crimsonrat | hxxp://roblox[.]com

Resubmissions

31/01/2025, 14:27

250131-rsfnfsznhk 10

31/01/2025, 14:21

31/01/2025, 14:14

31/01/2025, 14:10

31/01/2025, 11:31

Analysis

max time kernel
471s
max time network
472s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2025, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

10^/10

crimsonrat fantom gandcrab infinitylock troldesh backdoor credential_access defense_evasion discovery persistence ransomware rat spyware stealer trojan

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Extracted

Path

C:\$Recycle.Bin\HAHTGDAQH-MANUAL.txt

Family

gandcrab

Ransom Note

---= GANDCRAB V5.2 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .HAHTGDAQH The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/a5d78aa5fd16c088 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAMjNhBkttS6pClc0QUHotvczFrCQPQFxE5Svz4YIAGahlh3TQigITyeRPTgLofiIDtEKnvVzGTufcMs/80/TVZ9E+yqajw+BklfkxA5bEqy5vkEqA57nUm2slMjhAgnvSMtiKPeNKgyiBca4qsJl9baAnZn3GrRKTxvGHrJO0LWmyKO77Onq04zoaU7fBOQJ9PCfpzKRxi09LHEtyb2oGp5LGle4Rsyp5vyCwHfVxjIU1kgJ8jdZ20PVG9v/Gp0h513wix0ciD3V0IgiSYJbQqHoEHPyF9ntwL5+wZ2o3bWcQiOQkjVsTADnP6vCrWTIOlp2EqhL+5/m02qCIkhNt1cCC9DyDZK3fS1GLlWwDOH+xdtAWPJIjjvtOnfFtKaILoFUYU1ceOO9BMC7ko9sHSUEEE2prUIh2O2dcr9M0hN9xs+nD8ksd0rXbh9PipctJJ7QQJ9YoZOA+O1voapkmsaa+5d+O6gjCpqLiwBmcWy30O6vRKurqtU7YuPXnqaUtyXNNbr5mtSXMnfbncFWPxRPVWMeLk76b5llBmSkJzNQ3yYE6poYJBVH71RoQptRsLMHdJ6fbXMeV/mE8FvgH/7LRa8jGWM9APM57r5LHpfl22bUsIH8Aj8eDax/YFEB3L546ipUimJiDCERKwLqTBNquWQEH8Xk3i45M/UFPXg+aTwz2klPYEneFlunAjHp/aqaX7ZvwVJiOfXJ73SiBZtymvb7BlzcNsB35ko2xAfvFPnZ4DrTFwN7afsKLCdVXdjMm0nLssKKETGCIjpyv0R+RE4vO0CdeQuH0Gk2HmUsvT4ZrtGr0IW6CHUWie4aZ5il5cgfu65UxGnAPaWq/yeVlrC34rKz5CjmbXkhK+rL0tlS+Bi4MUVhlHw/r2SsRB0ncnJvRGCmd7NLzN+mKvFAtokOv1ZSchEhCmBeaws50z3ltLhrhFmJfGwhogtIoZ6rHTCkaTEf+GhykI96QR6643B+sl3hEYUdQ1YcgApq/vq7bAWq0U8maUBzrvjM10H7dJnbDoa3BkSlH/rz6DD2yCIlpYM9xblowUiObNDVVDDyCNLzbbUEAK69vdtSWQU3u13Ftk0kzkiaLFRI19xr0f+Kxs+yS2agGfKPilco14SkFUt8IDHyNlk3vpODdL7pO3s8/W9+O4CV47YWvM0G2VGnNKmHxwAjL7NPBBhHXWVtnBE4kMasbDb8N0WO1zqv2E8/uS/KJi5NT5s4t4O85B/o2WGn/NHhHKjsbM1QsdClrm0/i+5tUzHGHv0SGdGUyzP74Wt2OuKOXokAg/V4GH0AKWOqSsDZmivqYiE2CLJO/OoruZyizGVgH2DFfjNZH7XRXxDIs1qFpJ60yO7u0qyfbMUYY7PHnFC92F8IbrnT3gjv5CN7e7tboma+wEfNldRE4D2x60SKrKQQNKQtXJWnXPKmooZug4VF6LitqcWNyDnJlKx1d3qEh7W+hMiRG3HcIALujIVZbsWoszcrSQFec50fCTuSmA0jtcM4ahezyQhrkNTDUX9m/4MN2k2G7ITndwrvrIwkvJq6zB9P4Kmah5xjfjxCOIWlJ21EQ4Dgc8dUCZF7TyPxHLMRIxAykzOGh/Oa4Kr0i6I8O8MphLNfgiVemoIfM/oKmTMlg7cUH21OfYdB0qJWhT1YsCokKwgfcNPQqAWfbOoImD+hSaYcCFMmMwqyp/YVeOj7RT6+6GLCYdZbziWk6GCUjj7lwl/X7pAbn4Z1R/xvAQww43SH/q8UYaw6vNbpUNqNhv/TjdnFOHdTF/UjqXYF/yPuSZWNCF0etdiWwFvIjwruohBN+tAINvtoQZtA6Kn2t5ljbhiPGn/KtDiU77Q/oRiasPWDAQk2Whgf3hNvvbZsVeu5XGohKtwEUiVorUgbs8zyO65XcogLn3GA/aLkM9lyba7H3EsbO5V1gKx/KT7qBwcnThEtSqNwRhPL58g9Th5gz4w1Ptn4456F6r2fLoQAmx5wVog97k2waL1J3zHPC+JCtYX4DABUc7e1oNGJlTr/8Y73udun3IeJyDk0cGhgKDDYUxGsuPTsMs/3A3HnhYAorBBZmqIB7epRECKPyLmbufUrcjC/h7CvchTTN1blEYAfd6bnK+XzlNGC7ggh6HCM5VJn/lHeG5poURPtmMsv0eP1JwuoAk77DxmbOkQHW3UDoCnyguGNY+TAaSLOtzYzrkah7na4dxcSqX23VJD7q435aGn9SgojD0QRLdzjFCg= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- 7ftDEgLb/ZS0lcmZbHM61KDJ6AOtD78KkA7absMgUXYxWLsC+5+UYF9xVmDs9NbJMJDRAuKVvODDRXvIKnQXQzua3LPyzokSUuglaqKXwabsGM4pXku5In6gtMQMqg7sgEh1XW1iPMFgiUj/s1LdWpJHdiPjMpn7rCZNO/A31mak0K8RefoREu3BxtlAsseHWfVIIKN0U4NnA3w0Ga7XDLlF3iOIB6ImYbF6Z/7MBN2mgBr2rZ2gU1R7jNx2WKAyu4W+5zlHFnKwMISBi1CwemOo6FrxnP+Z5F9bSR7OvDBsmLj7oYD6GBgpBqj3RSAVfvfE0yZSXyCRtLeJLNAIBnBqqcY2R7G3YLHJmYKR2EeBP9/yr/NlLLzjUaP0r1BW4eYoT03JrPa/L0B0wffnS0ez96BFoTHFq52HPDCx6yhEudvoPVoM6iaVy+mvqAdvYbwBrtoypC8F1fulXzmY7q54Buw/gTuwK0yub5gfz9wpLQCj3bimwDPi8jPeKPiggI2bWKz+7QkWvC2ihYFfEuZEsyM4ANvhxNQXIE31UkGbyf6MN51c1gY/++QRe2kEznTbCqfrOdcnPBOVfcolLq8b/gmccCeV7bCGEZisVbSQnNiaPkJ9b5I041HXc2vSx6IODB3F1IH8qANwhkbcxMPGvnUSm+rK ---END PC DATA---

URLs

http://gandcrabmfe6mnef.onion/a5d78aa5fd16c088

Extracted

Path

C:\g6QpgrhJDdQZeF0\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>idMfK/LDV7uLs89uKGcSNyvlnfU55qaBwNu2Q7wcPYGJnxICEMhuk1SD6ZIRIxSc1BQ7a/WOfQyb9h8WqY+LcbXjMH0u2+6fLU5TPs3lNh5R+EKmZaKY0x9zzvn2Y0fvKbTLFcHi1mmof6dSpEwL4EldxcKZEtmcYz5tYqx9MQXq8+N4jvw7eLz3Ics7fxqLlcnzthC+A3G8Tqnben/0w9wS/Yxk4XTkmVKfU5jHFIo/z9QVJ18vJybTBnbEPvAUR6aFefsXCYTDo5tGgJhPGvXMdIyx2gcwSQXHD5QJtGqHZxLFRsuIKFbJBsK1zwn2jZGavaU6uAIhqc461mQgkQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000200000001ec5e-1775.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab
Gandcrab family
gandcrab
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Troldesh family
troldesh
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Disables RegEdit via registry modification 2 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 8 IoCs

flow	pid	Process
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe
275	2428	chrome.exe

Sets service image path in registry 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssql\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\mssql.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kxouahgnhvrvvyewy\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\kxouahgnhvrvvyewy.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\shcrtbchwaoczn\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\shcrtbchwaoczn.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\udzxazqhthugnasez\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\udzxazqhthugnasez.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\gyhcvidbsyfqid\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\gyhcvidbsyfqid.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tpxizhqhslfnewjbj\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\tpxizhqhslfnewjbj.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssqlaq\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\mssqlaq.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\owpopcivjzqqwv\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\owpopcivjzqqwv.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\sgcgifyigurqtlyt\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\sgcgifyigurqtlyt.sys"	mssql.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	Dharma.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	GandCrab.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	Fantom.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\fd16c764fd16c08f217.lock	GandCrab.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe	DeriaLock.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\HAHTGDAQH-MANUAL.txt	GandCrab.exe

Executes dropped EXE 16 IoCs

pid	Process
1212	CrimsonRAT.exe
6004	dlrarhsiva.exe
5268	CrimsonRAT.exe
5388	Krotten.exe
5372	NoMoreRansom.exe
5452	InfinityCrypt.exe
5600	GandCrab.exe
5424	Dharma.exe
5448	Fantom.exe
5476	DeriaLock.exe
6036	dlrarhsiva.exe
5956	nc123.exe
4996	mssql.exe
544	mssql2.exe
4588	SearchHost.exe
5632	WindowsUpdate.exe

Impair Defenses: Safe Mode Boot 1 TTPs 14 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\SHCRTBCHWAOCZN.SYS	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\UDZXAZQHTHUGNASEZ.SYS	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\SGCGIFYIGURQTLYT.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\shcrtbchwaoczn.sys	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sgcgifyigurqtlyt.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\GYHCVIDBSYFQID.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tpxizhqhslfnewjbj.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\TPXIZHQHSLFNEWJBJ.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\kxouahgnhvrvvyewy.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\KXOUAHGNHVRVVYEWY.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\owpopcivjzqqwv.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\OWPOPCIVJZQQWV.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\udzxazqhthugnasez.sys	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\gyhcvidbsyfqid.sys	mssql.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\WINDOWS\\Web\\rundll32.exe"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AVPCC = "C:\\WINDOWS\\Cursors\\avp.exe"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	NoMoreRansom.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	GandCrab.exe
File opened (read-only)	\??\Q:	GandCrab.exe
File opened (read-only)	\??\Y:	GandCrab.exe
File opened (read-only)	\??\D:	SearchHost.exe
File opened (read-only)	\??\A:	GandCrab.exe
File opened (read-only)	\??\G:	GandCrab.exe
File opened (read-only)	\??\I:	GandCrab.exe
File opened (read-only)	\??\T:	GandCrab.exe
File opened (read-only)	\??\W:	GandCrab.exe
File opened (read-only)	\??\B:	GandCrab.exe
File opened (read-only)	\??\M:	GandCrab.exe
File opened (read-only)	\??\S:	GandCrab.exe
File opened (read-only)	\??\U:	GandCrab.exe
File opened (read-only)	\??\V:	GandCrab.exe
File opened (read-only)	\??\Z:	GandCrab.exe
File opened (read-only)	\??\H:	GandCrab.exe
File opened (read-only)	\??\K:	GandCrab.exe
File opened (read-only)	\??\P:	GandCrab.exe
File opened (read-only)	\??\O:	GandCrab.exe
File opened (read-only)	\??\R:	GandCrab.exe
File opened (read-only)	\??\X:	GandCrab.exe
File opened (read-only)	\??\E:	GandCrab.exe
File opened (read-only)	\??\J:	GandCrab.exe
File opened (read-only)	\??\L:	GandCrab.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
274	raw.githubusercontent.com
275	raw.githubusercontent.com

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption = "DANGER"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText = "Äëÿ òîãî ÷òîáû âîññòàíîâèòü íîðìàëüíóþ ðàáîòó ñâîåãî êîìïüþòåðà íå ïîòåðÿâ ÂÑÞ èíôîðìàöèþ! È ñ ýêîíîìèâ äåíüãè, ïðèøëè ìíå íà e-mail [email protected] êîä ïîïîëíåíèÿ ñ÷åòà êèåâñòàð íà 25 ãðèâåíü. Â îòâåò â òå÷åíèå äâåíàäöàòè ÷àñîâ íà ñâîé e-mail òû ïîëó÷èøü ôàèë äëÿ óäàëåíèÿ ýòîé ïðîãðàììû."	Krotten.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\bxmeoengtf.bmp"	GandCrab.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main-selector.css.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\VideoThumbnail.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-16_altform-unplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected]	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-250.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-150.png	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalSplashScreen.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-256.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Square71x71Logo.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-150.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\9px.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-150.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-300.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-200_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-150.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\redact_poster.jpg.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\PlayStore_icon.svg.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-400.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\check.cur.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-400.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ro-ro\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-400.png	Fantom.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-400.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_eu.dll.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C	InfinityCrypt.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\am.pak	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\en-us\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Web	Krotten.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5684	5600	WerFault.exe	194

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nc123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Krotten.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SearchHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoMoreRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GandCrab.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Dharma.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DeriaLock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssql2.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GandCrab.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GandCrab.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	GandCrab.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 6 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\sTimeFormat = "ÕÓÉ"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\Desktop	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\Desktop\WallpaperOriginX = "210"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\Desktop\WallpaperOriginY = "187"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\Desktop\MenuShowDelay = "9999"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International	Krotten.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Software\Microsoft\Internet Explorer\Main	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828073171169578"	chrome.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\open\command	OpenWith.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\.c\ = "c_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\.c	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\c_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4260	NOTEPAD.EXE

