babadeda | a424d4ad76806d261477a6117dc0fd2b0517357a826f9d0d7da22aac7c0f5ed3

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

output/pentest_sample_15.exe
Size

129.3MB
MD5

9a2949ed34685809e0a23bdfea97271e
SHA1

1ada36a15cea1e1b6c70d155518d2b36a03c4e97
SHA256

f3fef8eac63444e364437305ba947e5b9e098ea15cf7e30458ab67d272fa1fab
SHA512

941486e979b1a9a08e61f3f4bb348224fc9a55c60a3ec6a6eadceb6d8ea0b00b5641f549616dd01b374d8ceaf3e05bc41cecaaca27d8e980232de1a84a8d21ef
SSDEEP

3145728:zR/5KgSAOsWBD4TABLmERk6WFQLnZLmzxPj9MDOC7vadxZA6NnArUwxS846PjsN3:zR/b

Score

10^/10

babadeda remcos sys32 crypter discovery loader rat

Malware Config

Extracted

Family

remcos

Botnet

Sys32

65.108.9.124:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys32-PI9IVT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023c76-225.dat	family_babadeda

Babadeda family
babadeda
Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Remcos family
remcos

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	pentest_sample_15.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	pentest_sample_15.tmp

Executes dropped EXE 3 IoCs

pid	Process
1224	pentest_sample_15.tmp
3956	pentest_sample_15.tmp
1328	Mp3tag.exe

Loads dropped DLL 6 IoCs

pid	Process
1328	Mp3tag.exe
1328	Mp3tag.exe
1328	Mp3tag.exe
1328	Mp3tag.exe
1328	Mp3tag.exe
1328	Mp3tag.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pentest_sample_15.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pentest_sample_15.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pentest_sample_15.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pentest_sample_15.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mp3tag.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3956	pentest_sample_15.tmp
3956	pentest_sample_15.tmp
3848	msedge.exe
3848	msedge.exe
4920	msedge.exe
4920	msedge.exe
636	identity_helper.exe
636	identity_helper.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3956	pentest_sample_15.tmp
1328	Mp3tag.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1328	Mp3tag.exe
1328	Mp3tag.exe
1328	Mp3tag.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 1224	432	pentest_sample_15.exe	84
PID 432 wrote to memory of 1224	432	pentest_sample_15.exe	84
PID 432 wrote to memory of 1224	432	pentest_sample_15.exe	84
PID 1224 wrote to memory of 5000	1224	pentest_sample_15.tmp	88
PID 1224 wrote to memory of 5000	1224	pentest_sample_15.tmp	88
PID 1224 wrote to memory of 5000	1224	pentest_sample_15.tmp	88
PID 5000 wrote to memory of 3956	5000	pentest_sample_15.exe	89
PID 5000 wrote to memory of 3956	5000	pentest_sample_15.exe	89
PID 5000 wrote to memory of 3956	5000	pentest_sample_15.exe	89
PID 3956 wrote to memory of 1328	3956	pentest_sample_15.tmp	93
PID 3956 wrote to memory of 1328	3956	pentest_sample_15.tmp	93
PID 3956 wrote to memory of 1328	3956	pentest_sample_15.tmp	93
PID 1328 wrote to memory of 4920	1328	Mp3tag.exe	102
PID 1328 wrote to memory of 4920	1328	Mp3tag.exe	102
PID 4920 wrote to memory of 4960	4920	msedge.exe	103
PID 4920 wrote to memory of 4960	4920	msedge.exe	103
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 1068	4920	msedge.exe	104
PID 4920 wrote to memory of 3848	4920	msedge.exe	105
PID 4920 wrote to memory of 3848	4920	msedge.exe	105
PID 4920 wrote to memory of 660	4920	msedge.exe	106
PID 4920 wrote to memory of 660	4920	msedge.exe	106
PID 4920 wrote to memory of 660	4920	msedge.exe	106
PID 4920 wrote to memory of 660	4920	msedge.exe	106
PID 4920 wrote to memory of 660	4920	msedge.exe	106
PID 4920 wrote to memory of 660	4920	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe
"C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:432
- C:\Users\Admin\AppData\Local\Temp\is-QSR68.tmp\pentest_sample_15.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QSR68.tmp\pentest_sample_15.tmp" /SL5="$D023C,134703868,908288,C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe
    "C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe" /VERYSILENT
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\is-SHPBS.tmp\pentest_sample_15.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SHPBS.tmp\pentest_sample_15.tmp" /SL5="$E023C,134703868,908288,C:\Users\Admin\AppData\Local\Temp\output\pentest_sample_15.exe" /VERYSILENT
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3956
    - - C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
        
