ac7df6bba951b3b309ddaf4f5ed628a69b8b893406f68fbc9510

Download Submit
C:\Program Files\7-Zip\Lang\zh-cn.txt

Filesize
8KB

MD5
d13839af103477df8cfd0bc2eb876eb0

SHA1
93af39ebeb9677003db67b386588409329104f4e

SHA256
d04e5bd3bf1e3f3754c3603889aa1b659d1dac518c5c6b5c1c49ecf16dca1c01

SHA512
dd79b5a8790e906e8bbe3fe69476126ab76ed472b4374e5fb7f4b272365bc305492832a1e3b95d22fc7d3c9edd9b013c7bc8871c6bc85a717acf3b361da1900f

Download Submit
C:\Program Files\7-Zip\Lang\zh-tw.txt

Filesize
8KB

MD5
e6c38c199079be58ee81e8da55e783ac

SHA1
1ad09b0146f317786afb0a09c7907e6ccb5c207e

SHA256
76a17b0a97925e5d6deb1ebe8ae14f83bd49957c492c3733a0ea178e28b0d74b

SHA512
014d3fb64b22da94d5ac7626b3e4bf9321fb05647bdb1be3eef79add3efb06ef6b0fc1590031d4e781489afc96ba4b7e4a86590bce98c901812e890a4680ed02

Download Submit
C:\Program Files\7-Zip\License.txt

Filesize
5KB

MD5
761b393dac39374a072e58aa6a4872fc

SHA1
fa049f28e907ab6a0489d1fec1746df3a26d22e2

SHA256
3a9a7bca133a8af4560f48dfa351f941e110d80a2c2466e537ec6680b9fc2dda

SHA512
93c5a05469d4469c713370ac8d711caf57bf87b91b4f77aaa6f950552180548624890ec0e910c0f0e2fa1e05417edf37e31e9c128815a3811110bca90885860e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
5dfdda860ba69df0ae0ab193cf22a4ad

SHA1
631c3b573b87688a9c5c5f9268fa826b315acb22

SHA256
2ffa1c010889dc2c03dfef2271343ac6032c3966530c383b92d3dfd99a3aadc5

SHA512
ba844e4157d1da80879d89d52155e10f02682f34d92a5a7a57fb1d723cac66b01ff3aace379072780c01720419fd21f1f25279f6587950e9ed4c43688c284a95

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\Program Files\7-Zip\readme.txt

Filesize
1KB

MD5
800e525e791ce8ca84a9200ddcabd6b2

SHA1
69800f0c14111fd0ca7f6a41268ad5f4d8ed24f4

SHA256
7687c86d1096d2587a8ee0a9e585725abd1ab7a8af98fdf1cc8234ae94624f33

SHA512
095a707bbe3af79cda2e77799817ae979f72233c92be0ca2f1b089aa285de6498afcd44f84c328b094cbfc733f16c664135bfcaa9a93e5af73bb90afabcb71f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
68a9bd7267504a055d6ec921ab4ce09a

SHA1
0b0d9ef4f789c4db75d656d7e7ebf509304eef7b

SHA256
77502212b692e0e13dc41a3cb1ebfbe67ac979e2101f378ad665fd6a2f966dd6

SHA512
0fb4ece303391e2b341f16f866ed83d733520cedcf4d2a00ca26d621b7e3737e5efa7b2059c59f2a6d74f6d691641e0e8ed80bf79c350ad1a8cc0b2ddc9ccddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
33f7eb89e1b82bc9f4e434460aa14307

SHA1
2eb496cb13866b83ea926a26972e0fa2fd4e869c

SHA256
81125c49fce11df6d35eddb6b0c11c27cd2a730cd78597c70bac0bf23e141ed3

SHA512
313ff86b71507d784f4ac588074688b653685efbdd1e9509fa8db3edc0cd12aea7273cc1a65711f5700d6c10823ec92315aa61290c977f06d2e10a75067b468f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
72KB

MD5
2f6f1f80c4ed1fd57f214bf40a885a57

SHA1
0287e82d5044c01ea99f69ab02673fe8262bb9b4

SHA256
422596b36956a2800b4dbdc3c81acc6e960c73bbc373653a471d713ff7098d68

SHA512
06fc97aa33a16b411d601f61b308c5e34f984eeb10acb752dc909b591feac285c4ab313571c70e70d2a81441bac1fde4272fd4536fc2f13ffd683d8efcc90129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
421KB

MD5
7d19def977c95f6db1ced50412ba3b19

SHA1
3b2bba7eabcb2a87ec7caf68a465078c56a02d83

SHA256
a1343cc6e09872db012c14a2775f3ca9a9441ce686335b8d324351d779a58924

SHA512
2064eea220cda45693c6d4f6bff27dadac75245ee700f2807f308c7ffb42164fefa5086fd1a3da23b4e336b89c5f1d0ded0a61b828a61861f61c7f4dfb5c710e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
21KB