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
4688	msedge.exe
4688	msedge.exe
4640	identity_helper.exe
4640	identity_helper.exe
2704	chrome.exe
2704	chrome.exe
3480	chrome.exe
3480	chrome.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
5600	GandCrab.exe
5600	GandCrab.exe
5600	GandCrab.exe
5600	GandCrab.exe
5372	NoMoreRansom.exe
5372	NoMoreRansom.exe
5372	NoMoreRansom.exe
5372	NoMoreRansom.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe
5476	DeriaLock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4996	mssql.exe

Suspicious behavior: LoadsDriver 32 IoCs

pid	Process
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe
4996	mssql.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
4996	mssql.exe
544	mssql2.exe
4588	SearchHost.exe
4996	mssql.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 720	4688	msedge.exe	84
PID 4688 wrote to memory of 720	4688	msedge.exe	84
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 1968	4688	msedge.exe	86
PID 4688 wrote to memory of 2876	4688	msedge.exe	87
PID 4688 wrote to memory of 2876	4688	msedge.exe	87
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88
PID 4688 wrote to memory of 4992	4688	msedge.exe	88

System policy modification 1 TTPs 37 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103} = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyDocs = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinters = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoManageMyComputerVerb = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "1044"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D} = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList = "1"	Krotten.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5e2246f8,0x7ffa5e224708,0x7ffa5e224718
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16500367375235504194,12578560211128657968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa4feecc40,0x7ffa4feecc4c,0x7ffa4feecc58
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,3176992351839566524,15813549034097766616,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2964

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffa4feecc40,0x7ffa4feecc4c,0x7ffa4feecc58
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2500,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2496 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2588 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2008,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4060,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4704,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5228,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3436,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\virus16 (1).bat" "
  2⤵
  PID:4412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\virus16 (1).bat" "
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5504,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5340,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4952,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5948,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1128 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5204,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5024,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:5896
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1212
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6104,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5192,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4408,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3748 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6056,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5796,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5904,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6120,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6352,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5672,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6172,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3180,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=836 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5696,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6160,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6216,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,17763598480097677189,18422519612064419363,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:644

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3532
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\cmd_blast.c
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6132

C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5268
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:6036

C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5372

C:\Users\Admin\Downloads\Krotten.exe
"C:\Users\Admin\Downloads\Krotten.exe"
1⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- System policy modification
PID:5388

C:\Users\Admin\Downloads\GandCrab.exe
"C:\Users\Admin\Downloads\GandCrab.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5600
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
  2⤵
  PID:2168
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 1452
  2⤵
  - Program crash
  PID:5684

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5452

C:\Users\Admin\Downloads\Dharma.exe
"C:\Users\Admin\Downloads\Dharma.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5424
- C:\Users\Admin\Downloads\ac\nc123.exe
  "C:\Users\Admin\Downloads\ac\nc123.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5956
- C:\Users\Admin\Downloads\ac\mssql.exe
  "C:\Users\Admin\Downloads\ac\mssql.exe"
  2⤵
  - Sets service image path in registry
  - Executes dropped EXE
  - Impair Defenses: Safe Mode Boot
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious behavior: LoadsDriver
  - Suspicious use of SetWindowsHookEx
  PID:4996
- C:\Users\Admin\Downloads\ac\mssql2.exe
  "C:\Users\Admin\Downloads\ac\mssql2.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ac\Shadow.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ac\systembackup.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value | Find "="
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5512
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value
      4⤵
      System Location Discovery: System Language Discovery
      PID:4240
  - - C:\Windows\SysWOW64\find.exe
      Find "="
      4⤵
      System Location Discovery: System Language Discovery
      PID:3464
- - C:\Windows\SysWOW64\net.exe
    net user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5564
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2136
- C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe
  "C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4588

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:5448
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:5632

C:\Users\Admin\Downloads\DeriaLock.exe
"C:\Users\Admin\Downloads\DeriaLock.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5476

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5600 -ip 5600
1⤵
PID:5060

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\HAHTGDAQH-MANUAL.txt

Filesize
8KB

MD5
7f2c8cbb4f43c58c9d40559ef88f6924

SHA1
d1958cb511bb6d1ce8ed837bd3d919259fbdff8c

SHA256
19ec9e9fce0f7934c8dd1feecff7cc5d640cfd20947a58c1e636a73ee3f0de0d

SHA512
d3e9418af956adfd80c190fd3fd44bf9c553a98339d452d84bcfcd974a28a0fd0623f1f20628da6b9b21b209ce7224a0888207c44f7db67ff1f97c83518e670f

Download Submit
C:\$Recycle.Bin\S-1-5-21-70482961-775596374-3727440602-1000\HAHTGDAQH-MANUAL.txt

Filesize
8KB

MD5
ebd174023066f2aa0d0533553b035f7f

SHA1
d5dc8704e8827b83c9b54903e83b7a06a1bff8a5

SHA256
57d9abcd91695a7164cac76a1ab3478b2a54dd7b526ac985d9f6f19c4d605c47

SHA512
b376e0761446e4bfd9856be5ec19fa4c5ab0f60c606da61db6a4b2f5437445b086661cd9c04cf7e4e68d21a1c8d50b671f1ecf2e3d0b87a12a04983ad60ae8cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
16B

MD5
95cac267472587223732e6be7fc6e60c

SHA1
1a893a669a6dc0bfe1c7d6781c195e95ec4ba8ee

SHA256
7d75ef6f0577f4b41618e35236d12ce48d2bfbff02b3834c4fcf38c6bee1b537

SHA512
00e1875785fe6a84a4c9738ae5adbe04acba11c82b8e5894dde97e2ef087e6337777c341da150e133e4f803b7bf96f5c43d108712ff81aa7072f1327f8328c6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
720B

MD5
776806a2611ec974435ae93e04a06c8b

SHA1
50202e69d24f645ab3b857b0c96dbba2236a3b36

SHA256
c9f818bee69b8c3102f9bdd2c4b2cc0abdf06a2fc4e1a23581cf69ec3d7acdd7

SHA512
5a0d48feeac504a8b350065378bae8686b1c3b80f2e83624f66846d2a72311ea6aaa60abb16607fee8e4b80ec61a82a021427ab6078f3be2b33441e10113f7aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
688B

MD5
dfa95ac228c405aefcaa9a8b6237364c

SHA1
a2ff7956d410a9acf0e9e676627ca94b88012e5d

SHA256
59db2a949506a60f30c1551b69a75205c0a775f21e6490ac58923a6ff979074f

SHA512
48464083ba42357315490bf64bf4563921ce0430f5ff445e0d0bf6a5e21ac087cd0958d7314049484d88fffd2b0ac6a869bfe4809ba7a2e524115acf64077917

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
1KB

MD5
758b0a65a7cdc2ab70de0dea7e56c6a0

SHA1
c751681e93dd678d2fd866a4219132bce9646cd0

SHA256
3a30bcda103938bf4cf4361e2e298c7201167f3806a6448847c8ccf95aa8fe03

SHA512
d94e7fc0411d49b86cda523145057ba3de802699a800cb19f2aa6224db8064cf4a3c94d3dcd3ee0d5f4e9bbb1bac6e1084cd26679ead44adc03e61548a8bf7e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
448B

MD5
0c91f2c506b95d671f11d7f378430eb7

SHA1
1a9532e5f56c5f37503cba4a3ca4f924b27c890b

SHA256
c935a475dd6cf59c4d449ee98bc6f9f1eb55d6749cc71b012f132a3683d1a73c

SHA512
7737a47436dcb87e16c94db54c5a8390a49fd065fd51303ea3078a6e507505fb261b225b45fa3d6bca441a21eda974aae78b7a2c86082af5dcccd563564fc657

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
624B

MD5
827e107edc00c7be2419bb9eaf64a629

SHA1
05e44e43f9248f6980d5f464c7304b3968060399

SHA256
d20cb77661f202b84008c05cb60b6acc490fc8e2484b56753b67ce38055499a7

SHA512
c2569e283fa47bbee282de07dbb71960f65a20762ebba84fb779a780ae2c81dfdd05317fc17bc5be558e5c55bdf3d6bb5c484de5c7f0ce293e100388fe1a2efc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
400B

MD5
72d87cd06fe2680c53462cc118312c44

SHA1
16bf218583357297b2260124b0df6cdea1130c00

SHA256
3552bb3f6108f0872a57179dac435d9479a37d926d13b1d595f3e1553a5aeb1b

SHA512
22d67b332b7b7cf42025338f28ec0fcbadae72bca905f569e7b1b54e8e3cd1e5a998f48a9ec5b8c0ebbe635cb0c465bb9eff18f2a64a824130baa937a84d962b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
560B

MD5
65d3839b598000254163342adb8f9b1a

SHA1
6b8bb7124bfa676c34893aa113e2783cb0b9d1d9

SHA256
9eeded19e9da83da61a5f29ab2dab33efd3a0dfb1646daf32cfd88a9200466a5

SHA512
73a6d04eab723a1d87d5511e593fb9b754622585372d11874413077581bf250810bb9859682021579b62437e6a0372ba6c8478b482c5a82bc2857b9124899035

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
400B

MD5
51be7086a4d3d5f7e14efd4e5a304bd4

SHA1
8585f7b86b714cdf56871ed5025b4ac66cffa34e

SHA256
5b8c28d948e656586007d232302136a6560c2525bbbbe5e95ec0e47273d552cb

SHA512
bd2ee981c9bb4a504914f4a5c879bebd2f141f8d762d718ab4735e04653f357139ddbf8c6dd369bd7fc9f449e6d846f25aca28e0ea04f343286f237a3d87d333

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
560B

MD5
afc8769b66cb021c6774bf8c8ccb5c98

SHA1
0b1b5732fc468eda7e6c8d013e935b31756b6821

SHA256
7c3c897a29230e441167951d531f87bf533a3a0e029c865eb0fd2660b8319b3f

SHA512
c70bdfd3a983e170c1562bb4f4bcd8545a98282c12ea59d56fed9ec0581095df03d2736430108fe82e97194a2c3f88598d50e67fbe43b0f75353d71f4030877c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
400B

MD5
77f5215d1763b2210926a764633d3ca1

SHA1
6e40debfc492358e7b65f372136684330ad7ef59

SHA256
1ca27baf6be922b16d308d4689bfdc1440812601d070cf7ae21ee98d204d735d

SHA512
e94469931fdf92e6e91b8e5572624a25edfcbb37448a49018783dc3f420d232530219155385b79758d1301c23c7d745fc093c45fd3726a05b1ccf8ef94c8827d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
560B

MD5
2b4e3cebe725e2f89151912a43d98ce8

SHA1
dee73108fe1acdb42a2ddf12419e2a3b8f17b776

SHA256
8281a0d9d055afac40db8ec02507fea19469079de443e21a78da42992ff4f64f

SHA512
e159f35a2e227043bc6689ae57cb3946a3d1a98f2aef280c3cc3ceef9cedd5b1ae0f230d480277d70246964375c86bcfc35e0072b95f0e13aa2aa49911001a61

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
7KB

MD5
e29716ef06cff8edbcc522749aa44100

SHA1
58c5c130f3571216e35f35241e396907868b759b

SHA256
def7e6cb91c52ad45358cefcdd2cda9ca4777020e0849f7cbf679ed4a680f7eb

SHA512
36c2c8836282a8c7e8af881f05b0fab97c4d11f790094176eadf7367834f97251e72386d89251686dbdcb02b1d3188c6b8586a88f09351216fac30687b3b33db

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
7KB

MD5
b83e4cc98d5f000160fba873627fda29

SHA1
cdafe35c486cad6c9014b566b30505f3d1a16e60

SHA256
ce3498bf28a71d5242e20c9248a496f4593d5e0633741c9c567556337528a7c6

SHA512
9edc8303f187c7a67030047070aff20a91f449f872efd24f8332ee106e3d5340ffff8984b779665ea381770bb8cfed34996032cd1eeb521811a930952d1e2ccd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
15KB

MD5
3cb316ecc7ecb657a068dfce170bd1e9

SHA1
73481e9497b3a91acb4387a8a6927e8fa114bc9e

SHA256
3249d8b1499b8d6ce486a2e61990daf9c02ac69b73e22bdb8b9ded6efed6b772

SHA512
59de90e9a99968f0a0a710dcc2ff8a39d9890ef061ba70e4c394343839e63e911c21b00019260421b0e8317ff4618013ef5f3e8b18425edb259c828aad9acd33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
8KB

MD5
5f227fdd979cc167fa936b204046c8e4

SHA1
aa313ff105805dccd7edf111c62573c0b40fff5a

SHA256
ce17369955fecab346ffd3ae8de0785ff00c66cf367bc020a8562e6a4c78099d

SHA512
e9fc536bc9ec5a6d15b80888050005316e12f24edc5c06f28a3365deb96c3e3f9e5e31280aec1eb5aea5229e0556d02676170137ff8ea9a50e3d2e9a42397984

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
17KB

MD5
62a87a4d8a3ba4aece62e0feae7c65c8

SHA1
3260c6257ce63ee0373f6ce4b967738a97845586

SHA256
6097be94f0656c21775cf59d66676d606b1d837b53992310aac4ca4aacf958b4

SHA512
0058a9646b181649532bf29c83c607f718542448f6b59812167249b715a053c8fe584aac0f7ad68f9d310bc48daa2a33799313bb0c090c5caea1767dcd482345

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
192B

MD5
d0b027fbd9ec6330acf76adc20889a0a

SHA1
4d8b4f3d153940998cd3553d57455b3a92156603

SHA256
4dacaf0f0d815d392238bfcdda1b83fa5a1a8f79863daf57d2bab50b05d78e2b

SHA512
2f92302eaa87ca5424de35a99d2e744a9f3180c6afcf3666e5658803cd29b834819e2e0292e429d85814f6f5a5b664c2697f14eca74b0ce19db705deeefe5871

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
704B

MD5
56b5705c6dd419e7fb9e51480fbea2ba

SHA1
08ae5d0a5b17dd46b3ddadf8d59117b46a5a2b04

SHA256
06462b472fc02273ac502138723b55d8aa07622379736afe18984e5d077433af

SHA512
3b07cb464e7704cf4d6b329e523cfb984ecc6c514943c3ad39fd5c36d8269b30d459bfa115a898a8854163a2d127cf238ef3196d5a0a205e66a34c7f060a6b6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
8KB

