hxxp://linkvertise[.]com

Analysis

max time kernel
480s
max time network
460s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2023, 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://linkvertise.com

Score

8^/10

bootkit persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Sunset.exe

Executes dropped EXE 12 IoCs

pid	Process
6056	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
2112	OperaSetup.exe
1692	OperaSetup.exe
5252	OperaSetup.exe
4348	OperaSetup.exe
4284	OperaSetup.exe
1828	Assistant_98.0.4759.6_Setup.exe_sfx.exe
5616	assistant_installer.exe
664	assistant_installer.exe
5928	Sunset.exe
1356	VAC-Bypass-Loader.exe

Loads dropped DLL 13 IoCs

pid	Process
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
2112	OperaSetup.exe
1692	OperaSetup.exe
5252	OperaSetup.exe
4348	OperaSetup.exe
4284	OperaSetup.exe
5616	assistant_installer.exe
5616	assistant_installer.exe
664	assistant_installer.exe
664	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00060000000233c8-1758.dat	upx
behavioral1/files/0x00060000000233c8-1766.dat	upx
behavioral1/files/0x00060000000233c8-1767.dat	upx
behavioral1/memory/2112-1773-0x00000000006C0000-0x0000000000BCE000-memory.dmp	upx
behavioral1/files/0x00060000000233c8-1774.dat	upx
behavioral1/files/0x00060000000233d6-1789.dat	upx
behavioral1/memory/1692-1783-0x00000000006C0000-0x0000000000BCE000-memory.dmp	upx
behavioral1/files/0x00060000000233d6-1790.dat	upx
behavioral1/memory/5252-1852-0x0000000000DE0000-0x00000000012EE000-memory.dmp	upx
behavioral1/files/0x00060000000233c8-1939.dat	upx
behavioral1/files/0x00060000000233c8-1944.dat	upx
behavioral1/memory/4348-1962-0x00000000006C0000-0x0000000000BCE000-memory.dmp	upx
behavioral1/memory/4284-1966-0x00000000006C0000-0x0000000000BCE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.61.4_0\manifest.json	chrome.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ecda39e6-23c3-4ceb-b19a-256448702fdc.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230516091001.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287016629012733"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{15D88DFF-55C5-4650-A294-70851B4F5156}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{10C42ACE-3252-41A0-92C2-8B8E6C7E9793}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{7E76C304-E6A0-4489-994A-976FBD0DF7CF}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{2F288257-5F16-4419-8BEC-9D08D2B89634}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{0442D2CA-5D40-44C4-80B5-E55EB0FBA678}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	304	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
1820	chrome.exe
1820	chrome.exe
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
3588	msedge.exe
3588	msedge.exe
3780	msedge.exe
3780	msedge.exe
2088	identity_helper.exe
2088	identity_helper.exe
5500	msedge.exe
5500	msedge.exe
5928	Sunset.exe
3220	msedge.exe
3220	msedge.exe
1684	msedge.exe
1684	msedge.exe
1896	msedge.exe
1896	msedge.exe
968	identity_helper.exe
968	identity_helper.exe
5844	chrome.exe
5844	chrome.exe
4404	MEMZ.exe
4404	MEMZ.exe
3968	MEMZ.exe
3968	MEMZ.exe
4404	MEMZ.exe
4404	MEMZ.exe
232	MEMZ.exe
232	MEMZ.exe
5412	MEMZ.exe
5412	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
232	MEMZ.exe
232	MEMZ.exe
3968	MEMZ.exe
3968	MEMZ.exe
4404	MEMZ.exe
4404	MEMZ.exe
3968	MEMZ.exe
3968	MEMZ.exe
232	MEMZ.exe
232	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
5412	MEMZ.exe
5412	MEMZ.exe
232	MEMZ.exe
232	MEMZ.exe
3968	MEMZ.exe
3968	MEMZ.exe
4404	MEMZ.exe
4404	MEMZ.exe
5412	MEMZ.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
3332	SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
4936	chrome.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
1112	7zG.exe
1684	msedge.exe
5928	Sunset.exe
5928	Sunset.exe
1684	msedge.exe
5928	Sunset.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
5928	Sunset.exe
5928	Sunset.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
3884	OpenWith.exe
4524	OpenWith.exe
3572	OpenWith.exe
3416	MEMZ.exe
4404	MEMZ.exe
3968	MEMZ.exe
4816	MEMZ.exe
5412	MEMZ.exe
232	MEMZ.exe
5312	MEMZ.exe
4820	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4360	4936	chrome.exe	82
PID 4936 wrote to memory of 4360	4936	chrome.exe	82
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 3728	4936	chrome.exe	83
PID 4936 wrote to memory of 632	4936	chrome.exe	84
PID 4936 wrote to memory of 632	4936	chrome.exe	84
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85
PID 4936 wrote to memory of 4212	4936	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://linkvertise.com
1⤵
- Adds Run key to start application
- Drops Chrome extension
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fae59758,0x7ff8fae59768,0x7ff8fae59778
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3468 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5220 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2820 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1780 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6568 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6512 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6528 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6824 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6804 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4688 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5760 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6696 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6484 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5176 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6212 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4688 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6720 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 --field-trial-handle=1804,i,2867241753926067548,11270445077850793174,131072 /prefetch:8
  2⤵
  PID:1512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5740