MD5
c2be4a5922c8f70dac1820d3472798ec

SHA1
f799e7e24c6a2ec495a194cc035743748d4b377c

SHA256
575de6cfe67d6abe7ac3d4c236f1d112090fd2f60a51aa88b897d735ffc2a508

SHA512
f9859891984db70919b66310791d557fcda2fcbf1bee295ead9e2aecd48fed652fad39aba99d034f04c67b047a11a77ee60acbc2573deda174d0040699b84036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
24KB

MD5
9661f391f69ddbf1e8bbf879c1c69660

SHA1
60e78567cd82d5dec158be4ae4d365f45412fb36

SHA256
59fe3fa5daacb2b18c734a563d4e8e9df1f51eb24672249ca4962f3132149191

SHA512
dd61b2a9827be092d779b36dc1c4f3983e78cd42f3b6bb07d61758502ef0eedc2fa562ec028374d072e1ace9d82c2c816d2bbb742523f43cf5a6371b79064722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
20KB

MD5
e241a1d3ac1af67a908a231b3c0f8744

SHA1
e8412046594395ab89d4788f91e36ac115aa602a

SHA256
4399c3e6e5716b1bf1d535176eecc007364152ac36a19855626aa2689bce0053

SHA512
de2882cbc94ee616ca01e534c867de2cfe0cf3b9a023f65864df9c8c343c2161d9e53a3f0fab83007cc51ac1886c3d378ca1c8b7e4ac7cbbbb7460262f17fa7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4387663fbeeaf90789ca637481bade37

SHA1
3c8883d06ad014e722d8ac94908fe2b1548732d8

SHA256
d306ad84af25bbdceb63e89f7118daa58500525141de894cc64e4ec2f36ace24

SHA512
6e5807c7aa4ed791cd01038281cc9e6fdea5a8ca9522e2eb0ee845c8d19fd7119a31cdcf380d7ed710a7b9133324d44820df73bfeadba507f167f81e4b88f8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
168c03b2aec62584bc861cd6c446dfac

SHA1
5eeddda52d4283d3e85db3ea9b304374dbade5ae

SHA256
b1c86d02353097fc61282804dc50e542764a4169d5a1edeb253f467ba63d0a28

SHA512
852b9be6aa53fcb6ee79cc0533433f5d5103a72f74386c922970c3e0108bc4fee40d8acd39547017393c6b129fe51f1eeede33621bd2e772420e152beab90a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_wmuck.edonhisdhi.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
edc2fdab17eeae1fc2f83c95e62380e2

SHA1
32f9ccee17c5ed5ce8f15a01b85664959e8b25c6

SHA256
d57835c754b14c5b91bc6b890271960a7d7014f776edbabfebaad69923f5c4cd

SHA512
9c82d111004dd7999e37761c5b7020e3aee87481897ee09f20f11a18f4b64b3efa879715d58fdc393daa12780d9a942e8c782878b44b74b7866af62be8f4237b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
00ec9c3d0b62b0be172397a1022703a7

SHA1
f7b75f108bbc351b1c87514aaf86c310b0e6bb75

SHA256
2af197b56d1e1a7db1c626fdf01fb332ff01879db2b89aa5d985abbccd6325f2

SHA512
b970eab843c106a3ed793a21b217f2fba847bc955507d31fb8e7fbcb6b6ec00fd0252f381e99b1f40447aa0157ef1ebe6059df61e6e82be6a903cec9d2d2d356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
2ec8dc47df3ff25fb179e06e674463bf

SHA1
31b72d9fedd920c2d442d87ff1871d4f89622bf5

SHA256
f25ead5d80be46f28861ec059178d79230670f889c3e9d09233b4e3140b13bc4

SHA512
710a972cd8f41bb177093dacec96bba342a51c9746ccb39653e9205cd4ce4a41aa24dc94b43e7c395977499024f2351aed5f3c7b5ecb1f6bfe14ae85d79d63d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b2f5c2a60cb836281a6f30542ad1d5d8

SHA1
697551f2d394c77f55e2d2a4eb23ff3d9617c968

SHA256
b8638d2841011ebe2ad6393ec134bee9277744744a72180db0575abae3def01b

SHA512
f6e54c68fcb76b16f28de6868f64c65945077229eebd1c5bc32df0a30e14ddc7d2a3c072731f9fbbe5a8189396001d8d842f7bf223269a09c075456571f90f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
8a8cd2f1a412e6f976be9952ba87861d