MD5
3f6ec59a766b9ef935206629b397fe11

SHA1
bbe37441683bb6a52267b4ac3d217bdb7f990125

SHA256
b858ee33f93f10e6a312a7cf46c194521aae9aff6471260b97e10925bee0d1a1

SHA512
6e959dade642c29ddb72d9f3bab686da4f3de13f703535f023b61b2c88b365c4ab80b0626a01030f5e09a5f24c7680dc97a5450dca71aa4153b5e20faad8e420

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
19KB

MD5
9471a2161cc50706b876b4d5d51e59ed

SHA1
ca3e546a3def0ac6adb3eea26e0e85adf1756206

SHA256
6568c5380df2adaab7ed2c77c846e1c044208fdb45170f21f3448bcb4c3e0922

SHA512
d56abc7dacf69cfef2df35cf33732a4d7c7a5cf70b78b0d72d45728b9062fdcdebac2a237cf26f756cee379b5c022ecdea6114fd9b0218c9721910a73e059d63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
832B

MD5
fc1d5a0805c0d8502ed76587255e7ac9

SHA1
28106e4e0e9148d6f2c2c2600c9f9c1bec076f9c

SHA256
3f28a58cc00e09d257fc0b1699e663d37e46a0edb440c350712a4f395d5672c8

SHA512
00c0e76c16b78cb56c1485c31643da54ceb77e4188d6a4dacd5746be938f4fe065cacf64d3c111ecd5592ee5ec12e4bec8c6a65309fc75a63371a9d15e33d5c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
1KB

MD5
0767ca9db5549894c3f166c1bc0fa4d8

SHA1
82cce0db77c5dc7bb10ec1f4bb77eafd729c3187

SHA256
c6f16ba1099b6a72c06d542436efa3c4a5ecd34d2413c2122e81c5debc45f056

SHA512
2653e0bbf9b31098a78663d69a61fc25b7ebc73e01d44b8f17a54752e39282959cd6d6607119e53e21d1243ba0a22e375d793a23c0637effb0276088e22513cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
1KB

MD5
e1bce4531df4f48af8b186274dd8c708

SHA1
83c2b2ab4a1fb6f5f4035f0f073a8ad97da96772

SHA256
a30c7fcb0dacfcebaf77d4165603a0797dd7594651fb1272a15e9222540b7322

SHA512
4a6036804cb7ff85e27daee3b74c4b21a07c50496230fa1f87f96baea5d5d47c23055d99038b542a61df61496bc609c979f9bc6c33ad6a029892c19a0b0c0c3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
816B

MD5
d88ced997cb422906b9f3a1786447822

SHA1
ca49bfe4995dc61deda47ba95eb5696b75fd6673

SHA256
c504caf118c679538b26dba48870f15b1bcbd4638f3f3330c44e289fc859ba7e

SHA512
30fc3fc7454398b51aebb386bb440ce0d17e71226ed980eb2cf131f9b5f45d2fa0ecb87f77318647ed2de974e5b9e4707be8f8a7518edd142ea0cbec0ddf9644

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
2KB

MD5
40210e8b8038be34170119601f85dd75

SHA1
8cafc45bcb340af5b4666009f96310aae792a82f

SHA256
700f6bd7275844bf7bed87db53f26ae7a2a0fa7c469c81faa5bb266d3f6a84b8

SHA512
72dec457639762f1cb310121e681df58780bc55b8d86619b21c9f0713fd1d1714e977f35bdd44caabb8524af8433d7a4db1029f5388b4acf34efb69cd81cbcb2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
2KB

MD5
accbeab1eb271a52994b4febe89557fe

SHA1
0525e18284850a1a5dc52efd9127525a8281ae33

SHA256
f0805687645ce978f9481e6a1447af30fe9379067eb182b8a9d4fa70af78dcc8

SHA512
b41c4c101d66d22d5e2f3c4c9c457434d11a4e6200efe16a5a97049eef11e1f9d8fe6ab895dd224f55e5bd3c886581bfdba397d1cec2e43b6fad1b1f0dced1f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
4KB

MD5
23fa7e5362bb21310507db787eb7bbdb

SHA1
9ddec7318f73d9b7f5afcc6bd432bc4e6bd45738

SHA256
291a5eb614191be5e108c13175b8f67f0f519e68e9dd8679f74a743e91a573d4

SHA512
370e73eaebf15956cc78d32c1a9a3cef5275d1bb2efc2c15be133072b8be6037133b8632d14d57c68072a11d18a6745a2f025832224ab3e40db666763fdbf70d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
304B

MD5
1680503e6d66524f800d753b6d65005f

SHA1
f1aafb747dab11d061e147748719936dedf92a76

SHA256
14daf8f93230d234a98f9beeb43e281c1f46dee98bd63ae59f717c1e0bdc3c3d

SHA512
00342b04af184f06921d77acd0e94a9bf520290cc37a336297d1d473057aea950a790f88e830067c1460e8ab8a8eeaac006d6de4f77779a765e06e7ce5e0c532

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
400B

MD5
82974fff7d942907610b463d1bc29536

SHA1
a2cd3af5715c2e53ce97041506cb0a1b97813d57

SHA256
9eb955ad8181205d4788946e1f8d5a439a5f7ed4dc594aaf7840903f93558530

SHA512
f335a88f9a6c5a673f1b949bcbe7cab04abda780afd82dada898b16b3604256186665f1ded5b812dbd3e474d0e7b3263d71e36744a78fd45cce9fe6b65b95050

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
1008B

MD5
6aa0434c69c75b7ddb4cfb949e34bf1b

SHA1
52bcfcab5713fa05c8798ef916fcf8f16b38dbd9

SHA256
134887084570a2352b1c117a3c95124c023b18fe1bf55e18e62549406b2a7c38

SHA512
77ede191c18100b850aa3ef8c056aca7e37d37a7ba411802775f9606737d598c9dbe6bd55ed1254aea68904a0816b88c04f4d61f5495e058a10fb968deb10a41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
1KB

MD5
4b06e057cdbb6ff15a305b9ae660ba31

SHA1
802fcc8f52642f9b82b0b93a28088cf03557b8fd

SHA256
ebe1fa73fe2a11f0c08aadeb332851fe0ec24b4f788b9b2f00dac99f1793dfa3

SHA512
0eeb796950691a10511a9c9f312d6a1b49f8e18d4f448859223ddb31c018359c3ffea3d6407a06a8d4933adb1b040b17c9ea8ef0a203ade00bccc7481ac9c0c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
2KB

MD5
a8b2db7ab47004bfe61226283058ef8d

SHA1
1df264be9083a0dc0eff9a9cbd7453b84111a1c2

SHA256
a5b51f2f0230717572ff7adc8721a5af6ae8619b90d835a7165935a6eceee70a

SHA512
cd1761c35250c9c6e25d86461ac96e18d9287c9a0bd21d31c242cb690a1a81e581d6d86dbcc9dc8776f4820347d14261e54547153b18ccd8c6622da091cafa51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
848B

MD5
2ab053582a522919414c1bc1aeb9c892

SHA1
a72fe290552ff8e3279097b30baf9a331844df59

SHA256
3727a621badc9c39e5484481b8bc06d4c13353f224152eb07a5b8ac3afe5faac

SHA512
9a2ad3bdfbfbd9879764abad2180179d847e425ec849bbb8589566b83aef47e3d2c48403f96dc3404b5eb56110df32f278431be0b9cadce252e1f300cf175067

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
32KB

MD5
f56f95f3e913b32d9e3ba1970737adfc

SHA1
eb4675b678cc1f3d30cc5aea77eceab666abec5a

SHA256
87704ff2b9863d2ec307ccbdbdf38e4eca450da0e11858c561d3511ebda04062

SHA512
49811ccb18da90e7e53b5110a74c93352ee1b49c89e03edcb6bc2289fe4f66cb7889e7a3361bcecb3aa865855d949c43b2809e929f7bc128c9a2572bd3bbefbc

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
981339688e7170588068a3e154b9337f

SHA1
48d531a24331b3bb152d35e7420e744f3f353d4a

SHA256
cea1a28a68c17b93f3096e4169d229eb77904151a312d14245397cc901661bf4

SHA512
2b2b00f9f0127af3f80f1a1950501a287e165db806ea7424348416637dacdddcc2c27a0c73d9a19446bd509dc2ae2ebc86c3772015f9d66355a6c0627be5b973

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
ba220d3276cdac4791352d092b7404ac

SHA1
de97ce8ee7cf87040ddf7f27c3bcfbe9fc91d831

SHA256
f17ffd83ea24b617d58ded8888a8c07fac920d5291dd4f54479e6f1e7c19e41a

SHA512
03a5afeece5fedf2cf3e9b1d18136a3cc47f2e1562b37a6cf9fc8fdce154edc72a35e7492a7575de5392ab4224a1753cee306419fcb81d0f4725554ae54f8a79

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
9d623a77dc7d662d111e848f8b256302

SHA1
f679c58587db5073e977b28c80713acda49be7bc

SHA256
76c0c8ce892189922ef792e415b768fb5caeea9de70bd75710471bd022389a95

SHA512
4f60d93ee237490694ab4ab3b3cc7cd30d16e7ae200d7bebe5d317e38d8a1d8b564e41b92dc138c6284ff050065780ad5a06464238a490cfbf6779dfad758fa9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
3949033f933c83fbbbf06f71198c7033

SHA1
b8485854f81d49117dd4097aa22e68356ce5f83e

SHA256
41d3fc0646b8bc45e6b0528a4f0deaf9649509f784479b426d45673e68f60b10

SHA512
99f3613038286445c6d7828c114b7bad5ab2bbc7c20a877fd1a750e28199f4508a5e2061e26f04f582f6116d158c7a571d82b54ab3c85f57bed2add99129dcf5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
b05cf084647c76a537a798d995ea5103

SHA1
c852e396aaf258b2c70ec9533113d0011b245c65

SHA256
868237b45c459b5c90b26bc5bb29c5cffe2d6a061decd3407ecba6da97296a30

SHA512
f60d1d2b5d285459d9c46212a0abfa119684fbbaa47ac6a3da2c661d66086df2c3dbe4a61b491f2aa5af4f6bb8ba6301332685f02aae929c1c4a0e26ea2f024a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
6b9d52e9ba8e92d9beb4288863d275a8

SHA1
1195bc2b05704f35e11139e2b38245ef5a6d5245

SHA256
26f0d6cb4f7d450f282124aef7f1dca6cb437a41441e33f8b2cf2299a4bc462c

SHA512
c233638a18551f19d9924307584473923f94d27fd2793dbf6a47e1a0d29372e35e3f8b07aea5e4e4eb6864d650302d57d9c6ffe5d498d3f28ffb009ba1455b4a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
de681b1e23b212ec6da21fc7f2f420e5

SHA1
6bf59d4c9f1d375098eedae209184e77682b87ac

SHA256
5c529bd2db9b8615535a71471a3d50dbc8ecaade03ccffddfdacc31568af8ef8

SHA512
1433876db15c5e7ce42dbaf5f486c827c6e0cb67edb50e086eb8aea9410a1070f872637bf5babfc00b0407ece11f2613a91cb875a11af98532bb35070fe50f78

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
bbb0a10af33cc7c29937f05f77134545

SHA1
c81c9d7a5acab8e8d88f8f19d81f509bb87420ac

SHA256
1c39316f7fd584f9011a5e6329f38350c4a04a2a30f259d911a815f8979d176f

SHA512
aa7f0d276ceea5575c8dd084acd50330edd7847912cae4cb294f3128fc019abbe249cb5628330cba088b0153d059b9bb586f5ee5cb3fd9e27a5f26497aa0b1a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
bd337e7ace04b518f6d383e424059a19

SHA1
4c6e85cc4bec7f5554aa62168886163c1e0fb2ca

SHA256
f79d1484b9cb9bb8ef22415a55f7b8b0e4eb6e14c871d490f817846d40bf1cbf

SHA512
17d0cae088bc24ecfbf5af2ad2ebf25e5d5f1196d80c660045d526f165b619538930f22e95e8e4c095f0c7872122230cd1119c66ae56c86b26c852c5e95c9b7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
13275b93f8b38706b9362be633dfe8a8

SHA1
58b1751f47da09d29a7d9d8d1adc8f8be41ecbf3

SHA256
0ecf6dbf02e3eb0c69fc14b3269eb2f12d7ac66bad5bedfa6bad539a85a84da8

SHA512
7d826d10e0d22b1bee59b37cc48fdec2764f514695c0e99ba4fb702177399f346944ed28ade9373319c364e95b5736889bee263e9e63c264dce74a638d2b0bbb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5cb7a82630a90ae2c25e73c2acab8768

SHA1
6676fbb0d9339447eacbe464d74cfbc8c9c9c248

SHA256
45088f214b594ee68a18afa1288d8393dd1a7a9ce451c5717dd93405fa56dbcf

SHA512
8f992b9683f4991ba2a00c0067ab471ae25b4bf6337ccbe1105116fdba6d3cab3cc6a0224aaa03822e5930f11c9608f44991afcc87157427b0a5e47bd79495cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
26df9ea86d4f9c3bba7058bd83cbfbfa

SHA1
a6c75ddc84fe8be398a8ed268b7b7a84267f9cf0

SHA256
ef05f8994e6beb7b632cfa06fec91af85a18d6115edbfe90a33fc5a94fffea67

SHA512
064eccb45a7fde4ed5da36e00974dbdc3c405642bcaa329938e3bac40f5defc44e4fa1b4804239607bb3101c0a500a2765f7c1a90c7041d28debd94e70e49397

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
bb9cad65cd511946ea778eb90a23c168

SHA1
ab72d1ef2e443881158dfb6251f7d443b4404ac6

SHA256
7c1b584bd401bd48269537c3f36761fd665ff08c919ff1a9d98eb25d16032373

SHA512
70cb8fda5eeb77574b9d2bf7189182e47c4ecdd7eddb26cd6d50165ffabe62fc74b6992c736bd77ceb431ffa29a2efd0369219900cb2d9adcdeac6cbc1c1eeaa

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
38602acefef66df871d9eb9a75d51532