        "C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1328
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mp3tag.de/en/download.html
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe648046f8,0x7ffe64804708,0x7ffe64804718
        7⤵
        
        PID:4960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        7⤵
        
        PID:1068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
        7⤵
        
        PID:660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        7⤵
        
        PID:2800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        7⤵
        
        PID:516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
        7⤵
        
        PID:1552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
        7⤵
        
        PID:3904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
        7⤵
        
        PID:1456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
        7⤵
        
        PID:1836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
        7⤵
        
        PID:3496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11990513222680281026,9395184294455540960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3956 /prefetch:2
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
5d1d1fac940795e955c09b24802143bd

SHA1
c808b1817727e9c2432200f333e6a214b872c7c5

SHA256
60db70991b4c60006440c8f8f8f08c3f0ead6f26a3ec13fe176e7d3913fd9c58

SHA512
55b4a664a2f071600bc32cef0eecd99ee1cf661f50461b2c0fad6bbeb258fb2cb12fa6930d6826289ba3d63d82749966c4ade3212a1ab4db65211afba3cc32ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
caed8e39e64f62f459fd947ceee765ab

SHA1
a848d45ce5d09792c664f1b9cf2f1ed78b69bb5f

SHA256
84a0af4752d9e7c002c2412d967bdc9ffde6ae40a259c594d5264161396ad922

SHA512
d376810a82c6f2fc8ff2c0a8e6b99070afbdb4b4a0128bdffaf0d6b21fdf0fbafb8076be2cd7022db65ba2ad08c43261f1e5e7a93dc7e958456961760f0b9fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
8cbf2191693efb445cfc5db43bf352f4

SHA1
48ffda9d053b22e070ccf6b35f4b8feb17c48a60

SHA256
df61caa2818989507858af368b7324442fcbfc1a432f1b826a9e12f4f84f2ccb

SHA512
1f4d478c5b659ae1c017041adff19ddb4cce61d39ecf1be5b7a12e51e29abafe9b01d48ae7e42fa1d53a63cc0dfbb00915554daa7d5060fffb92c666176c0d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58793bc47d8f29e5fbc0b53777ad4ac0

SHA1
d89a7ebb48eef3d4b4a7dabdb554835308d6319e

SHA256
91d5ec40b5812e0cd61447f5a30ef3944f841af4dabf378563348a8476be3ba7

SHA512
076befadf88e9c1333fdfa38a891e516b65274111a9fffda5406ed01d60b041469168b3505c1f5105d16dea530f28412a9966f74186216f65e03511e96566d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
901b77019d453860c149f658d9033cf9

SHA1
b92d0156a853dac26bd1107e21775e470ce80a86

SHA256
ec6302dd85f40d3dbb93a4992f3b55751fee4ff692be517f8cbc1edff7e4a958

SHA512
1327e8218ffacf152698396b0f001777b67750a76f25a2775350991cc9fac871df6270c48fadf83de9ecf8c538b247413d33ae22c3b3614a1890e01518af172f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94dc4caafd0153986e0af518f9b36156

SHA1
36d07f4efde7ca828c61cabdfe21b1e5956c3568

SHA256
1beeec13ccad4ee8f3652287c26749edc4b54a75bc3ae33b137d4f2000769657

SHA512
2e30c30e0cbe86617f856f040ee38813eb451ea8583b685c9a7044a4ef4ffe70fd7869903c10686060d8c8b1302f0a8adddcf04a234395632ae3abdf158d1125

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QSR68.tmp\pentest_sample_15.tmp

Filesize
3.1MB

MD5
7388fff746d0ccae6e5610e87ff63b7d

SHA1
3ac665008fed3810141cf530627afa365df6dbf9

SHA256
85431ef6910699233ecd80d08c13f5507990b9d5d668f589768416c4a25b8494

SHA512
9a5002a93c0b53854af4c55c26ec65709f4080e6940b22729a399f844a2513a55e37cca1df960992996da8976ab8a918baa7b970afbc04e25b0f511bec7b4d00