SHA1
8fbab7608b6bafbbe85b2bd3967b9445b98e72d4

SHA256
91623bfe1f0a3135f4616029ca9d2b9443962e213097fa75d928fa85fd560f29

SHA512
8d888dd681c373e23dd38cf892b925b7425b4a507f98322afc71bba34180abe68cb0a13e3a3648cb61e15e7bb6a6471ef0a125febc6d113fc656db7742a24af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
8fb7508c83b87663d1b33cf8580e1810

SHA1
0979f50763b813c92cb7b2ff0f8522741dd2a02e

SHA256
5caf072020f584579dcb1bfc06602eebbccfd6bc22cf6d66e525fd412c00c569

SHA512
06e4ef594627a9a751cb0f4ee9625466741af7c790dbed3774eb388f160a3b26f9b8e76f1a4f19bb1d2b8eac4dd28c3b2adec7d6c14341370c2cbec4e87e6b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45dcf03db7fe4338714400a6cb2d715f

SHA1
f0cdeab77263b016dd10cb7b495947a407a14734

SHA256
ce1838ce6459db0e788efb81217a18b43fcd55af0ffd694cbdd0e94e44730fd2

SHA512
520772577453d22251c2528d15725696a991194d95fc9fb7712606e7b1ee17276f7ec4b339a0f37c2a30cadb2eb277ea56e9873936ae781e4fcfd3fb932ce965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74c26856b4770a445817d94a4b20604c

SHA1
a396ba5c555996d848ceb507b369f2dbaea3b835

SHA256
c6e7c84cd56778b176ec68c4067626b1d832ca1561047d316af912d1aac9ed0e

SHA512
7a431dfde732287f39c304631001135f48f07771603f97159d9f6c61a39ef7af0fd8fb072ddfa0852dd763cb1168bbf211cfa45b2539a150a9fb0284c9331bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
58d87ee3f77d0d6ee8d24dcb36e13151

SHA1
2e694b2aea993c7494dbe905f7c5e27ba96d6251

SHA256
ec89e3f6334eabdec5251ec9bfb226c75c78e102471c5d251386c35b0fc0e01c

SHA512
396131280fc3e894a60082a382ab5164c1f9de8052d8744cb5ef2f64e67b8cc6bdcfccbe9b0efe5d34a4c7982d00a248161f7c6d26b84b24933782ea83903947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0f32acd857ae820a60cd7fc6fa9ab45c

SHA1
fcf346045b0049de76924f1d95c18af08e5f2fbb

SHA256
b3943d48420f3b0b97338bc15d6e750cdd6a7b87aebe3b28fb55d63274afc248

SHA512
daf722b114a12960645ef22e65beb7bab24b29bea83eb77febd1b5e3e983a88e1958bcb01d9e4fe8415a741a8c158c5283b7744554f93f2824e354f6baf153b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
36f00b456fd54266bf3822284e355323

SHA1
fdd817144fe9da0d8e415eadda41badb94ea2888

SHA256
8bfdb81b3983ee6042bd9be5cbdc9410a8a72812127d8aeda6668fc6ce12a505

SHA512
01b6d7564d1578b6b44392aa3b7c7b95ffdae8af7a9fe86c384bf440101a58e3f25ca97c2e9c5ae6537eae67b6cf0397a4f21e265219f14f38673e651ad0e257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fae3ae8ee24f79bb98ec3e908c306c83

SHA1
31a325906f63122c12413d2fc91e7a4a7a6d5454

SHA256
b18fd104bdc1f35252711738c93d9878f988784f183721e8a8dc0c59660b70f0

SHA512
fcdbde3dabcc80e0a1879b72581c4eb25700626212f7dad58558d70c1a46499a3cb796d61db8d7c133b7bf8a5d4979ee6ad5b5241ee7ee922a1dd0834329904c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8fea93eca0603bce8b6faa75dcc56994

SHA1
1e9d6b78d328c3e4668d2055007b2f4700321827

SHA256
ffd9cea0a3dd411871cec6f242fcbbabd45fdc7e57ac098b438a29fd9a54cb09

SHA512
757a3c57e7942383d229516034ca2fcfeb1b1b50d95f34f666a0da87c52182fd377585c75e8c3d982cc63a8f0ca917ffb0ba1898ca99cf19c1348ce2c475bd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
24359f9a5a05caa1f519dc01a2c02f9f

SHA1
62b6df0c321dd1f77e2b2ed5baed5904b5f6eb83

SHA256
b4f03f2e9ac866d171863341cd91dac264edf89afe4e383e92498c4831d1fb01

SHA512
7df4891d3025b83335bfb8badbd10de02bac44f49de3191d86aea6e33a5612e03a941fc41ec32ecd5376a917ed4249d250757db57699c1c84a1f28b595e996d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5e24a340f3aebab0096e08bb8c447f5