SHA1
794d9b4c46ab65ac9b27ef6a1c9f5edc08c6e5cd

SHA256
53b9ba0a7dee40f52a44fc94e4d40062984d9d74c4dac62a93ad1e0137840e04

SHA512
d71d0c17633ac517537bbd0da784f26ccaf7f74450674cec86e70db8188a8a0b992e0f2e3c0e0cdff85d8941779bbce9f33cd9273534a4d7b1a54f4092b3c261

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
a2490ca18124739a6c017d95723019df

SHA1
3fa18da1cb7076ab1670a92610c760ccf3150894

SHA256
675e3b2b408ffb9ab91f62ba3f924c4d82b460d66621d61f8e4825a30c69b2a6

SHA512
8706f1ac3a0602c266d892870525bffa0b2fdf7d4ae56dd682047002c4070a775e58b1a505cd374b013c87524fd2eb01a4fde37914bcc4f1b5f5ca996a235968

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d34836df9caee90625c718048ac7c37b

SHA1
4a1b002457f9412be8c45aedeefec317dac60ce1

SHA256
344762a319eadd4408bfbdbd277ee582f57929e1391b0b8f084101c1968dd458

SHA512
aea5f5b616f1b06dac9136220c3a25535575a1202f1e731bf1dc304217ec9f2fe802186f69212ce49a38b66405d2ae32a5ff969b4410b4bba789d2a5a46d8db7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
2ccd064d411463bbe04a9889ec8b9a89

SHA1
bd61dca13955a7d4f032382ebd8021373296433f

SHA256
1e18115115f9c1afd393412f036dd1c4cda2d6605d654c4901184920c4ef2cb6

SHA512
4dbb8f4fbfe566c86c536b89d5f58c5917bc1ad9e09a35165a30f463efa519b3327c2c6c08a672eae7c91673eb06d2dcf63c87c2eaff5c4cfd2577567d188027

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
b62ea3970120adbd9d617c0d5e0e6a8f

SHA1
31097c91269a18c618d344c91c31f678d7e03072

SHA256
b82be786fab92a56502a78a366b989ecbc21011f0d572629a9b7f821840ded04

SHA512
6ba539d069673d27c4a3018a7d85023e5ca3cd34eabea946d77c9d84586fb94ac30f5236b39cd0e48e2cf8668de15cf002d101dcf52635b28bd1877753923fe1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
36467d58b29cfc30d0216c1521a8b9a2

SHA1
1bcbf406bb02dce6a4181c41836a307b8838d3ce

SHA256
637a9660559d385e6b82b82c7f45dd8907e16cf85e8500403248fad95bf5e6ad

SHA512
7bc8e02e465681f4bb1039460440ac3992a679cab2232d25794b58ecd7a67844e7f39f516daf76a03daf56f13d2c53fe315d6ca684307275ef82f453078252ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
7ec32fdeb0f384f2591fb5112f06f734

SHA1
b560953751937922ff1b1697b9d93b4e9f1e23bf

SHA256
091c581fb84dd8ae289af5c31db5980db64bb99e95907097f992e93ac18c6835

SHA512
ac24f39803dc385b6463f08681d4cf42439f1ec590fba01058c87c4e79ec27536eb62598de180a87674ee5d800cde90e8513b840dc82e6461d1381ce5483252e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
1b4d94a338b6f1ae9ddff859fb3f9f5e

SHA1
9dfb6aaa7974db2bc2f8ac6a6dffd87d317ee00d

SHA256
e51ece09ca16a27a2e250f4d32f21958d6b09d2d761118f087f47aa0f8cef245

SHA512
65f899c8ea50495a677226c5a8b9f92749783f03b3adffae81f44fdbfbb9713fe7963002bf4c0fc9fb87a441f946f4159e9a01e522a6112819be7bac905a3617

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
0702d86f9248cf84765d8122b91ebf35

SHA1
cc7c5dfef67aff66c892e09ea4cd4b828ec3a17e

SHA256
56d34beff1f1111dfb3a807e36a63c395c06ce126e4b983fd01979e66f5f7568

SHA512
1569435fa2d388a9aa77df6de4d8329d208f74482c63870ba34f86094deda1fb0d72ceda0e20c28bcc6fd3649b36eb82e031614e05b7d8e4b715a95ea5472784

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d1c7e757ab9f5c23c0f7be2a7f8dfc41

SHA1
891f8e06851aaa27335de914c493c28f9f390605

SHA256
a51954e3f6ceda7e87cc2f95227d3941863da7f20fadfec11c5a47dc90d74f42

SHA512
88c6d7f266805dc6d15d55e6d30a0c4bd2f321c8ae56275df9f9c9e15b0263aa7ea4a298d4940344c95b1744451729fbca2a0b0deaad1bf22dc96f75e2974e03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
13b702e7a7669567083cd3e911dcf063

SHA1
64f99b046b208bde8484ec5e09a3550a6e6f6a57

SHA256
dee91dd8918de2627f9992f46e573fe7d400d3042ff5fa0022321cc1c0737ac6

SHA512
3e451f3f55cb55df9cee5f3338118528a21512e12c0161b3c0e70535a5be37374d8602590187043b9e791448bda8a0540d84be88a4979d41f0f25338c6ef7cd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
996ed23077abd065ce54c88c19baf3e0

SHA1
7c5e40ff58046b277da92b2703c63a70a5ff7abd

SHA256
66d17e6cd6888ed852c5607d3b787f0696cf13c1442ccb21a385f256a6f0267d

SHA512
ea0c1b15e549a31a2aa12988bdb8680abdb723be4305dc412ffe5a38f71b12540b3da649b068e36d72324f09e167e6ec5b65d4bc9eb7dc819d47f401012075bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
c25398512a088ae08fbd26f306e7f8cc

SHA1
a5aa22553e597425d95a3d424dced7982a2cb590

SHA256
2578e5e73775db3a6b447270b641211a3f63b070dc1c70b509aed8bdf423033c

SHA512
c44f07133367a5c6f180b650ef220530521bef7107b9e1db89d577a8e3319947df0a8bf76fe1d63ae9fb0d6ee14ec134463faf10563ec6f8cd4ef48cd54b5442

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
03eda3932e6e8369f90572d2d74ff109

SHA1
6dc1f8991d9578fde77e293c24965bd1555204a4

SHA256
1c57c09e098ca620d842982e716d04aae82732117a1ba0df54e867e3eb4fd7d6

SHA512
09a850f1869e565cce3fd8987ca1727cffed8557a93e8ae607a46bbe2a42a6a9147bf578faced8694ebaa88b0c7e2b86a0b5b962248a19e2e8ab5025fdb892cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
981dd686b7284872595174471250d6fc

SHA1
70e6089b8d432879ce3a91d3c99bd49f8be73f5e

SHA256
d16b274ca3af0d71d4977d5af4ff5688f5311a63eb8b013bfb89e599d8922b14

SHA512
6e4b9445046bb5a1e00c098b49ef45bc6b4e47a0c116adfd9394464aa1ef504c59c39370cb086f3358f9bccf20bd902c2c0a78fbe31b51c57813a33ae580aa70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
36b747d8114f70d533ebd4c51922a885

SHA1
25e9e28de0360f0c15cd62e23b736536917744e9

SHA256
da6c0f66f8144287570c16cf4a08a9a5d37d172d6ee7e70d41a91f1d2cca1a7e

SHA512
6c9809ce14404aaae7ffec031b09e76be23310fa1bdb7394ea7ed9e8e4bd3de642199781dbac889af3b883a8dbd720fc5616a14d521da6a9735737b548d1766e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
6fbfbe430f16e79a37702e853ba97253

SHA1
12a6b35178a918f47e1603c8d5ecbbf102e0313a

SHA256
891f2137ce041000356ae297a062c0e9e7e2fdd6cbd32a964727a9fb540a91f0

SHA512
f4856fc2c9ff15166825e1ed65affd451cd57661691b5e94ef0e56b746f5d530b5903e29d06ba7ce0ed16516a314ddcbc50d7e9204204003b9ae8c478c100b03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
200d697cf2cb908b5fc1f3d442a985d4

SHA1
ef291ed5964cd953e454a6d15fa3ff2c45e7d6ed

SHA256
2e3267357061897f350b796e798af57f794c49bfcb44c19186c922acbf36fe47

SHA512
4d8cabfea4b127b5d4f2f9976419c4448347bbeef6bd1e8a90b47e9f7d7f6dde56102766ff7097c1e4a0207fbd3bf5982fc8c586a75d6f52b7781037c6f644d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
1ccad368eebe3ffa73cd98ed4982970d

SHA1
915631315cb8fb422037811f6cef155b7fa37b81

SHA256
cc717fee1f43f3bf5e1fc0c715121189f5938f4950722cf3d6c9a20c584290f4

SHA512
01d52ab8c0141b376b2296054911d6368fe2a02c9463c52b4f10b38d7c7c09e995eb26845c97190bbecbe5e643b1dba2c3287cb838d8b50e68aaa829559be4e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
932268e10c95e47f1faf2fd8bed71988

SHA1
c2dae885bb7790c009f83881122a29f3a847011a

SHA256
2a9fc57a373d33db6cea44e3d7f277cddd9e5e959d0b3d806c9e38ceb76db17f

SHA512
11c6d6af58eac67dc4a4df50e1082956f82ded23caebe4380afb42fbb8bd65103db6f7fa2362fdf18691e6f5b627958607cf620aeac26d29201ee87ac702f915

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
6a4e6baaa7b71153f59899afa61655ef

SHA1
bc10fe6381391b3d8f511fab3881ddb8cc0adb42

SHA256
51d6acfccac02c6e832c0f49f8d92f5166d8e902203d92c95a1aac0fda7be342

SHA512
e6ae4397f363a660b4e7d6f74052aa3268bf84af272d21fc42c19f79965ea7055f6ec0b2c14cf11b98394b3a94c6f14e745b19e3c652de48f138a51cfd3ff721

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
fdb4664c1fb8caf180fe463c692af624

SHA1
7b7663542601d789f740180dc4b7ad8bbbb6b306

SHA256
ace79767e88a549308d8eab398049a6340cf0eb31e583fee147d75ac37509f4e

SHA512
71915882085449ce87a4de176557a6570d6afa5f92844edabab690482bbdcdc670402add23f57c16448b09240560d7444ffcecf0038d08a86824b359bec3c622

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
0a309423f831ae7bec15e6f47fc30309

SHA1
0f225d3fa7dc049019c09db441535ffeb5e7bef4

SHA256
b7935170fc9f35054b845e48500f4b63fec75317ffce53ac87204ce2d0986644

SHA512
ac0211de160ad7d6be6686e0d6dc769024d4d665adf7cfec522dc725e2d114aaf6be389cab51a3d343ac160d6b23fd14cc6831b8a2bd8f57339edd775df5c426

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
9f16968a25be5a80b649a49b76733fa9

SHA1
657feb2c85e508a854cc7f7643c57148015d16d0

SHA256
07085b668c11cdf47010acab9ec86422ddbacceaa55d61ceb90a041000f334ce

SHA512
c92bf2419020554e3d232e00d78d51dfca1f925a979a6d64391e26a39551e805f61a8a0a4d85e9c868315a5e5b5957c5823002a14eeba1fa7921a7e7db8ea5d7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ad82ce5afeef28e4c06d821935ae9646

SHA1
212b69fc3c7ce2a5f7535ae3c8f26cad5ba683fa

SHA256
cd3d84f732be72cada202d85989d7108171f937513ae9b81a45b0fb2703d7c93

SHA512
34251a4863692f80e5343c1c8e9ad08c1de3c1118d57ed9c73e4c035bfc9dda23dcedadec6e175c015b7b2d6c0131862236fef05965062981e0d767affd7366b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
b852825d313f930524edecdd11bade46

SHA1
aabf53ebd1e6772a46af381abbc1449d80954346

SHA256
ee0a33fb641a4c16b32722317aa45e9903d84b8bc39bd1b8c52bc12fd9b72422

SHA512
d4e42c2767444edc96e1324aff2aad16639ad03f2a7322d37c1c27ebca3eab6b46fb39abc16498ec8dfb9c9a949651d0cf36a928c14c1c44e0577865e1c6d996

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
95ee708fd7226ad8e071932c166bb9f4

SHA1
d632400d62889f1e57945e6738192cf6e602b664

SHA256
8e8bfa3930c7d9f8e52bfd40205f7f6ffa78ffded5fb58cff67c75061f8b1a83

SHA512
faf76fa514252a1bb735b860aa3b7e46ae62d4dc081d3030f3450d966ba3c8ed72dec5dfb580e1ee1d9c7cfd285d774b264accb6dd32c1bcc2156a9faed6c28f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.fantom

Filesize
11KB

MD5
7210b61ad0dc0e11eb275ddc428d5742

SHA1
636da6eb4212b515cdd3dac51a68cc0201e5b38d

SHA256
6b74d8cd2d726d736748a0b0abd394f869ef1af534e5e13ebf3efc4277749d48

SHA512
c6f70a712687f0401391c48448df6de45ea1ae512c478d02c985fb9a8b67174c44220f52954c866c15f2a87d8c2c4745369b2e1402a77b3175714e3b7a02c994

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
6725ba8f469940691b264d4b0f34ce65

SHA1
3ea8a52e5587346494acaa38b27110fe1d91e1e1

SHA256
44711c9a7324f32241c8ac1bbabbb7d3346ea1cbea2e396127cc6e7f9c591096

SHA512
5ba629bcbe1493a3e5cf66e0adcbc31cb4d6b937a542c7e7961fa481ad0f1f8a9e075df8330bdbfaa9a3ceed2f3f76ed56267dda9a2263291cbeceab88de2a98

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
477c74f080e5d8d22135c447623d5009

SHA1
7a3af0d39efe3c5c8d2f3c3d810451edb5b3ef42

SHA256
0fbc37ee5ffb4a016f7092ea50fc3d9a2707af871d651ac0187a3758b3368f93

SHA512
c1446e1ee5dba085df3777d73b0039b9c0f68e285b89341c6f0cff8bae1080be5afb24b7d9f0038e731d13b3794121cd0ac6f585b65ca00dab2f6eef45d7ce56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
513e62c6e0d5e88debdf3f3c784c0316

SHA1
c003d5c705b99ba0454fe88b36b827376c984345

SHA256
fa3b5293eced1e0150528582db7361bd151995d21ef17996d66eac530b8bfdad

SHA512
a63362099711f3e2679a1cf6ba9e0a0c395191f8c6484e0f3453101f62260ccc219cd82e316ebc419ff3230e176f260e3324e5c70e3c97bd5dbe58e6c1308a14