Download Submit
C:\Users\Admin\AppData\Roaming\Logs\logs.dat

Filesize
208B

MD5
c3d29c31b977eeed0f8d30db9047f9f2

SHA1
d9f4e5eac5628faae5686e0e7df1089b70f53856

SHA256
a0f9f24e4a4dbfbb67e33ae2cb1c4907f1f60405052de030a1ad2ec9787b8f38

SHA512
f9e89e5e020ddfeca1901c5358e8994877d0607509a04d40ab872e82c48014268604560d689886e55d45002d16b1d989b42025e6bdb0190e509229b4569fe736

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-English.chm

Filesize
587KB

MD5
2eb4f53ae6bd1b85c8a34020d37fbe22

SHA1
da2e015b284c777585055df22c2c83bda0a62f2d

SHA256
ff09f8496fbec5c9453f50cdeb06819d608b6194e657d029b2bc8744c53da7e0

SHA512
163899c6821e835c22f0043fcd39293b45c4c621b83389b603f3dfc86f3f53e8a69abdb5c9caf77de55e5e29c0ad6e26f52c4fc10751c41eccec23b20062b24c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-French.chm

Filesize
610KB

MD5
83352aae89bf34e7e06308e6be436a74

SHA1
4c3af7c0bb241a13c6debe6a536e51a9168a070a

SHA256
76de175d74cc0c76b22fed9cf92c27454f13291487d1c4862b22b44ec11f8394

SHA512
5f5aef9092db37fff8cd34243a89073aec3358ce3d6567f47bd943cd78d547e9f0d4ef20c24710f29e4af676683a5cd70421ab456eab85305924dd1cb9d8d67c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-German.chm

Filesize
630KB

MD5
37ea5ae1b45287977e65dbe1faaef1c9

SHA1
e5a459700198c3de5c658f67eedf749379c7cd97

SHA256
4fa129633bd035751f0fa7c376ad51731e78207408e5abe334e1542d5af2bb8f

SHA512
66a17761cfae732280f5a61d98514100f92e23699ab0116da6756890a53e971177b1ec11213e7080881c935ffe352ec4e0676a7152f63bbdcc35b74ae70a91b8

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-Polish.chm

Filesize
629KB

MD5
d581f7b2554311d06abe30af742cdd23

SHA1
5a6daaf86bb5648fb5c0fcc7b0cd7ecff8a5bc98

SHA256
ab629a0a4e8b9d6ce427edda082dc2ce4710248f2ce95f96ec8f2a9b772f1f6e

SHA512
f62d096ae32a60ef5bc2d411be91caac0dc087a4cd433085f56bfdb89ade88742c112cdc1b2818ba5c5085a27e14c4f609fa8823ebe83e85e725c9da06973550

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-Spanish.chm

Filesize
606KB

MD5
2e6bdff2f4fad5371a7186eb61b4620c

SHA1
6d9fda4bfe4732815cad0e7aa5366774a091e6e6

SHA256
cd6d7caeccf6297b7167dc5a7359056d442dc60bd6e0cc8365893a29d26111d8

SHA512
fca3230b529c6e9441dd4e4ff6ebdf6002cb093a69bfa3cc4e097273af6aa612715ff9f2f638a424599a12ce146d548cc4de9430c098a481e630fd1c5e98006f

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\History.txt

Filesize
28KB

MD5
a227ca2864720ddbb1ed98fa86c19144

SHA1
c203185d03f247fb6dd1bd1b7d930bddd0c8ffda

SHA256
120fe3d9c3ed32f75611e25955e5a1adfb22f3e73a846b8d535d4ea18659f2bb

SHA512
3ea6bc16e55250f6e505dc1ebcfe571c1af6f5a47475e7275fee1a53671482204bd7a3dc7356fc3689a074c9b759ec79bd4694f29f9fdd51b51371b11b5a5d62

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe

Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\intro.dat

Filesize
452KB

MD5
375add568d17aee03919c72bf76274a1

SHA1
68b830009f336cf68c0837630ad4acd39ee4fe02

SHA256
9e23405023848dacfd7eefa20d3eab91dda8054607c23ff0fed93ee7bd7c06c1

SHA512
3b264e40a190c442b81636b38604c03a3878f6f6a0d3d23c698958267fca57a9609db99a7c0387a8047b98e03291a192c1aedf5b2d84a1afd0254281d254e07b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese-H.ico