SHA1
967766bf539094f61e9d6d31b484748eae4c21d5

SHA256
dba09cc6c9a63f9b421baf068be700beecb8d9f66fe120d54bd24f7e232a6f4f

SHA512
a3fa8f018da5a2e66c0c69338a33cb4d52124513565928d80fba1defc6b1e8fa3641bb047b29b8c859036e1ad34478ab84eacb5dbdda758d9eb8024adebb2af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1c4e98c80d2f179eb4efa61aa110d33

SHA1
f4fd7ab604494d282d2ee47f6142f4d082bfc3ee

SHA256
3f2ff169110f4002dca1a19c2e263a81c0902a0cbb4b9dce64b78ef3e4663995

SHA512
7123e4e5b7bbc5d9a82593af4cf2e1b3e14fb20a3d0ad879149a675f205342406a1c799d3f9453075f2ab28afea3426ac2145dc00cd6506b3e49f8ea508e390e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5aa63e0849bd71d852c5c02ce2655103

SHA1
6196e1d1437c8a8a26da066c861d291841071c50

SHA256
8df68649203ee134906dde70de8b25e8ec0bab81a5484046be3d987b0413439a

SHA512
c2ed51dff375c1f37c95e2f57877a20772397ce90409022323bbfc96cca800c7bcc0407d8b969c5dc058f3e5359b32c867767b0e25a548879b2165c5472df276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2537899bfd7521e02067c1545f8656c1

SHA1
d5942469f425f6881e96ed5646f59c97d231382c

SHA256
f6072916712754c50e77cdc6253a0a01a01046165730b7d325736971fee601b3

SHA512
c93e12c9a90781151bb7b4ba32a5024153847d3dc3f17c6f382f84a326ac96818e2a81a8502d96cf42069f6b7cdd5ecd676847d2d2d2d272f9ab0e3de82f5756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49f344795edc1e316ee1d87f5b3783aa

SHA1
b7de2c83c43cc8bd8a3040a299f5a7a8d27a55d3

SHA256
8a8994b24fadacf192e3b89acdac34fc4a20897ffe01408f71eb19fd92750dec

SHA512
182a7c180ee4c3b5d35cd550125bb9209edd98d9e5de5687a9294d88a35f245a748cabc217b57fea39800c6eea8a0a7576bf21a2cad20e7dfd16974123d70e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc77d7766e1459a511465f3f0217bc2a

SHA1
a1a6b8be78c761e726765e6ed45da86abd1fcfc4

SHA256
2fe28ffe2bfd3b8b8e4fd099a69e64aed443ee1a0194a242f22714969667f3cb

SHA512
e09c06e35340c94ae3aa4f702909d3628228d6879bb97207283e725884c624a4b8ef38f7759bd308c3cac80756f59f16eb8c844a1de60c66f58d40f0bbc5b3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea5bd69c03b13918a22481ac5fdb45e3

SHA1
9a0e5d8f08789adf1ad1641de0c60cd517e6cadd

SHA256
fea01b5100c6160793e851869ec03131a6c02f1e6098d789dfccbada8d10ea1d

SHA512
9b90b3bd0829c9812e2b7ebc302bfb09d680afb37d757b9be6799a217a1e275c6be7416b35f5fb88910572e7cf41d3c5a4cacde7497dc35e4c2b287612adfb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31d09c12a7054431b1e9521d84d90468

SHA1
56f41317ee092de58ea0ae2ab37308a23c293a3e

SHA256
d4d7aee8c53ed6f048710eed7b3f67b132f3cb388f77524f3069549ebb6ebcea

SHA512
0405690187a09c8d57c1911e59d3c8f2c6e918883c09cd6a025cc0b3eff0dedb467dc06ad9dc8ee5e42fcc8a864c8d01004b06ac1b94c7efb50b8e26a0c80aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b97355b2cd538765eec30dd31191225e

SHA1
93d95104c2fc79097ffdee6314f4049970b20942

SHA256
0aae386302cdea03f4eb2ec216af8e1c072735868be2001faaed3ac8c37f66ad

SHA512
a10429ed75f0330523e191e7ab2a451f73a1962d8fb03eaed6703fc5b68d75cd30442d9d9b4e04a24ce675e4f9ef765ff61f47934be46c3c1924909582aa435e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4330ee8805eb9539b220b19ca50aaae5