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
91b8df54ac2f4da60f004782dc4f58d9

SHA1
3e574c85c9267f84cec6fbdf77c62677870b98e5

SHA256
21f350494279cec05e35dd969e0b4b672bf9f7e49c5f79ef4d7403ee12f5f662

SHA512
b0defd70e58b9a3226ed3bd7f5da29da32bb4fcd102d953e4c50e2c107dca56d200053615c00278302fe413a0bed85cefdd7149732bb87d3dfeae590efdd723f

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725f5bb6a2e899e5dfe2e084d50c5952

SHA1
92292cea6162e3edf4b2dcca41c625bbfa796127

SHA256
2f535f18a77b1ad9081c3726063767b6330398eef8db5b471836e5a2ce64c525

SHA512
48620eed4bffa35ddd606e6e992c108a83a7aadf33157a27e1fed185358c72d1f4f15fa453d277a15af21e3822b3cd643f06fe9ef9aaebabec5dab2a8136a8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8e0f5444-765a-4375-8da8-cd3b2accb070.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
73b04607f1b64f69c7f916487bc8c4bd

SHA1
76e389be2218ec86c1e6c95201376c308a788f26

SHA256
f25d1eeefcc8188c9377ecc9afc53311b0304ac4f907165d7c5147ec82197301

SHA512
b849dedf4065e06b12a6e1f65c719387653b6f856d35fbb83817f2059e8439ceb6f3da31ee640eb7747d89d35b7f3c4e4b50a2fe3c66890710fb89ba20b68df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
4689c0d2fa46d3a6b9865afa31872dce

SHA1
07b313c04346c0647c1ca22acaba3546ff67d589

SHA256
9c54952dc798001ba0321ad7e66fe2e86db8c11b7013cd56609cd482ed813c07

SHA512
3428a3e0c5f0833e237632538d1e567fea8996878292bfab6f4d88a1b8d6aecfa4e031b3410c4a72544e383a2dc9f47ef6ed576ed29abdacebbcfb7bb1cb6257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
d15e480e0e485a1bb94ff772ca6ea081

SHA1
07b84060e8abaef549a3bbf836eb63445832f0e9

SHA256
8b0b879e50d6309e735c64c31dd79413fd4cc51b6f379667d88ea007dfdfb7e0

SHA512
ee94c8f50d7714df64cb841c9524e74237d3cd4baf1bebd16cc60629a5c74bf41563b08b7709c3752df6195b03abbb938765e16991a5ef12e115c4fd4dddc351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
728fdb2693bc6d9a7d527a64bfe0d927

SHA1
46d087e42aa5b7bafdb494ad40bb3f61b7412f8d

SHA256
3552ff2e470ce4ede2b82218c734d66ebe1a24224abae365d0dc7fb376a95474

SHA512
b51fffb9c3ddbac5b2ddde6f9e8d27449656dbdacef63c7e8d397bcd0cfbc75c41eeb907e90728f42796763961099210b2c69fff7e17a7255d2a9cb017bf8f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
36KB

MD5
5fb208dc0531c11e8d8f90569399c37e

SHA1
6ec9b99b28923ed0455368c066e16e272713451d

SHA256
4823138143af19352d4b7a35783789d390ad5ce6737a93ca1a1db8d830a13d1e

SHA512
b90b0e5c9bd0104516f51d7fa807f9c51f31ecb35640924841f839bf5f45a1377f10227d46385e617fbaab15b0f885af53a6df2fd68db93a29ec98d7b5b99b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
e481d68d48cbed8293008a622abdd687

SHA1
342c98a4d1ebe1ad61ac37c0931d11ff1bec7e9c

SHA256
cedccc8deef98421a0b99f5e82080639f5e863e71aa34f6ff03290b06433ea9e

SHA512
91bfa768f1e9bd2abf27355f6c23912b4f5074eb693aa394264619eca017f46e038ab8c9de9022ed4b83725a5f1d3b4e56f5196e9f7ad45d8452d638bd434076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
6f9bcbd9790889389f52578f0c27177e

SHA1
941fcd07ce8c21efda837ce99c2c0c532a153115

SHA256
f83e87421cda34647dbbbd00cd215a7f86445af8b2e550fc88413a757b89caa6

SHA512
8e20dee4c862b915790779e05fbb8bcb61d686c6f11f9bf74f459ebb97979e590c5fa4aec6bd83d9eaa68b2cfd6629144b4123c2a9c6757f777593dad313a0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
21KB

MD5
6ff1a4dbde24234c02a746915c7d8b8d

SHA1
3a97be8e446af5cac8b5eaccd2f238d5173b3cb3

SHA256
2faaca6a253d69be3efb96620ba30e53ecb3de12d5285b83ecdba8cbc36e7311

SHA512
f117b822aeb0a434a0750c44cbf4cdf627bfebc0d59e266993a4fcb17a7a0519659e13b3bcf8706eed7d80d0ce33b0ce5915afe5872c37c010a401dd6bb1187b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
58KB

MD5
3bda72fdd71d021cc05be868c4b4bb52

SHA1
43905c354614bc8949d62ad02842ff3b41dbc6a0

SHA256
2e345bc0aea923ba793d478be693212dd5232d0bb85a4b5bfecc34eceecc2d2c

SHA512
52d4f77f715dbee169792ed2ccf79a9f40f5661e38cc333609775d74acf53df17f11989e6beb0eef1434754ee326238990c237abdad5212268350f07f2cd8bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
41KB

MD5
bc6094074becc143f02d41a4ff0ca28e

SHA1
dc1185c7aefa4575c65da20db1ac5b431ab94adc

SHA256
37b3afa4735064862020dc7ab81af0dff74dba35df9e31297c3b49d7bd3b23a4

SHA512
6117847d6e34f933c58dd6384be99d70bbd3c9db8ae08c51b8a7386e48b89e7a508180d54d66cae305281632ff0ab548588a7c2fb79fb3df50f2e0ef322a758c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
107KB

MD5
11341f03f951333b4309822a7ebb0907

SHA1
fc813cb6a262e6ef9991bfa2711ba75e7a0894dc

SHA256
99aa368241f22add83b34dd05541d726ab42a65f3e9c350e31c0129684b50c1a

SHA512
089cbd6d797f4e086e945dbb1345f4023fb0ef4daa9d47368ae7f253cbaea7b6236cfebf0d19741aba415ec4f1c3443050cabad756c55514ba2bc0bd7442bac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
22KB

MD5
52c8bbc9324eade27e61d83b9da13487

SHA1
0fa5af3371481364e35348a33ebc70d7a261f5b9

SHA256
8d6a02cbc9f782ea1b39a81a98d2dd1408348a5a5fa5c9734d2f31f033401912

SHA512
8532e432059f01556ce2266c67f1f0cc7e20bbd61050fa8e946b0e2fe2add288f812b94a483b9acf2937da073c929a9980415f680c66cad50b063a8f9af4f905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
18KB

MD5
0346ebe73b21667ad74c6e0583a40ac7

SHA1
4c75eafd2ac666700a1e7a36845ef859b1e8131d

SHA256
9df525b3192d1c859c90a82abbab4b5de63662e1374de09fbc381b55729a8d3d

SHA512
e27348c6f0f91f8f06d7bf9d3c5cb4b15d2cd7a0f8badc4822288bb63b740985798c96fbbbf1c30d67c59c58f08bcab5316f85a0d4876b67c27172db1a2c4e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
16KB

MD5
856d0c433e329038e1b97aa830ee7b59

SHA1
1c2ab9631b461e4eb2cea3d420eed9aafbd085fe

SHA256
c975610c42aaa8eb8a2ce209f38b16fd7e11ad67db877c8135364fed10e5f5aa

SHA512
b36724857b6dec1cef63e025e5b3df37110304db52533af39d870a264720fc7f6f444b61100acebb660c43a6547bc8b78b08079aac117afd1a8338c0e16f3914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
65KB

MD5
ed03ffae984ea7e93b3ec053cf921f6c

SHA1
5e84154c7b177eb65496e62cc678385617ec9c29

SHA256
841e8fbd5b1987b8e48c4e365e618a0fa208432d514359024ffb96a2207833e8

SHA512
f73f4825f633bb1209d4cc5d99ca6720adeea7e72f63a0265c48b14b6cf3853104ad3271d1580ed667ba56ac0adcd20ea4608b0213f00055dd5c1f16fdef59a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\165c09a72f0bb2cf_0

Filesize
8KB

MD5
1f78483eb41f9227cf55f8fab73e6441

SHA1
864b6603d9733d7b1482a840f7eb4d4b77dfb891

SHA256
02ed2208475488bb7d6120e8a9c85be1ac35a331aea31ae3f9a663e7f9ec0f3a

SHA512
5aff8e7a9a1cfa8889f4714d067e92990ea3ffacb800c97100726034fc177a0e83a3e475d3451e15a476186534221bfefeacad415a94bd24261ec66228a686b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
9f28dbf8196ebe20b86a7aad6f17d90d

SHA1
25f9e9667710057ffbfa789fd0238b2d2079bbf6

SHA256
71966c4fd3887186938bc1d18e9c02b8fec3b9b5b1cd8069d6e3ddaef25e8c69

SHA512
ff13fa5112faa3049e7c7c957959c850dbbe09d27cac60fa412ee189c88578c4d66b8aef64aea40a2e0d6a466553a2db4d8b764a9ffa28d427edace06daaa877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
13f712912da0625505af7c438763c395

SHA1
1d839333550765f1178c7e0cc3bbc1e80c7bcdf1

SHA256
08b870c6b89e230559c94208996aeba3a5a1a5f24e13540bb6e3fbf12eaa3b50

SHA512
0de0a1568d19fb10a6048a301a03d64350bf106f708f3f4e31b0192fca07527387d367d63b4a05a218225b4391c9782857d2dc141ab294ce6bc87b0ee71c89a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d324b4f6e349394ba0aa9a343c775d4b

SHA1
ecf0c787fbda6679d8656107ff259c223af32dd9

SHA256
f622709b3705ff0b5862621f3bb8d07d5af5fac4f43dfe1d3a48456bfe179247

SHA512
a82202aaad098288f6460333cf30659c865d44fc1f6e45e2eadf962a562e1096eba8dced090b0df1615771780fdcd89938a6a7f854d477b8d9a4abb5bd395eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2be1393c8f2bc414c074bd2b81d9fe06

SHA1
0cf657a3888597e2eef0306b757f9b5aac8bdd49

SHA256
153e16eda16b2749bc30ec7cc6ffb8a5d6719e9097c6c1d50964dfe3c526c180

SHA512
2783186c9f95bd2ecdccd43d51e09c41a4f39c873dfb4143b2cbf7f47c0c234200f94a04ccc9d9afd0d772c25303444362350b1111fb9c1ad7c8e7e196ccf81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
6dbc6a77af36a063aff01e1ad0a9baa9

SHA1
593135b5862ebe4b9f1660c1930d1f50314f5bdf

SHA256
c26ecf0789d88d90916a06286d4692943ec05d73a3c9294c56b00b8386802f56

SHA512
05ab52f1a0078627d43d86c15e605bd37ec7eac7a884c79466eeaee4bdaabe641bdfd843629c3d712cd510060f07f884de56ff38cd70456b7edec81dcb730a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8c751659546b12d9fd188f5c37ab99da

SHA1
1530c19f5a520f96f81484b83324576ca6808705

SHA256
bd7e2b778f77ec8252ba4bb3c647caec0255e62049ddd8633206d5abed0add58

SHA512
9eefeaafe0f81f40f59c1a6caa58eebf7820ca436f565144e751100865ecafcf2d573a5237c5a3f5d8f99e47f01247049a5bf26a2c572987cb468ae79387b353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
4e2e997da0ae227057e074c67afdb7fa

SHA1
0a0b4db63b5a84f0bbbd8b0d472e665be69697cb

SHA256
e8fca9c48d54e3405ad60c23ca5eaf2f15fb9a1d59b3936f178fcfac70a967e4

SHA512
cb721fb2c0a687fdf89041d9baac042e45991bdd57b1093968e16ba5230741f027c358c8e9f45bab4bf16461fd9145dfacf596e418f4cfda60694af4237ced3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
c73ceb946a84dd65c7571e065361ff89

SHA1
0188249b60156917726cece1be3ed2c5157841c4

SHA256
5ac5fb30df32a601b6b949cb1a86f869a07ee8b35df9d4cf2a2187681e699483

SHA512
f67fc989f0af95783654b6258b8061ec4eb69abb9065db26731eb76e735e6914ffd25b6ebbf4e018fc6899dbaa711af689e62fae4cac97d75d913f2047c2ced4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
12ad8a5f6d579d608fbc5a0002287634

SHA1
61e05ea551c7e1e9df9d340f9caa930770d8f325

SHA256
e6e40164d7337a0b7d25e6a0f7332b0e2b5bf8a299032f2b0f57955a7b03320e

SHA512
021e38a508695d4c290f32278d5a3fe27f2cd9dedb4e89820b2b16407dc1e206f1c6d03bd45de00b732e369c98ef31b680212f5b732f53c691e18a5a289a409a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0be1813a2b822cdc55f9021cb582e53a

SHA1
2182d8e6083f84ad35be008b6ee6e8421b9cb9e0

SHA256
718b445538295b1dea8726842a74e3e50cac094629d058a588728c2da52d0d1a

SHA512
565a5676edd70ac4efaa8e4776f6737f40c9456710e925cec825d4a421bd574733795d85e84f66e2fff2e8a0ef28afc9d7d356c541eb8f2af8a705c030542684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
eef233a0094e11728146d5d59c9eb8c3

SHA1
2da215720091c0baeaa5063292dd9d16cb4137bc

SHA256
1aeb6ebb57b2a832dbaf3bd44e6015546164e2731c56ecf566bb54ab148f2a10

SHA512
f2a992c68fc4f271f62b55f4af1c4a989c39d7f844d30a4038d059b5ba83a54c87513f741b3a3ba24694d81b9ea9da17688e3c7df97455f6ffaf2968eb788fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f0136dca4303b34976b77b6836d2bb19