Filesize
1KB

MD5
1fc48b93562b46e428a2db1d4ea4a099

SHA1
772bc0d8527c5a0450fc0ff8ce525fca240564a5

SHA256
0b29a27f3d2ab4379cd99e9e7a93f6e40a0fe12cb73d1e6f3d296ec2c7e38a58

SHA512
55634f207c835a4dfd90ea1501a9ea5a0c406940def5f3b690d8b67085da8e61e890b29be679da61e8ce58a6f176b9f8927c02b81dea25a9de5561e1ea054a58

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese.ico

Filesize
1KB

MD5
2ca29c521af17539d17968900ed650a1

SHA1
b508852a5febaa2ebd942229cc9104df4059430f

SHA256
1b8a834029f10ec10d796c8344b990df082a3b3c67e8f480d8ce48c07177d549

SHA512
90ba3bd6431912fa44458675eff9be42d99665b505d5dc4012591f4b018033ff95c6b7adceffe639040aa32ed2ef8c978c249fae9ede5a2db26e9b522d61d11d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese.lng

Filesize
33KB

MD5
6ffca121b98fe96e137fb02a96165844

SHA1
54c4a3a5f64793404e6432ee73cd813ff80d7987

SHA256
8fe61fa9fce770d0e38fa2c74bd81b926767bc31e70d3ae4445f283f9791e232

SHA512
cfb8f5a4d951bb2ed638cf95d3bdb5fce42e35f4ca2c2ec55a84fba06bb98e47b803099a19a009fbec09891ead41179f9781d3c6713a34374ffae63a2b0aff67

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English-H.ico

Filesize
1KB

MD5
e5e33562181f5549042249668092b0db

SHA1
7103748dd38ec44a3dea582a9aea2123870a6937

SHA256
1dff252a4f45c471b8fc81d5d1c94ac1ca918a2ec0725b875f088cb75b53a938

SHA512
9cdf1a067383086d7ea79fe145e84ae6be8b1e476dcc357416941c8839c46eafd496f865aa8c553df6ad61ea1afe00004cc3df22a395cbbd53f4b45423468b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English.ico

Filesize
1KB

MD5
1a25e199fb242d852a2bd217fd038bc1

SHA1
9276090831fb29e65b781624ccef3c2390014c5e

SHA256
668c3afced3f33fa016a3b1ff65715acb80823172493ded605633e937000b235

SHA512
347d5b00be749330f173b8566f6a80d905342c099d6e41afc856ea5f5837342e40a3a0e376bb50f62fe7f841a53aa04e93161d6053159324c51e7ff89decedbc

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English.lng

Filesize
51KB

MD5
e89dffc6ef81076aa3d6c5f44b7a9ee6

SHA1
f93acb2fd61275a661072e991dd8d2d70da32f07

SHA256
793b6104102eafe70dc608eed2a9b5aa71faa19f068c8dd0339457f3ed3da31c

SHA512
0f99bfb3902dc2a4c94bd61e4e8249e2ab0bc1a1015a556f0aca3038858385c839e26a3c03b19c88bf9b8ed7d30f8ccb9f6f1bab851f935689ccdb4b8907b94d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French-H.ico

Filesize
1KB

MD5
76872d444ab4c1719b42cf5417f1105f

SHA1
a6a1a7e596dd4068e9960d30525e4589b79bd4f8

SHA256
82ea4ec8fbfe3cbd3cae19132d23455ee2bea3ab65f2eba353359f0a45183257

SHA512
4415de96db7510a01369d8357522e41676d0be3249f3f35c03553d100714ea2bb4181ce9c8c5fa0d87700060574cbed56c9e8867023716beb8aa23ba67b6ff5e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French.ico

Filesize
1KB

MD5
31593b847d0959e8cf06ce0d6e55a95f

SHA1
e9a160d5c941b64d4f27f563410e5974d8f4adeb

SHA256
86486cb827bc98405ccc888170a08eb0772a82a88c3408060c5d271358f27a00

SHA512
9c75add56ca25c473b00f4c4c87c2e12ddc3ab1c95eaf969ae3dedb81c3c5804a9a445d7507f7698833cf3b22f734b50091d1b47b7d8d3062d27d58924dc20ea