SHA1
a4c87a6fccc1c477cfae136516a5e41c67788b87

SHA256
1d396882c64ce63327cea2d4625b60136401af9f52b7833a9206c9150b2a1929

SHA512
bca00d8d2c964dff72e89683146d94c026e9f40f7ee4a70fb202114e2e8a2af283713d56b9d7e69377ff4ef1a17bae7297b056e634c31baa07f66f08fd360b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2d50bbc276c4964ff5a93cb56312c95

SHA1
8f60c1c95fdafd23066ad81a8f88a80c971ac146

SHA256
9916ef72860dfc1ff3c4749dd8450095f58eb4ebdac853870abc76031c983faa

SHA512
a4fe14ce0f12f4f4e207fc0ddb5f8d343ad88e1eda3376d11e101ec43ba8192dc62d76f5c14b099dfd2419ad4007780781ee44f1ddab546a04db87992485a9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e51028223c21e3ba3c07d104ed620518

SHA1
1652e0f06affe0a358a88c3d87cea349183d0ab9

SHA256
ddbd62ba812e22e5e743b15bef3bf3e5c66b4b2d9c533f52115d6aa36f002ceb

SHA512
f84c13168493257743aa3e2381ceffddf83afd107f975bdaf4f82bd5753c53c161c605ea0631a91a791b178212535ae18363f5f45fc80f2bea02a608d3354561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2cd8fa1e1bd46e1a7d736310f2978477

SHA1
73d9abbdefbb2a356f144ed2e8686bdbdf0d5153

SHA256
f11c2e7869ed8aec7e68784e5cd2e47bba19f7bcf48f5612a6a20b56893f63be

SHA512
0814f0af243f7922e13248a17701a9be48c0c59d689af2ce09eb16c15cf3bfd08d4634b501316793bec5948ddd83216c0440054427e3e0de7c700f2cd6cdb630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
017cf1b3a9093fe495762588bb8fd157

SHA1
8a2ed87d970aa08f5b9c686a7ea17c64450df4b0

SHA256
f0fca0d7b58aed79ff034b713e5fc18ed47627264419658660a55f8a92a610c3

SHA512
9e3d4fc64d762150e8395ed58e091d608fa7d25fa9dc60fe97f7dddf5798caaab2493c6e94e47292393995ee8aff2fa307c2d250d6f27dc55f018cdb6bdbd557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b75bdc6d7f4946f47a77d108598a14cf

SHA1
4981e9dbcab5817dae6417d4380a76a3b13a7f93

SHA256
bb8936577b085f99c36e9f02567fc48722cf402255f61c00badbb53dd38487ff

SHA512
d2ce00d47f5d24758acd36ad26a23d098af71a56d00334b5c46b4f00f9e443df8ccb2508210beb67957d1731b4e82588ecef00d1355b181f6931aca6ada6a4e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15fd5a36773b4a3924d94d71620d6635

SHA1
0c357c6ab8e91c3e6af62a7f9a39a3b6253233b9

SHA256
e38092b625b3719de53c69038e32d613bbbeda9d09be2dcd1093546263832693

SHA512
d93c141e2ad1dc897d63c061d396081c2bdd2ae98460ccdacad65932e28b5b253b4ba6406400cdc277a1b43e8ff6b31d5b3732a806d4953909c43240e61db933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
493a0b30e0501a8a0bfe98d158f960a8

SHA1
4fbc781187a0c4dfcd011fa5c4877c52d5dbe343

SHA256
ead5d06036ca8b048e7eef673a4eb7be425df06b6ee27311687b1360cb9980b2

SHA512
76a7fd340a0d7d4d4873223dd81cd81deda4266418ae8b80f1ab72334830307dee22e2f3f20cb014b18bb4d61fdf44bcdd51024d72b0f82813cec40c124f2897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
beb4b7ffd07270b8b9c92c40c49c24d8

SHA1
49fbac8fbb8105e29e50fa90355ed0f5193f14de

SHA256
11a88bc9f5e734843b1bf9e61b2e4c788020ed689f21c6e1c87f304c31ac0381

SHA512
b5ec2b78fe921865dbd36c3006922f0ea5462b349d0faf40105b2d66d38756a0e984562e83eb26c9363ba5ba250823350003b550fdc6a4a7c50554a83ca1618b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f383049f4ffc6f6d78718ba250571e2c

SHA1
10605ed228c0a9dc6bba48fff0c3283d9725224a

SHA256
67c17a4815dc836bf55940ff79137d153c22e5f58bf7672500d89b811275850b

SHA512
2112161bde6f8b4ba5f37ed32f4a8061d5cfa6e52be891fa3951ba35b10da07efd82b4d532bb1a0914be409ff90373a596d0ef9d5f260699de29f5a507729d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a743a333731f9e6956475111449201b0