SHA1
be36988b06f173f66cf2bafe79c2e55517ec5c4c

SHA256
966792e73ea1243854065fec0dc4ecacc3bf00b4c90300bdc10aa4169ad77c0c

SHA512
300bac77ba93c0045fa1be87b2a721a93a0cf1dffe052f9a953c7c38b5c317c1a02d19112d9804ee2b131f915f187674471c66f5b06b5abc0c2de85b9ced9ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d1db8bd988abcdc5c3961492476a64ab

SHA1
d088ec34e1dc23132c3cfae618faf059c33d547b

SHA256
be0055c53de9a7ea19e2a8c666c72137e7546715b345038f225f594784bf5dbb

SHA512
daae6b1036cda6c09c35f71df126f33d46b328e046e189c38a2ab745d0a0454c82999859a6cff62aa1e2558cb0a210b5e9ecad82dda7fd302657306cb0a0e44b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
50372b8ffcde0fdec73b34d59b83d7d8

SHA1
ae6a8b63a766090b784e09b00d853c5caa19852c

SHA256
f806c38f137ead26c6aa97bc4f78420652707043aee03c9d88395a86815d03a1

SHA512
4c93d4eb31897a08aebcb30923b483e970acfe3a9e86cce2d67f81386a8a8ba22d9b9812f0837cb721046f4e4bda7151505d7f6be34fbd533721d71cf5d5f364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f83a2e77d88ec08d846962e891f9c4e

SHA1
acec319052660da2efdc48d8b08494a172e6487c

SHA256
e36230843d78d16064ee5163bad69aa561ff1d47dcde34f289edba52fb0e0f7c

SHA512
f4d92a564f1dfc7ea374b06d1fb1f2c9bf5306018de4cc3d7aec044db41421152c347ee5f24e3699538190a11eb104279bbd1370b7e8580d9dc3b1e698b99bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
82a8a41dd8492968dc49b04762d408ad

SHA1
fb69321f7a2ebf87a60071c725bbf3ffe2a992a5

SHA256
6f85f1b252589584cc9269fc1ced48d163b0fd7d09c8fe28a4460392e2777e69

SHA512
1dd4c10eafc2f85a0255f03220ec8c2087a4f7d5475fd2e821771580651d436eefb46846c560067d048bfa01767e4b3fbea61e5fe17b09bc7fefa8f6cf4daa02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa2a9a35d677ee74dff07be4267e4569

SHA1
d733fef1efe89868564809be15f27849bb797ae7

SHA256
bba359912ca383ea6ef6f826bbef9383006faee83cc9c937e330737656462ff6

SHA512
216708a4cb5d5b0ad34506b828eb8bc171765eafa5991ff37bcbdfc261d2c9671da77860a9432c587124f7ee1e304efa92161a4eb7697e60c1a5c949d719438b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc5cfc2a46708fba3229c66d38ec52e3

SHA1
a8dfbf8b768c8d37d3adfb890f17ead5610801cb

SHA256
25bfe5d14d6ceac01a57a2ea285f43100910f160373202865377704e777d5c9a

SHA512
46545e1dce123b0f7ae4cee5794977ce634e14cf1feed5ab90f511223426096be42a23d7026481c1b0f984f86dc976d8c33cf00465a6ba25d702062d3496228b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc937fda11cf82a0af79f83803d33979

SHA1
7d55f9cb4f9aa565ab428244cee233ec35e30e8a

SHA256
05e54c35f31099d0146536122776a1f07c05f2586beba753707e668b6876a848

SHA512
bfb8d311e4fa01267134ce15d2505d0bc0d7dbee94f4947389a012d8221c997d24d7fb475c05da09a4b61ec848b8f10158484575edd8994451ced83ce47218b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0ec694ddd24950fa21f2b76cc910d976

SHA1
4fc86316b7360f190f0a3dc062bebd38c1aac2b5

SHA256
6edac631d6ffbf39441c27697cda7cf044929ac20023afb92183027939e0f896

SHA512
2ef6e52baee72150080001f5333ff5c32511cac001a780294019297ac3a26ba270b8f688b35f1ba83c9041d4d69813fd64a5043caf8889d476dd0f6844f62e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf52c388fb2a5ac16b17d2b3ab3e1814

SHA1
b22e10028ca6725966d67ba657467ee6a798a2bc

SHA256
b02e941f91e15236043739fedf7f79ddf94fd200a85b4634aaaea25b2ae567eb

SHA512
62e43fc68140343230789152a1e5ecfa6a1ad5159bc55cd5e6770b41ccd18e930729a45b0a8c01d3428d14a7ac05fc5af3f9c98f558916181b2770c770d29845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d67cfe821fdc877666dae6bc4409fff1

SHA1
a8e9998bf173be6743e30c723b73e5485d31dea0

SHA256
c888f8cedf9d6b0a85be44db6a3be6a036757c257f5c0d6b16583d4e6eeeca71

SHA512
9019f621abe807b2f6e69f25ee8e15eb449ecbe10efff6f535904e127b2402e987396aba4e24f0310cb88e1dc7480607fd6b12cb5696469dafaf3a1e3b167b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14644dc388a43d44f9180ea755d10e2e

SHA1
8359620194de8e1ce776d221b7a70bdfdb9221d1

SHA256
4cf97b8fd870b65d9780c8afb2118c96136f68aae6169f7465b69c940dac4373

SHA512
d4cc430f5ebd337ffaf325ad29cdbe229b45916784a96cd0c99a32cc72662adb1f6392eef9995695b8543f51832b0c88f62b4dea04234430a4aa84bc2d5b97f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c70242b98799e3035a79da7d23620445

SHA1
23deddb474b58fb9b7e330cbb2120114795d3b25

SHA256
a94b77a9f2bfec18717ce87683c2494cbad3c32f59c7d2c434f2c6f6825d0d94

SHA512
176fbeed57bcb0455b0f30f966e9432aaceed9660230dcf495dc379af7c0384acc9cd5c094e989088647065ffa086e109cd6b56ca2763966d28209cfe33b0db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a735af69e3607cf6bd0c07ade0a6886e

SHA1
6e6b97c48e08c6d0a2ecbab2a45b0b1f91477cbe

SHA256
f610168eaa3611a6017a6f5f0ec2ac684d67d4b0670caa5d3df2ce0e60f8fe02

SHA512
af3420a860c97f672329ca93c7e68dea8e3db26cbffa8ca3839b316accc3fff5772e670d495f8f9e149c54c9a4d8ccfa36487256afcc0c2dfa9a14a164f89e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
117700045e60381ea0ace4fba6862a06

SHA1
836121047135e0188a6ef7f85e814f16c6d13696

SHA256
95b26affb166462d1ac17dbf3d82c77b6d3e44e166f1f37500380f0c8f1d7237

SHA512
a4527bb307a1e567712c0ffe051b377554b45dadb8dd68d4a87987e2c81dd1ab41e5495f9b5b24c22a75bee120e309d0fc489b28d19f8ee0ba61001a7c4c794f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d078737f16ded8de21d7a7af6f1d73e6

SHA1
cc677fd6ae8800bf2ac384821f91b7e75ec950f1

SHA256
26815d320bc5e4dd85eba2890ac734502176a82637c3698022e0173457e64a07

SHA512
67dfedb41be7de59691ef1127bd4ab553e42967e24b4feec9ce7bc4a6358b21d7b44bca1aebfe4ea1c5659e6865a600389a2cc59b64dd935ad4666e6677be889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
652dc951a14914433b951e34405069b2

SHA1
38cb7c25b42a2660f970e3785ffc5b27b2283820

SHA256
dd1f50f7ac67d47469e30b7c00908e1d1342c7e2d59a89259716c1d1ccb9b934

SHA512
341320be2377b44daeb38436ae6baa8b8c953c35576a99e83c9b52bc64b595c54edad85df938cb3ba688a3e96749316190df431197df3a6b908b2a986cf25e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fa95e3f5-c608-4e2f-b86c-a1cb29eaf600.tmp

Filesize
356B

MD5
590ddba61b73e9a99ede9f85884fe129

SHA1
205ee902ae07ef408908a2b9ad4c1bb58e3b0a5a

SHA256
be4bfc5477f54683f8dbbf7e8e725aa77cdae5c6970c5018e776a865e44b3491

SHA512
5d7f6f7ac1bb3c5997425c66a25d32fb4a0c5eb17619e77e320417a6cb9c0d1aa858d183565706df43b59b1c1fff19ec4000af31d8d0f57ecdee0586d450eff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80cbe2efde389e084121cc5a297d7e84

SHA1
0881cdb08bc90bb1cc3040e0dda0373ef866c08c

SHA256
3721d94985305d9b58c4f4b5a0559a1744bef25cd117e76737c51e89bfebd8b2

SHA512
08814704fdb7f573f40245057d451dbfd16c8c413834c75c11c286f692050a95bb332c1b9c75d678098e324235d030916a05fe5c42943612d2f325477e9de67a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea5e55d276a84d6b5437fe778c1c8699

SHA1
c3d42ce2661c9cdf82d6a560d852b3ae2561ac49

SHA256
724ae92fb3306e7154a16a99570d9a9725d61122d7946509d76ed0eb26511562

SHA512
96ce4841e19dccb46ece1b9c309b6d8b6eaca9df8f206c71749759315ded95031f4aef1541de30554b26f5fe62f5173b8a2257f003cc5675b36354a84ef48dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4330ebd907a16466235e2ca7e8daeed

SHA1
c8c780f67c4eec80a7842581802b714996776157

SHA256
9f45cf15ac1329431f655a10176ddf5046e3ebf34b27094e23d1df4b2aeea966

SHA512
39d543ed1ddf9e172269b526ace0b53e7ce60d097e2e8dc64031562c05e181963e80383b7046ae07ebb5600b54a5193877f7c11a99d45d4b3c791db989171dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d201ce0134580632f4c781417d4f3ca8

SHA1
972ea0743d2135162275eff45d20ad84842608db

SHA256
f9447c0ddc0befac7e4fff0aab98bb3dc7a6a11013cb8dcdc186bcc0a06a5d9a

SHA512
dd591c571bffd4e6abda38eb7d7b13ab9b2c9f556839dfe66a7188f7f34e540682bf7bc0568b4135fe088b24b9f6b029984f2752f472cc525e498092d07c7281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d96a29d7f831bd96254da44326420be

SHA1
c03a913dc4ea95d08876b3ed901ccd5947ea7147

SHA256
7079852f27f2d9edf3fa3579029197d91144f55b75241122546ba819c9cb5927

SHA512
6516aa973e964df6b891e12f605bc2e986412a1d605b3eb3cdd8571f0554c45f27e0a84c7713b2783373075c28788ac3959ad61a0e5be4624f046e0faafa33c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e94fc73f6ddaf403e20479a2c2f8e2b0

SHA1
5b0d752fb255a7fd7607727d20ab4eba933c29ac

SHA256
8e2e150dc24d8e3fee83027f6d242881b9756ec0c03e289bc7970c54d50be70f

SHA512
b8081596eff12baf78da9fe9c4c279829f59ae9a7a2df3d3ce2a74d9bd00411aaa7c07f4d9b8f4fb3161cfc399da959f04e7be55556d0e2a5ba97545a5961418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47f1c743f2843ac558892a8092412259

SHA1
f56ec8dc09b552704cfd3efa30d43a48b4b8d71c

SHA256
0c6c6d8be1553853f5ffb3a39db83a645d4f8541a8dfcc33c446a1119689e74d

SHA512
671a2c001ed67d4c1f97567bd06bed5e9ddba7bcf5a662b58bf41e1e691c819aa24ca75f854e4c5eb33714e66eb5b2f6f62aa1ff6763c1167c181947d8edfe0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a42df82a5e47940651724ef67e5a604

SHA1
49a9eee61bca5526d4d297aa6bea88ccc485f1a6

SHA256
9514aaff281ee5ee06d696e64123d604021f1171d06b9625b98e0b97c93c6e72

SHA512
0618fa70d0aab66e7497527710971a7eb0bdb125d1c32e23ba552377e9cd553a8ba98b4b4f6ab3bf095a12783f23a4efebfe82ddba6d211d1263e38ae35350f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2140adb16de00f7d02b1f4605c6b4289

SHA1
408969f83da572e3fc8118709f6530b2c7529560

SHA256
49ea21d43c7cab16716502606814153b6bebeed5d41f3d8e0f91d5acd9059e16

SHA512
0bde9a276f24672baa443ced1e3b6093598391e0bc24d9c97dc40ee5b16505aadcf0508b24d3c4dbef46c0efbb3d612537bf9cbd0eaf8845699f094483aa24c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
584d165545a4f45161a90954bf2dca4e

SHA1
cb670b061475d6751175b4ad0be45efa9d27f8b6

SHA256
12197518fb7c3eec8cda45b3f680d65d873335a4940f0f901dbff655c33d6458

SHA512
42fd445e4dabcc7453d9289036e24cfbad6d77ea7237f7b3a3357a7b69feae08caf2e9c62a78def98ee09ced8d01a39ee7938a08fdaa928d70e788f6f827a3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94b29c0089c424ab0f3bd8f887727949

SHA1
a0cfc77815fed3bb932a5282ebbfb39c67f4db59

SHA256
61f9a5fbf613915592da0567810c2b03337f4fe56e8abc55e188e70e79568e5e

SHA512
fbac41d041a14334a26ac583607d7bfdaabf52aa620529894954bc9110e92f6c736a028804922b064a883eec8636c9c44e118779110f157e495a3a2564ac3eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a37055f2178a3232874402d9fd63f5bb

SHA1
b5e6f3f4aaf1b2c07e2330c940c71491456cdd21

SHA256
07086cb3b2d23a8318fd66095659e1c24a21f2e93754de2c8c99321c1d8cad82

SHA512
7c4a7ed29ff19a0746b9f79edf1fd68e59c29aa465f3cd5067196ec7d10bdfa210aad1dbfbef6093c389a98f68a4aaf6e244467eae019533a5403c0d184d77dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29815906219605d01db913e0c83bf48c

SHA1
2daad0e3db649b7ced262ac465226d4296692775

SHA256
5dbe1ef7f66615a9a9c25f6afce87f56b31ca2789d2ad676a4477f17aa35743f

SHA512
9aeddd2ccd41bae009fc571761d54d169206e08b89879f88103db28cf6141690b1fa6e598fe5d966ec53dcb14c2b9e74875f7593cf882fc57cd7eedd47db09b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
201d9c67a5356320a721ec809077948a