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French.lng

Filesize
57KB

MD5
1eb77a05522e233582f3b5c0f8e7adc2

SHA1
6d9ca22c95112162f1d68917d14e22c49fd05ab5

SHA256
700a3566f97fa9881b340a7adf9883868bdc2e6ac6068c1ce9018860a533b01e

SHA512
77cd27845b29c729dafeaa821a3b8699c3a571af0fa0b8434671869e625f92c722d7f19bea967e7670a25f8e9ed498b08fb3e66cf4fc4016b71feaa9165bd14d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German-H.ico

Filesize
1KB

MD5
9c782f29599fa09859e1941a6539ede3

SHA1
62ac8a8edaf2be1ae5e552e662566f1ac7d5a4f7

SHA256
71d4e770225df363d73cb78cfdb7b4c12170e4c1ce88a51668d944e162cac55d

SHA512
d5f878471c1f1d48670051e8ec3ab0fa713b3bfea193e37ae4ac1179a78813d3710b0d1d208b994ded33dda21f88f99b803e445c800039457ae6dd2bef0e8250

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German.ico

Filesize
1KB

MD5
aa8483bc62f65bc8f9d7a55f58d2b0bb

SHA1
31d4ed6f4922d18aa21bce30065fe218d5c66708

SHA256
6277806c8d03094a4f62ce8c7a2d93ba5d207eb8180300f8ab2b9375eb56bbe2

SHA512
bbc67477c76744ed761b2f6765559bc3cb63408ae93924dac085365ffa7a1d4eaa1efbab991be5629573a47e9a42c52e7b301271af4531ce7a89788efd481a6b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German.lng

Filesize
53KB

MD5
8d3658d1bbf7bd1bccb2d0dc3a866625

SHA1
b8119d0d0ebfdf334ee53dd25a5fd86a23207eb7

SHA256
14e9f290930517e935f25257244c8152ab1cff1a0298b211d2e9acffd823f48f

SHA512
43d2b29861d9a3db4243080b272e36b36f015662c07d6e1662e0c56d6e6f0ee38eb53196937171fc759e1848db69f047dc9015dabc3db34be4601eb12c8eaea5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish-H.ico

Filesize
1KB

MD5
d4a2b48b3aa4bc93096ac3b5767e08d2

SHA1
46af87c4f45f4bc6766a89b535b3992248d56505

SHA256
d606afab07684101fbc4e6bfe5cf35e5c5ef55e24dc13e6bb44afd0fa39ca3ee

SHA512
e0172ed88675c51ddc2ac38f68eef02e55dc028aa6e9e33f606bd73293748e11b194a53f2ce2853681ae627a1f3a1b0b57fafc6f2343ab7bb1e412a681b749d1

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish.ico

Filesize
1KB

MD5
ad8bbac74c6010604a7bbd9e4df43688

SHA1
eb18b66c38b2a5ad5fe98177b677b4ed36c898aa

SHA256
5a98fc48378b8772579632706747d35d3f16c542fa5f0493b44100a0104eb559

SHA512
6df720edc81ce9af7e26028073219fcf3d8a503285bac95e9bbf2f6e7dd51e05624d72d9cd7bf670bc9c081ebf25dcde728ff7d21386d5a1d8330b1988527c56

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish.lng

Filesize
57KB

MD5
510bf502e1c75b32b93149b5fe4cad32

SHA1
87817f340c57a54c6afbbca340ebee1255b7d184

SHA256
9a4e8473fcf1a0a551ef9f03b260f751f27eb9f0384f23dc12c060daf6c1c2e0

SHA512
5985b2ac20e6a5495e9f1d8aff6cb460cac2042213a73c4477eb09c36c2141467bc7a8966330be22bea59212a32cca51307b49fd42d3a27bad8a338f08f175c3

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian-H.ico

Filesize
1KB

MD5
ee464ce2c72dc4a01afccf12b318ea23

SHA1
9cebc61498162ca4847519cdd0739f97399cd396

SHA256
596b46cdafb26774740466a73d4031813511db5840d2fe5c4d90284278a08d99

SHA512
0645f8d741feea1debe9b7ee484922499d44270783ba3d4d65232d7b6f2bb113cf4adb8278b78fb8dc725228fe21e912a2b8b228cb08d58015a537d4774e7a62