SHA1
7d22f4ce311b6ab91da51a1dda2da6e6151ac5c3

SHA256
757c74df4292b5c2cfd83d13dabdfaf816da8b2dd02a184b1f141f1c8dfb98a3

SHA512
14421eaeff6734ba00f025691fa9e748798a0a6e8340a5733a399842367a6d539c150ff6f1c713258798e22ffe2c0f8fecc84f06e6ed4aa5f48140fbaeedbe1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58d28d.TMP

Filesize
120B

MD5
76b64508980eb2ac7754e10f032f5226

SHA1
c95883519392b78a7ecc9ee4c69b9a83e1cb8221

SHA256
74b34e4ee761c963801ce0fac9631ce02aef821c5a246079ad3b8f24a123b30d

SHA512
8fdae4df484a2e3d9746efc5879aa10d7e15ebfc3e501fe05eff4a60dcfc70f044f715254e3bcc341954a2fce4f8fc7e28df58688720a889d4cf6a10c09bbfb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
37KB

MD5
8974abffb615a8eee1f1e444593c39cb

SHA1
ace21ab1b548de6a4fa956b2a076bf531cc627f7

SHA256
f697d105dd107f956d92d1ea77c40ee6d170756bbe08d8f3a9d041586e84f137

SHA512
1260c87a162b3b5a0e79c04120ba321acbb60b3f41f40bdf091b3d43a9a9bc3b28db30313527dac0d1c6771f523be11b3c821642e46990af5aa2366256cf3942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
74KB

MD5
1bcb4aa84b0f29dc2025c382fcd9f86b

SHA1
fbda5cf25b2707c30a34c058c01ff62484cfc588

SHA256
5adb0583620d1ae13ca1449bd4aed88504da13bc04c797fff5d27660a1b75b17

SHA512
452a46bc87ebddf988feaf8d9d5b586cdd5d6cf26a52aca0eb20c0bd6cf39711afd0b8da96342be81284e78d6e251998ce66f6caea782d750e325d8ffa01bdc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a06a1284b89874f59c34221efc786eb9

SHA1
f8632f32b3172ca053deee90a971e28d2fb5abd2

SHA256
0d048e837772e42be2c4127d6b72d411f5720b4ac1b675bef9588716ca45b501

SHA512
0af6a16d6860c5afa5e70713e22608f728c9cefb78685b1bc1ddc48a63b2271e18cd2490c6ba6ec45f86759408aa9b9dc0774741c82ab03642c34601c5b909d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ab7d.TMP

Filesize
48B

MD5
2a80f2a7539a00d88ca20570867ad59d

SHA1
41f6ee1bfc0ef6a0189ea15c0d245915599c866c

SHA256
34bdbab6e24eedbcb3d17f2958ddfe58399dc4ec86854a5a5e3f16fa48664fd8

SHA512
1b1c6742753eff48d7861e51d3bb5d0979ea50bc17db9055b9145da87d99be39a207c42a8721c37a623602bb174c3c5a2d77890fbe473b47a267e4506f2b0be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
141646da5ffa6b6b596d895bc7bb3a35

SHA1
1058945cf373b2f56c3b3be0176e77570a62e9da

SHA256
e417fbf7184d4790527c05d4284e959e3fd2d9104fdbe0dbc06ed7c4747a4b1c

SHA512
e133b56a5cfbf12feb331ea227b0c0351efdbdf0f4b8076af356cca378ed00ed34f83a4c1410b1d7c5179be78bfd0bb1be6dce423ba55da2e0fc25c1d8702f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1c22b78e18f11bda4b25bb02c87dc167

SHA1
c62c147986833390a4a318b9cb346ddd07ee6d41

SHA256
12f092f5331499433efead1a6317b10d740d2af5b71f5b08aeddf8604f112cf3

SHA512
3b98088f86eadf92647183094f39b81ed86de60b2c7a5f38ebd2712a468e95ea9ef0d4dadb558cbbe440514049da73e71387aa988b942d604d1a8525a5d2238a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5967696a1fa01f9ddbe5a3e18c73b880

SHA1
448a38141db3c327b7b33f71b6f0ceab5ac6cbfd

SHA256
101e756c88b49c0eaffd578a5a523a965023f16ef982ef653c04744e7d387ec1

SHA512
ea322a3e0c0fc44e1f5f02aa7e4c3104fc6e31a6d792a8acbb8531ee9f428d31fd2b0ec6d052b836ca784c6d7ca45e3236413ec0978be942346ff9a95746bde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7ad64a345146207d9292c507fd4e8ec9