SHA1
c926be6a00e0d8067b064d7a21a604796eaa0a95

SHA256
d23cd1cc182242cdd9a410dcbc0eb1e9f0fc3cfa233a061ea46d5dc527157ce0

SHA512
639eaa08a884f8cc11b0d3309439bf7081133157894ff008b51d7c74dae479aefe65d05e9507209bfdc53fb56593e81ebc0b0eadea8bde272f54392b1e899dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36423b5af0353357eedea1543dfa3a95

SHA1
b68323ab2a0c0ac014ea2852b735ca53c5034161

SHA256
55b1797781d970fc084655d9eabdef3a40268bc64bf4910417a43930706a066d

SHA512
effd40b59916112c1fd7da31e745b853f9d791cdef4bf1513383e09d7945644176066a9d6c1df29d9f7413305c83ef8b0cd6864cd1b2d5936ab6643651cfeefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a283556ffca573052c024167e522c2d0

SHA1
f8c2fd85ccb1e4153920cac119a03ffbc8a76f20

SHA256
ade4af616e68009b0eb04786b7d10ea17d1eb058f03d47be1a2d13b670b255dc

SHA512
facb575efe677e642f95fdb633f9ef2ad0bb6e262ffec690b748f9c4fef6427214cc03336b6facf3a1b8ce881644bf68ccdac62d334219aa7d7a6b3a4144b5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94033fde2cfd6f40e4ac8a8a6718c390

SHA1
56d247644e6c2d1bdeed5bac7501cbbc3bf65841

SHA256
af64d1a901d9e5c079211c6a4de51a8ec165f2e160510b5fd08eddabd36128b0

SHA512
ca7ac4d40df803b790fa84f767f7e3cace88eca2914b834666b7ea95c47e53ca97c1b495070e806a16e1c925b4bdb03406e6dbeac4160f4e94159ae4e2ffe60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bee4739af2abb30888c9f8a174ce905

SHA1
1645e9ce212fdc97b20e0f275cff5fa16c64cb7e

SHA256
5f055ffcd8bb22adf65a2bdad6459adf1991544d40f81b3b611f15f58585186e

SHA512
4f0fcc3b25dca658d1f59a08343633a346d24111faeb3054ef76e0c1ffc847220197ad4bb2f64824ad27ecbf4609ccab8a2a3b5d411495ded559aedb77b686d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c70357580ad83bfed1e38b75f762bd1a

SHA1
e42cb0fb169bacc53053f0fd0984537574c15e70

SHA256
4cb5983efad66ee9c74de7b0497284d243fcafe5f1ab9e1b4678b4d535a0a709

SHA512
248efcc1f0fb4f1edede460b121f902a694be13d8d468fa2f3d84e74c80c51dd3a9018980a10006ad3ec953a9aaacaba69d39fcb08b200e9b9c0f8e970028801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca79fed46f128895b8503f18d853e9e4

SHA1
22a98cafe4b25449081c03aa77fc6120584cea1f

SHA256
fe76e1c95082faf11918450511fa7a294dc43b0be7573024007882d8ee2805b7

SHA512
ec81caf423521cf992d32cf6fb08bfe2be6514e4507b941fb0a60c5e905d67a3237cddc62814f6f10cb86bbac2bc2204ca3f4a768c7369563089410a2c76f8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5176bec1511fab6cb0a91b09d81e4b7

SHA1
ee4abf3925a123bcaeb589470d611ff7ffba5843

SHA256
48d624fa28f4751bfd1229f13dd8b4defd58ec1a8641860a80a3e4d656d3f798

SHA512
74af2d72e205a270d60ee9b3a933af479054e290d0a2fced331e830b0680f9b11162351a9e48b8e8ff83dd24cf8d74383e7b07ac695f42a9eea70800258795cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07f7c3181ed4ddbaca311bfa40aa5222

SHA1
e3b971a8be98cb95ac2059bea63b8d7fef614c1b

SHA256
3fef3968790b04cf704ce800f2dca8827a39e86744a0c2d42b5054c8949cae58

SHA512
fb4f5d5aed5f4cd66ae59afa9ca672075244f600db3dc9a78233e79f076e6497508c222873ade418a1874e81fc7958531ba4f458499af0c37f4500b37cdca038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70ed5eda46f1f8a6be79dc75a5085f93

SHA1
e3e9474824a953ac07124ef7e123af7b3b1c5167

SHA256
59c301046a3a78bd7815a4b3b85eb2193e501bd4145201ce3c2a7d56b2cc9d1f

SHA512
9af9cb6f391da4b7c495797204218624f96a7c4359efe0b07f0e1b0a101d609fbe07c01e2ae655f8bb9462d1e74ae2be9b9c01f5cbb9c740d1143f0591b1fcfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18f799ad6c7721439a196de4ec382328

SHA1
1a2fc6ded3b0c8e5e0b04e0336b8d3c2b0ac0bb2

SHA256
c9a071ee0c33c454a226cb70c324521aab4c7fe32ea3a766998cd348a97c2d45

SHA512
2bb02ce16fbe21cce5b4e482dd06205f0d71a41c34720406912c2266a49fb9f2f373c8b8090dd5ff0af9ba15a8999f6d70ecbc8b2a9b177de927879d7fbf13ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6372e1b36606b3d9d0e894d4c9dcc44

SHA1
c661e35df8d0aaf32c9b8cbc488261fcd2be32e5

SHA256
03eff385f5297de8754d74a454b95b193965d4134726097c1aa871053a5eaef5

SHA512
a60b224952ad275c70aebe8a64c20190bcb07e9e7b9f270d4aa17b09a1b278a89109314eb9746e9f8df4d73fcd45d9a4cfbff853cb29861e0508500d69da0d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62a1d6b8ae0783d2a5ea016ba2206a53

SHA1
8445d9212f7a892e76d8a4841bb2a66dfe8a3a71

SHA256
51f22478b868e8442ddbb7cb7c5351edb2bd406e541c6f58fcd9c6d2c1bcb6e7

SHA512
05c040169561a405fa8166e872b5c85399d1bed8c7e91842354291ab470bb54c83c50a74bff7de9e5415342602cc87e383a95ad8f0c97019843d6d6189a947bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00b91f05d4a991fad4a327f333d39109

SHA1
c9c428557b517fe2b2c4669b690dcb505df9c7cc

SHA256
f66952ed285623466a750868510cca2b3befe146a75c2a68f81f60382cb72281

SHA512
8dfa5c1d50967fc5686cb4461c5f85ac875dcb56061cc374835e86e0ea4aecea4e582508c273847092b245f757079c0284e24f482e831ed1dea7133cdfb8d131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2dab7969e0a82116dff6ada49e2b315

SHA1
a8fab6720920c60bfae024bc4562e0f038c094ca

SHA256
ff1518c3112061f796476638f029e96d061ae778d0014aaa8bf22c4abee042d2

SHA512
4af91f5373403f01adc6440c0a78118d15b50efc1782917162e441e511e7573bf642f0b5d9a31a8bf8311058de8c2da840f7510a02f9414efe8167a8331df17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0e54e22d49ad54d00bfdc904d5bc9b88

SHA1
44a7b7b50975fef17d90576cb0ccf59ce32591fa

SHA256
3a2c0e810cebeaf7db9a7b7bc40012145e3856992713d53093893de64cc368b1

SHA512
7d505650ec3729a6908a41fdd926c580907e60bfbb6cbf3024c4946b7193291593055e3e3fe220af428c7692e6fdfc2e42ae15d4fde4fc0fd3924b1067011c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
80d8f1a637c05709fd413752f33359bc

SHA1
69974db9fd4485da6b5a27e78b52d91450222083

SHA256
6c483edbc153a5124a617c095a823e48966d5a2e7b5c143dc0eec23fcd929840

SHA512
b4efccd87f30ebcc398d30e6ca14bf8e76c9e3718f4a37d2ac3b2973f8bd1c20d2292b7d956edd6d28dd0e47eedf892a7439227d48cd62996fa1781ebe07638b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
442d1b10b2e5e06dc2c8a505f733448c

SHA1
41bc6ec0501d43aba7651e39bee8f4a23891cf53

SHA256
957ffe9e04c72542366aab7749bf64df724098752a5be76510c2aa6cf9bc6c8b

SHA512
18e1e14fcb4405b9018cff033474bf80fa8de694f2bc7aafa86678c6b1d0dbde4951f0f437b4eb80cf4760aa30dfa1f96a5ea61a9e9630261b2a4836fbaf8e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
914caada38187e31a5c223cacc32c6c1

SHA1
17077c81a94c454ebc4b99164c40f8b891b0185c

SHA256
8366f9a8b16b3a3d1bf057c348026ba91ea63b833a22396caf29661b8ceefac7

SHA512
2edd5f44ff227734c5f0f858340c418923c07f0a2196d119bde1d62374194533769302f4e55441377afe604b85b61701b4a2929100a9792f1fe804fd21c00209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
bfa5d91520be4f7787d1148725ee6a38

SHA1
3dcfb31caad18c9f554701ad3f0e0e406fa8d837

SHA256
6d102b75a81b85016ff1c5a5ad770102032bcf9c457b36ebc9c4200ed43808ac

SHA512
78db63012ea14b100507da12849c408a76b6bd1e998508a43cd123b48ea971464ab8d2243ea3813435cae560674813b9a91e978cea56c7683096b7d18b1d47de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
9065fab5d971fd50bf7cdfea10c9c8a5

SHA1
3ea7efb2de9cd774ed7a95e02baac353f4b3798a

SHA256
83e50c37cb95d4c47f4e765fc488a60576990849f2e4ba1b17d25222bf27176a

SHA512
3f61b7ab7599ed8e5b2a0fda966999e19bed34677968d866f9f93637950de141c9e0594ad8d463630c673414fc85de640ccf87b7242afa8e447f6fcc797a0143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
6554852a1ffa6bf08e511e532789ffd6

SHA1
8ff05caa3b21df460379d57d2fa3d396ca39179e

SHA256
1deca6062e96b7cdc1e494638dacad2699d7c181232d7fa29f109a126d49bb67

SHA512
0abd439eb786953ab5cda8b8c51d754627e16d760d99829a66a591d9a038c115e53814d8ec185686c7da60eecb06a00c3536aa782d156d857f222e56a8bbcf8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
159cce569e04c124bd7cfddfb879df9c

SHA1
6e619e51a4da695e1041f42a3a535a104ea61001

SHA256
bc17b48975cfc9958b8cfc1bb8c51b745d45a20709e4bf7f88da19b68a9f262c

SHA512
0508c1536125eea22064a1d39d2dc9771308021315b64502d7eae9b5a700d807a01305323565f3917ecb4139ade2c16962428fe5d58689c72dcbf5c175d6d0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
7e028c8b19f7bdc73f7534f3a0eaac17

SHA1
a1f3375b623b226eca9c14aeac999bee6ea8b0e5

SHA256
91b969d45a58e665ffb91ab7c69414dd2f06349eeabd5ce56a23fac4ee3b93d9

SHA512
17a0e49d10ed4aa96d13aa0c38f94a9d459577a63e19318abeaf9dd27368282cb91f6cd1ff61caa38f3479b8f2d3d01a5163ab69be2280df4de1e37a380ac9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9bfb45e464f029b27cd825568bc06765

SHA1
a4962b4fd45004732f071e16977522709ab0ce60

SHA256
ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139

SHA512
f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2a8f2ebc841509f7b978edf590d3cd

SHA1
91358152e27c0165334913228005540756c35bd3

SHA256
631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214

SHA512
e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\407f5324-6fb1-4806-8357-2b68e88bad9a.tmp

Filesize
7KB

MD5
8d13ff5efb05aa7c3dd854e83da92883

SHA1
7eb0a9e33aed3b31fb06ed8d03011dcc04926130

SHA256
c47ac40189bf2f59432d32b24d63dbb5937db88de3302c19dfb986665f4397df

SHA512
473f242dbd859a3b77f395361f42ff640692a334f57ffd16bbc865e637b92970eeedacc672759c1bba26e6c9e9fb3cd4405e5aa319a8a44bb499d3715077ee22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72d4f8372e1fbc6f8ea86fc396deb6bd

SHA1
9a1f0adffc50bb0d0d53ceb77a5d550947ecee55

SHA256
c9245b228c8993c95044be1d616d5de7b06283cf5b21cc615924f4f1c3a4cc9a

SHA512
bb501f1a9ea902aa0ea6b8c2f0156ca89f2e7b634aeb56a5004c924cace3e2a6bd2ea6e003fc5b12327ebcac8b792a6f7fc258e4c449c5bef061527f0c712ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d332d2c9f7b9e90279d048a298673b7e

SHA1
b948278d095eebb81d03fb4314578458ed19b14b

SHA256
c488f723b3179ce8194113c307ce62222c63a2e649890d283dced1cc027e4182

SHA512
6fc2a054645c9a7bf06607ce1622002d11e8574fcd1f02913d325636feb2f37e8b5cac688029aa3ef915745522c84766058c98b259f212d2e3a7ae06dd3894f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
826B

MD5
1901ceb496221df16382b38ae221d02e

SHA1
af8cf20bc89ff3ba075d25f2f76d0fe61588dd2b

SHA256
49a0159f0a7d810858f417cd2c4f2648602fd48c5947c0e006f3d31f15d1e6b2

SHA512
b21af06483a83adcd410a02152d647c5ba376f52ce78527ee67cc1f8084e67003ee27c93d35b0f4ddd72e1f6ad293fd3b03f37600824aa21cd1c276b852e0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
982B

MD5
30826fa0235a505ed289d9b1d66d61f2

SHA1
8fba1f69ea1407fff5b31114cd239647aa7331df

SHA256
a094fcabff31e2d97c81218e3958bf6b8832f779ab4e3751972cc868f831829f

SHA512
c20391c810fe9337330690a8ae43207a0610fad14b8cb19c131d35e614ff7bbcc39615ecd8d96f4d5e280227c030cb769792d3c340f5369182d610a63abf825f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
187b9e94404d000af09886cf68fe588a

SHA1
b63d58d2e13941d50019d5ead9be63204ad2ba37

SHA256
b23be3743b89dd9dd161a3b30e73df87e39de4fdb86b225d857a8901770ee4ff

SHA512
d9539b724f81a9e9a9b810fbb83bcc5c1ec5091f55743a64189891f49235f3dab6e5e37e19e606b10b4a8e33ab9277e20f27d35e9cac5444f4258cdc35eb0c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37eb6d125af0afe5186510c165764878