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian.ico

Filesize
1KB

MD5
ed0fa2d2cd41dbb442b010b4bd2cca9f

SHA1
783d3843a976bd91829398f9ccbfa5b98150023e

SHA256
7c24485ad1023a46521ed10a38ea762cd9c185aeed7dfd32a717d274606d8074

SHA512
4b2134844bfb56b9ba266f6687359117d5f0c0d5040213c025d906fab5ac8711a09673bdac342c59bfd1bb0fc8294c5a4f97cbc29567bd2c52b90dbabddc1d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian.lng

Filesize
55KB

MD5
c9e1ab651d7b4224dda2f0ab26cb6ea4

SHA1
f20014009b702b0394542e1a783543c45f3848e5

SHA256
1344db026c57382d39bd9d70ca19c8061ed6bc030993957c8062593b70fd36d7

SHA512
48d290c098dcc2e5f14c72527b2a9ea9982a762c4c8e01deb4862d596df0c695d2eb1e24dc0a0a87fed7d5e31330c61a5adbe06193e4b0ac772a3cd5d68caae0

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish-H.ico

Filesize
1KB

MD5
959a045dcfc52077692f0d091db9054d

SHA1
ecd119a1e382f059bb9b04e37222ac3257272994

SHA256
73fca4e5f38e65f21b2b7251231178e64ce8cb288044d064e176965a1b4dc699

SHA512
022939b3cf3bc0555b190ea61b7594fe24f87cce44ce371f081d67202fe085e19a550898a4372bf8cca0d492a9ec837ff3a9d680998d2d5b35c26a5b0f042a98

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish.ico

Filesize
1KB

MD5
603afd32d12ed4bdc1bdfbb11040f271

SHA1
ac68f01be1f873330333ccacebd8079e2a72adfc

SHA256
9eb18c0dacb6e60abdf315b853fd6c9db8968ced959b7d31d1dcbc80b561bfb6

SHA512
b93869f43ae9cd0c1cac0d21b588527a3f93eeaf972ecf1f6d167f36d5f8e3d677daee6db0e1d409294e939cc8f2be2c65f4c0fbd5ca5918a09b01571a630c33

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish.lng

Filesize
55KB

MD5
e823235f336b6a582f4ac01a37d02f28

SHA1
00432df7a112aaadc5f0bdf0d6d1e08cbd0a24b9

SHA256
64fa7bea1e6ff8edb8b7b1b153919ac85a727e70ed16525cbbaa3083d1285cc1

SHA512
1906fcee08ab24ce108d246f7a969694cf85096b97dd662b5dc62e8ec42a8af108c5a737c7ba81fd6a34ae5c45375dac55f8da690da0fa6098b3a0b5ebf70c51

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish-H.ico

Filesize
1KB

MD5
397c2b2e3b51a18e30f2dc89033cad0e

SHA1
7fa57dd3a500786ef134a784bdc4db1f63c084b3

SHA256
a55d201a33dac742a6822d01e61290f5ebd62972357d667387f10a53d72f59e3

SHA512
f0fa91cb28bcd5c78a900c5e19ac9a43536ade1e3eed5cb5fccbfb771600d50f0296888dd04f952507a609658a4c32ce92b55b71816688bc2e5ca483a845de78

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish.ico

Filesize
1KB

MD5
cdf8c6bbf47aa67eaebcef92831cfb93

SHA1
ee98003799fd442e70fc5113963bf3f57c91d3e7

SHA256
6b8927d0ebc38f068dd9cb77d2ac25eb5204978af5b5d704d8efc0347ff68c8b

SHA512
d40b10b7a43c5cff6bf5e8baf2eab588b3fd624cbc38ceab27442d2a19a6f5b0246aa08ba3e40b02ee90f6e0b4a3a5e9994aa290ef7f950925bfda675a332ca5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish.lng

Filesize
50KB

MD5
0a3e015d0cca8a08681b18aab0dbd67f

SHA1
c42d98949471a156643922781d60c7fe60d47330

SHA256
a187afe5fa6b96b12d652cfdbe3e794a99611ab0a9031a1d45d6d0d1c727a898

SHA512
a4a07e6709d39fa89bccd1a7124522505b71abbab47562b339fdc17940154bc172366cf4b19c9a11253ac0b3fa496d0b06cd0438a250ccce42deed7abe1cf34d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian-H.ico