SHA1
f2958fd63a95ade4a21d2db42cd4561420932605

SHA256
ca87a5409f24cfa660e9f0442e9aaaac8af7c7b288d6e33001e84915e7b479e6

SHA512
ccb05b44d8e043f8e2b2632e2493b435942505a29df49c6d02316c995060e126481df85758cb320e976e7293d0a6f18c85a2ede712ab755c295869bc18a6394a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b8bc3eb29d190c481d0e8120b793d85d

SHA1
5de504f1637f60dd14769227a1f2650a76521785

SHA256
0af6dfd87d29d3fd8d708fa3cb35be99a8c3235a6511fc7169b422955c311c2d

SHA512
ee5761eeab9c8279c2a5dabe84ddb4e03a7bf8d560b025df20132f69c77114d651ae9140ee97c5663584db2f284499bbaf66e8d1dcd51baf2bf20ac11c297696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
88723ea4aa98a7feb3a54d2a52b1a1e9

SHA1
205fbe8b95150dfcd09a6231af99306882ba98b3

SHA256
fffdb3a0deaade99412f8b2c3b2f02353b9412ee9fdda8493cd4e53527bbdeba

SHA512
9f3f3e76208cb7ab59b199b83c9ab1d31b852b03f15d05a3397631f7bcdc18238e44fe37aa98a3a523d06808aa0ba52b1aabfe0b562859fd252d358f610695ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5eddc16ee2763671242e804e447efe78

SHA1
d4336d7f1c0b6ccb0bfe824e6abe7c64f5345093

SHA256
bb5705030789de563407eee72849f5c218fa1bad7d82b3c4016e0b64b680490e

SHA512
700ceedbe5f14bb8a218bc9aae188685adc17c4599596ae8c7e4ec69dabb10aa51f82520ec3ae4554abb74051329fa8c408dce1d6648256d04733e592bf17fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
40133a6d312fc89eaf09e4498eeedcc3

SHA1
1722e3ecfdb21dbfec3418b9e1118de196296916

SHA256
8cc5f991fcc34cb13df4303c805aa80c0754bb0efff6991d19c2550b0dc51a1e

SHA512
705911fbbbe7faea0fc676f92c7190073f0285b3cb2e55519ca5376451e64368cb8f4042ce13d04a08146468baa62f7f8bc23ad4ab9e724edf60f77a30665c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
9dd644c884a8782744e766171ccd071f

SHA1
0273de732baabc0e57e9b3e99f2f32b29562bb34

SHA256
5e08135c6f77e9dff3025c9a09503bf02a9066a7540be8404bba22da8168524c

SHA512
ae9cf9333abad9100162e3e1adbe3bfdc3b58672e00f2d04abd51a4131ee163a6f28815d8b03b4bbd78f50901907d55802f5b9e24baa9782121eba237f554941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
d2d19c0bb38cc0891029332e8cac572d

SHA1
2d424261e3e244220ed5f4838a4a2ad8bb7acab6

SHA256
071f8b5ea739a48104ce97bcd9cb8c63e0517eec3a740711f5f6679808b8cef1

SHA512
196e68aea3bc0496f0a4292de0a88b315ba2f6ba8893b0fbd6c2c6d634454ea4e7338421c0620d97d28e5a57cd8e9421f9fdd19643968f158988190e19782a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
54edf127c84f4d2b308fa40d01bb117f

SHA1
ef3c1cd2e75f29c816797b325cf4702a2c157f93

SHA256
5a8fdb22fba9cf261c627081ef98287fe099e1d23b384f3da64541bbb6048a4f

SHA512
a06806383d320729447be37e2e306fdfcfae3951f425ad483b845ce689caa5f08bcfac83e41562da91ab3b2cd1290cb312aa312ac8cdabf8b5252e71b1547267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5853e7.TMP

Filesize
93KB

MD5
ced2e75dd5e310b9d4913b755e7986fe

SHA1
a6a92b2c31561295c7f1337661af6820a88d2d7a

SHA256
a55e2e2d703f75d229760770cb59717938460b96aa3e751445d5a334105f5eca

SHA512
7da5b99b0feb9b189e2c6384ad620f471148c9a02e16eea9dd9722a501b5e465d7a76488323ab601c65773b818544678aa2372b25c093173c6bab2c92040b23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF960AE80F43AD64C5.TMP

Filesize
16KB

MD5
afd709ce4aa1c756e924c55521aeb089

SHA1
bedd371fd08030bfa31433773a07f42cf0f26108

SHA256
a6727c80084688c691cfb14cbaccd5a390fece81fc5002ea3f8b55b81a9777ec

SHA512
8d88942d58ab8ad8cf7ed64dd2120a260c826533e8269727ba4da337550525c40e519680cbfc4072a817a32823830659026632aeb4c16ab7b1e6e513fca8971d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131806471\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8546A199\setup.exe