SHA1
969bb7199f3ce31f3bebdcf20287285086665984

SHA256
d55ba248d728a68cd4db091d3582da2bf6fe9ba139c0403ff72d07423e82b208

SHA512
103f84167ee0866e6cd1279c6f0509a35aec4cd52698ab8e1d55ca0ee4d7c8892c9a0d0f209c14e99055c2c05d83158726698415b32d5cc3d87f2436906cc75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44bed9e13673eefbf9a6cfc12ac57e88

SHA1
604fa39268e04492f6b435f64ca9b5cbb0ac404f

SHA256
0fab72caaf415893377b5b71cc2fb95c7c39feefcd1e630d5adf2735a51e7e3b

SHA512
0fbd970940d9a5f74c5b10da6919fead2d2a931fb06c623f70c137f8f076e7c1f12b7dde927183c9bf40c71936a1ff7aab8891f4be2ff38dc18f0b5ca5389888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7831ef90b719975ad04dde18aa1b2803

SHA1
616c5f134bbff45d2a5590c001003dac8863828e

SHA256
06bb1d099dbd96bae8afe399bfe9227bd6fd36dfeb7710771f22bcf1215ac361

SHA512
225ec080d18227f9f46e6a9dd7689cea55d152ce7e980978032438fbef955823575230bece2ca82bfca5ca089ad58eb47dcf46e786c395fb3a5a1238adccbbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b0eaa0ee2cf700a751a5b419f48a7ee

SHA1
10438f6f36a1c4fb4063dc92e3012312dee9ab97

SHA256
56b67be87eac1d3dcecd436dd4f00d9bd387e87376e6d483ec9a44aa637587ab

SHA512
809a2c32707efa1cb7f96246a8900642385a9caaac66c2758cc06a2a631ce2d98e84d6bab971e668ca327cf2f75a9dcc8e907a15f48bfe3c1f44d65c4917a5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e3e04098cb112af31083408f1da9addd

SHA1
77b58323cc12d7417f570b58836c5f863df894c9

SHA256
c32ec3370c01f997ce1e416df29fe7fa7d727d7e73ae3d7ff60b5a4513cc87e7

SHA512
ae7ca05e7daa44ec2b1570cc9f02c8e9f005dcafaa98a89618f4f0eaa71b2f7c9413aa95cc09ee3731cbf18f670a5ab90498cece188f520f2c3a98af75ee31b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fc6a33314f9dc7f22f0a390eb2b0aa7

SHA1
dbb98d01c6e7cdac6a11e7fddec213085c44c5c3

SHA256
9f4a593f47b8330fc167491ff347f25235d7a425b6678220e425317ca01a70db

SHA512
122e042a4965bdb4170b2a6e04d232c5917e77c6a571edbb87dd7c5a82db6b608862156c13f325a199bf94ca623cfb5b39ceb2d4ab0b4ddc104a69fb7675c949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b57fdb9915b7e34c0195a950a65cd4c1

SHA1
434ea866b00c2e0d8662b3d1fd3037df845b4515

SHA256
33295a026ec9d30fa498b2ee7882f9e83ce3b39e4846991e202ec0757b90b5f6

SHA512
58a46060869f5684dcc62b61ba86f7d05779c6198d68dd8e644980592af8f8c23f99b8600cce259d851e486fabb724f8d560a579f948d956ea1c9a443184cd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
919b763b6ecce1aeb283f094c1e8b984

SHA1
fe583af3b46bde888ef16bc7385e780cc950165c

SHA256
eb4af0b8470b1252d711d2be6633eff5dd4a136ed28991e5531ad7f738235550

SHA512
24bf14310b4f06285fe65257931b9c19124a6110de5b2f370b17bef275b6b5e980dbc2d54d8aa47a9ca1ec82afe6e4b7e9c8aa24123ced1a9ebd38f7a3d46c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581fb8.TMP

Filesize
1KB

MD5
335ee2906020fb9288e05dae1b24f54a

SHA1
ac78dcd598da6cb3abec16211571ee88e0ec862b

SHA256
fd76fd5042acc6087db053b95aca0c97ab424db2eaf0abba0b3224e63675bf5d

SHA512
23c55e490a973276b6adedf07f50e31e6bed367a9a0f35ffffc8b05e4ca71e6cab6c65b9b7f6ceed2a118202938eb07aeee7f3fe9e07e379cdad987cd613ec8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3684cd95fe36e4f010199b938e9c05ee

SHA1
9b0c74d0254cce579f41481614d2706eeee03677

SHA256
d8ea03de67e21f7cbb0e3ee9a37e92b6653cd410945cddcb07edf77629cdb308

SHA512
8bae20b789388cb073a782a082b3ac930832c770588f655ca7b4ad15163aa7aca4fbfe3c35bfe3d204a360d62e0088f5ebe99bc449980239f98f2f9dc919155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
769afaceb1c694595ab9ade4cf1113b5

SHA1
db701c2fe2dd539b8ba0e0bedb4177020bdf279b

SHA256
50d0e88259fabb59e93db32bb68a63e74a9d690c06924e8845aa64af7b876cbe

SHA512
ba5c8994d5c245168b0d3b355ed5bf173680dedcd6142c124689f0f0534cc264e29a709fde447dcc899dd1d5aa0693e9f076202d848280bd16bd138648dcc036

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133828076126449200.txt

Filesize
72KB

MD5
13545d26442654a830a9929313117919

SHA1
c03b1b56309892513e7495d5bb13f0088b6a073a

SHA256
72ee5e82acff91237111173e5c8e613e48a6cf80e3eb6dc5bc066567682d879e

SHA512
47288a090aedc5a1503e9090a3fcc4e15daf90b4c739c1cf48988271223b5e44f1ac94178edbbb1888c425fc9bcb955d5ddf86f412b9b74f76965a3fc43be579

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\HAHTGDAQH-MANUAL.txt.C27A447C2F047155427C6A3339E82687300F460C82B58BB653B569108071FA3C

Filesize
8KB

MD5
443df8f5a5f57a240735c07ad03e1ea2

SHA1
9c47a6fa6337e0e365bb0570b7d34462b7f883db

SHA256
269b5da210fe0d607c46f707fdbb65aeee014d039f8dc7bb25b131c5ddbbc255

SHA512
7cab7545f80b4b008acc52d7d23967b2ba0c6b81d3dffd5cfcff763d065264a29adad7460c76e356cee295975a4f057aae0a5de55746282a8dfafb629e8694d9

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\DeriaLock.exe

Filesize
484KB

MD5
0a7b70efba0aa93d4bc0857b87ac2fcb

SHA1
01a6c963b2f5f36ff21a1043587dcf921ae5f5cd

SHA256
4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309

SHA512
2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

Download Submit
C:\Users\Admin\Downloads\Fantom.exe

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
C:\Users\Admin\Downloads\GandCrab.exe

Filesize
291KB

MD5
e6b43b1028b6000009253344632e69c4

SHA1
e536b70e3ffe309f7ae59918da471d7bf4cadd1c

SHA256
bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a

SHA512
07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.exe

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Krotten.exe

Filesize
53KB

MD5
87ccd6f4ec0e6b706d65550f90b0e3c7

SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f

SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.exe

Filesize
1.4MB

MD5
63210f8f1dde6c40a7f3643ccf0ff313

SHA1
57edd72391d710d71bead504d44389d0462ccec9

SHA256
2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

SHA512
87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 94607.crdownload

Filesize
11.5MB

MD5
928e37519022745490d1af1ce6f336f7

SHA1
b7840242393013f2c4c136ac7407e332be075702

SHA256
6fb303dd8ba36381948127d44bd8541e4a1ab8af07b46526ace08458f2498850

SHA512
8040195ab2b2e15c9d5ffa13a47a61c709738d1cf5e2108e848fedf3408e5bad5f2fc5f523f170f6a80cb33a4f5612d3d60dd343d028e55cfc08cd2f6ed2947c

Download Submit
C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe

Filesize
1.6MB

MD5
8add121fa398ebf83e8b5db8f17b45e0

SHA1
c8107e5c5e20349a39d32f424668139a36e6cfd0

SHA256
35c4a6c1474eb870eec901cef823cc4931919a4e963c432ce9efbb30c2d8a413

SHA512
8f81c4552ff561eea9802e5319adcd6c7e5bdd1dc4c91e56fda6bdc9b7e8167b222500a0aee5cf27b0345d1c19ac9fa95ae4fd58d4c359a5232bcf86f03d2273

Download Submit
C:\Users\Admin\Downloads\ac\kxouahgnhvrvvyewy.sys

Filesize
674KB

MD5
b2233d1efb0b7a897ea477a66cd08227

SHA1
835a198a11c9d106fc6aabe26b9b3e59f6ec68fd

SHA256
5fd17e3b8827b5bb515343bc4066be0814f6466fb4294501becac284a378c0da

SHA512
6ca61854db877d767ce587ac3d7526cda8254d937a159fd985e0475d062d07ae83e7ff4f9f42c7e1e1cad5e1f408f6849866aa4e9e48b29d80510e5c695cee37

Download Submit
C:\Users\Admin\Downloads\ac\mssql.exe

Filesize
10.2MB

MD5
f6a3d38aa0ae08c3294d6ed26266693f

SHA1
9ced15d08ffddb01db3912d8af14fb6cc91773f2

SHA256
c522e0b5332cac67cde8fc84080db3b8f2e0fe85f178d788e38b35bbe4d464ad

SHA512
814b1130a078dcb6ec59dbfe657724e36aa3db64ed9b2f93d8559b6a50e512365c8596240174141d6977b5ddcf7f281add7886c456dc7463c97f432507e73515

Download Submit
C:\Users\Admin\Downloads\ac\mssql2.exe

Filesize
6.7MB

MD5
f7d94750703f0c1ddd1edd36f6d0371d

SHA1
cc9b95e5952e1c870f7be55d3c77020e56c34b57

SHA256
659e441cadd42399fc286b92bbc456ff2e9ecb24984c0586acf83d73c772b45d

SHA512
af0ced00dc6eeaf6fb3336d9b3abcc199fb42561b8ce24ff2e6199966ad539bc2387ba83a4838301594e50e36844796e96c30a9aa9ad5f03cf06860f3f44e0fa

Download Submit
C:\Users\Admin\Downloads\ac\nc123.exe

Filesize
125KB

MD5
597de376b1f80c06d501415dd973dcec

SHA1
629c9649ced38fd815124221b80c9d9c59a85e74

SHA256
f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446

SHA512
072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b

Download Submit
C:\Users\Admin\Downloads\cmd_blast.c

Filesize
185B

MD5
a8e49a824fa5815f13050be7d433cb27

SHA1
3c7419d460fb1132925b496d621edcbb411e036f

SHA256
3ae95095919dae09ecb8249a9cbf6abf8614a13443bb9fdf6f9ddea7a840b66a

SHA512
49d62810ffa60586132d15b2ddd0b560e2746bc7786c51e4c05e4d6ab7669c8eb86665a3bd38939b626569bb37bbdd04f80f27410763e267a7801cae3ab4182a

Download Submit
C:\Users\Admin\Downloads\virus16 (1).bat

Filesize
143B

MD5
26d4dd56b32b51fd02151df50f6e49f1

SHA1
6eda36cfb7a262da5f62d14f45a0d96a75a1ff58

SHA256
aba24b1c120416c8e8dcc3643c80118302d08fcd7fcaaa77a2ae8e811c7cbb38

SHA512
a34854e6e159bfdf0a18f95af4baeec84fdeeb0fa3f25ddc2a1771cef112aa11f2f3e09ac92c25e22c9b5ecf00009d246abd3dc41b23935290622b998bf81bf9

Download Submit
C:\g6QpgrhJDdQZeF0\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
956b6433ca005ea8fc575acca2ca2ac2

SHA1
b01cacb6a6c51c460cc7ccb2739301cee7bfe07a

SHA256
e82ae803e150d4d590c8f8e459c297bb388df6deac5647d45faeba4a7b41c7d3

SHA512
4c1a367bff8c8666f3a332b96a0811ad72898f1d236db86ac172d2ab56bb338d89cc0679ce3e01dbc483e73036adcda0de68852275689a838e691316ab863867

Download Submit
memory/544-3368-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/544-2153-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/1212-1752-0x000001A319F30000-0x000001A319F4E000-memory.dmp

Filesize
120KB

Download
memory/5448-1970-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1948-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-2000-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1976-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1968-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1974-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1992-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1990-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1988-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1966-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1964-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-2002-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-2004-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1962-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1961-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1944-0x0000000004930000-0x0000000004962000-memory.dmp

Filesize
200KB

Download
memory/5448-1943-0x0000000004900000-0x0000000004932000-memory.dmp

Filesize
200KB

Download
memory/5448-1986-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1998-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1958-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-2008-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1980-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-6320-0x00000000055E0000-0x00000000055EE000-memory.dmp

Filesize
56KB

Download
memory/5448-1956-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-2006-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1982-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1954-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1952-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1984-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1972-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1978-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1994-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1945-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1946-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1996-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5448-1950-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/5452-6288-0x0000000007D40000-0x0000000007DA6000-memory.dmp

Filesize
408KB

Download
memory/5452-2070-0x0000000005160000-0x000000000516A000-memory.dmp

Filesize
40KB

Download
memory/5452-2071-0x00000000053F0000-0x0000000005446000-memory.dmp

Filesize
344KB

Download
memory/5452-1942-0x00000000051D0000-0x0000000005262000-memory.dmp

Filesize
584KB

Download
memory/5452-1939-0x0000000005070000-0x000000000510C000-memory.dmp

Filesize
624KB

Download
memory/5452-1938-0x00000000007E0000-0x000000000081C000-memory.dmp

Filesize
240KB

Download
memory/5476-1941-0x00000000054D0000-0x0000000005A74000-memory.dmp

Filesize
5.6MB

Download
memory/5476-1940-0x0000000000540000-0x00000000005C2000-memory.dmp

Filesize
520KB

Download
memory/5632-6330-0x0000000000A10000-0x0000000000A1C000-memory.dmp

Filesize
48KB

Download
memory/6004-1782-0x00000252B8150000-0x00000252B8A64000-memory.dmp

Filesize
9.1MB

Download