Filesize
1KB

MD5
bd34f886dd0e713843d66cfcd98077d7

SHA1
da7851fb81ad20ff81932de5b93f00015e9cb5d5

SHA256
23f586fa16d554822a5aa76b1cad46fa41d8e14cf82678444fbe99f5123d4cae

SHA512
c1d3f9ca95180d2e1eb8bce77f4447414bbdd938402186078c8acfdd72de419c5137bf477e80fa9c3eee43c0c27787dae19ec52cca1f371cfdd705e11971277c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian.ico

Filesize
1KB

MD5
131e22667b0d34d3dbf668c22baac5a2

SHA1
951630a3f4f9711cf34d30ff510f4c0d17f3c2c3

SHA256
5e3f5bbc477f138bc4729a72074fa9e028b96c0764ca8e010a6107ca16fc669c

SHA512
464ddfe3598fc675f938b2bb5c6ef2be228e0e22973b7042ebe5882520fa998dc47f5f7d477e4f66567a08ade0c71d93ed74f355b337e393ba18c6b869b6f248

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian.lng

Filesize
54KB

MD5
7c9a627eb332759b81d41f7e40053ff6

SHA1
9d1568fc57bd016864c253f04f581f1a4a28e5ea

SHA256
ee8c8b69f362587e792fe86a63f8b7502393164bbb7c4db3f3993493af3660ad

SHA512
9cb6a3834b274319474a266ac7eedca614af37026d75e1e71fed9c60edb6f2378235e79f165f41c590816bcc1b83b2f4e41d373e9735e52555e10625ea5a529f

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\libwlp-20.dll

Filesize
19KB

MD5
fa847fa54c646c39fcf8e58c6fdcb46f

SHA1
d052ac0346c77be6d87c2da668543c63d3307036

SHA256
a15614de6f933f1941dbbb57641900439c02b3a90c40e409e32cae5c04426378

SHA512
3dca61429b7572d3106d095cea128b8b0bb8c685f0251b5920c8d69d828d33f90d507ba62033ab29cb8bb2d46e8574d0b52c7dba8181c2fa98ed304a8ed80cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\page

Filesize
1.3MB

MD5
bc23ffe164676054ce5e5314abeaf11a

SHA1
eebc94229ce1b1a51d4dc96399d1ebda0b52b075

SHA256
dc36a03e536fbc03b4a89caa83435ec57fd021386341b53e23b56b359d988ab0

SHA512
78262e6a18988981e8a4f82fbf84e00d9058480912947851c5491a822f8f3c27a3345acf37bc2aeff514251024a1304fba087cf63f699b99af0299e9b0b26cdf

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\srkey.ico

Filesize
23KB

MD5
82dc896b02d0657d99267ff4b75c816a

SHA1
dd2dc205f09e2edeebb49d3ba0943e3f4cfdcdad

SHA256
d53b3e723e6243543df5ae36eec85cf9470e32572409ec9cd1f2edd0b05479b5

SHA512
42dac91fe6e2767a70956aec8fb9734f8c3b8dc1db36a4cb8f6ef17e000482254083e01e9b1d7816a865291e0376f8a0a7fc126143b3a16f412604527404a2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll

Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
memory/432-0-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/432-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/432-15-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/1224-6-0x0000000000400000-0x0000000000726000-memory.dmp

Filesize
3.1MB

Download
memory/1224-13-0x0000000000400000-0x0000000000726000-memory.dmp

Filesize
3.1MB

Download
memory/1328-409-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-390-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-356-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-299-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-352-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-436-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-355-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-434-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-219-0x0000000001270000-0x0000000001295000-memory.dmp

Filesize
148KB

Download
memory/1328-215-0x0000000001270000-0x0000000001295000-memory.dmp

Filesize
148KB

Download
memory/1328-339-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-344-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-347-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-362-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-433-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-374-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-377-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-378-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-379-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-381-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-382-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-432-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-388-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-345-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-391-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-401-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-348-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-403-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-404-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-405-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-407-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-408-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-346-0x0000000006660000-0x00000000066F9000-memory.dmp

Filesize
612KB

Download
memory/1328-411-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-412-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-413-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-415-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-416-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-417-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-419-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-429-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/1328-430-0x000000000BCE0000-0x000000000BD57000-memory.dmp

Filesize
476KB

Download
memory/3956-20-0x0000000000400000-0x0000000000726000-memory.dmp

Filesize
3.1MB

Download
memory/3956-228-0x0000000000400000-0x0000000000726000-memory.dmp

Filesize
3.1MB

Download
memory/5000-9-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/5000-11-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/5000-231-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download