Filesize
5.3MB

MD5
d2b32d2ca95b09c440db5f37788a3829

SHA1
d0f5f06b9050ee2cc9202e6eae18349ab1257d70

SHA256
6cab004538645353524008c307f897f76a1b46282ea6761cc88fdd4b6fe3e9ca

SHA512
cc091d48ff9abf5add640bfdf99148b466cfded3cafc8451f87cf3723fd4b7f096e4b518216fbf7482f34167dc8deea5de251fe369bccd28ce2bf56b09163a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

Filesize
3.8MB

MD5
bf6eed6cdc17a0130189a33a55ef5209

SHA1
e337f5a0931f69c464f162385f1330b4d27b372f

SHA256
ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168

SHA512
90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

Download Submit
C:\Users\Admin\AppData\Local\opera.exe

Filesize
2.1MB

MD5
47d218e6db953b1b9ae39a3809bc3cd4

SHA1
baf798a00c4ec88f46f916873d98b631ddb4db23

SHA256
72bf5b4529c8b94b04224d675938fea8dc108f9ddb07011b134a77b26f6710f3

SHA512
a7ea12beed5c7f750c83f954bce327905838dd04724031ac4ff9a56cf1a8f4f62a0b32e0e08f2a00b79bf036373e73744759e9efa1a799cabb4aba52548ba5c8

Download Submit
C:\Users\Admin\Downloads\Roblox Fast Flags Hack_84277591.exe

Filesize
5.7MB

MD5
0aa6945aee17c3eae75f48e715ee5eb7

SHA1
b84977d612d1760f7a682e96dba9f7160cdaf72d

SHA256
0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc

SHA512
8cdb467c92fefe0add78824acc496bf1c70c1eada04a801076073df92497660551c7b3c56a7d97a5ba74eb75879e5323f4b33ee51f94cab8c8afe6515056f5e5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 573993.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2410131806459965348.dll

Filesize
4.8MB

MD5
a0a086eadb30b33d556ace427e6fe3b5

SHA1
ccd76ed307469d0e2ec59a57f4b9ef5f6db42123

SHA256
99ad2bef393791036eb600f35cd5ba5c7d9cdb28676ceb5fb6fbb748515e2f16

SHA512
f2208b5ad4180d7bfb1b6eab3f18f52692505d5fc84ef34118e16659421a099f11fad1ea49233951057bbdfcf173c13d9927fb2ea984629b8fe60cd91c8c14a6

Download Submit
memory/232-4354-0x0000023619180000-0x0000023619280000-memory.dmp

Filesize
1024KB

Download
memory/4668-4401-0x000001FC5AD60000-0x000001FC5AD62000-memory.dmp

Filesize
8KB

Download
memory/4668-4325-0x000001FC5D920000-0x000001FC5D930000-memory.dmp

Filesize
64KB

Download
memory/4668-4309-0x000001FC5D820000-0x000001FC5D830000-memory.dmp

Filesize
64KB

Download
memory/4668-4344-0x000001FC5AC90000-0x000001FC5AC92000-memory.dmp

Filesize
8KB

Download
memory/4668-4408-0x000001FC5AAF0000-0x000001FC5AAF1000-memory.dmp

Filesize
4KB

Download
memory/4668-4404-0x000001FC5ACE0000-0x000001FC5ACE1000-memory.dmp

Filesize
4KB

Download
memory/5392-4299-0x00007FFAEC710000-0x00007FFAEC73A000-memory.dmp

Filesize
168KB

Download
memory/5840-4363-0x000001D50CE40000-0x000001D50CF40000-memory.dmp

Filesize
1024KB

Download
memory/5840-4366-0x000001D51D280000-0x000001D51D282000-memory.dmp

Filesize
8KB

Download
memory/5840-4369-0x000001D51D2B0000-0x000001D51D2B2000-memory.dmp

Filesize
8KB

Download
memory/5840-4371-0x000001D51D2D0000-0x000001D51D2D2000-memory.dmp

Filesize
8KB

Download
memory/5840-4373-0x000001D51D2F0000-0x000001D51D2F2000-memory.dmp

Filesize
8KB

Download
memory/5840-4364-0x000001D50CE40000-0x000001D50CF40000-memory.dmp

Filesize
1024KB

Download
memory/5840-4365-0x000001D50CE40000-0x000001D50CF40000-memory.dmp

Filesize
1024KB

Download
memory/6508-4417-0x00007FFAFD4C0000-0x00007FFAFD4EA000-memory.dmp

Filesize
168KB

Download
memory/6508-4419-0x00007FFAFD4C0000-0x00007FFAFD4EA000-memory.dmp

Filesize
168KB

Download