C:\Users\Admin\Downloads\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe
"C:\Users\Admin\Downloads\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe"
1⤵
- Executes dropped EXE
PID:6056
- C:\Users\Admin\AppData\Local\Temp\is-K4HIH.tmp\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K4HIH.tmp\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp" /SL5="$30264,10377886,1235456,C:\Users\Admin\Downloads\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3332
- - C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies system certificate store
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x7217c398,0x7217c3a8,0x7217c3b4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2112 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230516090939" --session-guid=39468065-bb7b-435a-84e7-e61ffafe45a1 --server-tracking-blob=YmY4YjdjMzRkZDNmMTQwMDdiMjhlZDgxMjNmYjUyMzViZDZmZmVmMTVlNGUzYzg0ZDBkZmFmYjUzZTEyOGE3ODp7ImNvdW50cnkiOiJJTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFpcyZ1dG1fbWVkaXVtPWFwYiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MjQwNjc0OS41OTA1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMi4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3X2IiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6Ijk4MjVlYmU2LTRhYTItNDRmOS1iYTM5LTRkMjNlNmE1MDVhNiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C05000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x7122c398,0x7122c3a8,0x7122c3b4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\Assistant_98.0.4759.6_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\Assistant_98.0.4759.6_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x3b9b08,0x3b9b18,0x3b9b24
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://anonym.ninja/download/WzIR1Z6cNxOn1NB
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8fb8046f8,0x7ff8fb804708,0x7ff8fb804718
      4⤵
      PID:3732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:3344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
      4⤵
      PID:5640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
      4⤵
      PID:32
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
      4⤵
      PID:6052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:2120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
      4⤵
      PID:1736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
      4⤵
      PID:3372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
      4⤵
      PID:2124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:3428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7dbc05460,0x7ff7dbc05470,0x7ff7dbc05480
        5⤵
        
        PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
      4⤵
      PID:3288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
      4⤵
      PID:4700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
      4⤵
      PID:6036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
      4⤵
      PID:216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6568 /prefetch:8
      4⤵
      PID:1892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
      4⤵
      PID:4460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,11378134639010471448,14386365008988731249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x2f8
1⤵
PID:1276

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_16-05-2023_WzIR1Z6cNxOn1NB.zip\README.txt
1⤵
PID:2760

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\16-05-2023_WzIR1Z6cNxOn1NB\" -spe -an -ai#7zMap30676:114:7zEvent22189
1⤵
- Suspicious use of FindShellTrayWindow
PID:1112

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\16-05-2023_WzIR1Z6cNxOn1NB\README.txt
1⤵
PID:5728

C:\Users\Admin\Downloads\16-05-2023_WzIR1Z6cNxOn1NB\Sunset.exe
"C:\Users\Admin\Downloads\16-05-2023_WzIR1Z6cNxOn1NB\Sunset.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/gsx4Yv7gGW
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8fb8046f8,0x7ff8fb804708,0x7ff8fb804718
    3⤵
    PID:2916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:5624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4068 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4332 /prefetch:8
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
    3⤵
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
    3⤵
    PID:5896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,16451425214248143411,2164163173289577259,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:1908
- C:\Users\Admin\Documents\SazInjector\bin\VAC-Bypass-Loader.exe
  "C:\Users\Admin\Documents\SazInjector\bin\VAC-Bypass-Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:1356

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5496

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8fae59758,0x7ff8fae59768,0x7ff8fae59778
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4840 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5308 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4508 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3912 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=2064,i,239131980225257260,595305635094271828,131072 /prefetch:8
  2⤵
  PID:3296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5896

C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3416
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4404
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3968
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4816
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5412
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:232
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:5312
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:3408

C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4820
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:6084
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:3140
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:5492
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:2724
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:5296
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /main
  2⤵
  PID:1136
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4036

C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
1⤵
PID:3328
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:4564
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:2092
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:5112
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:1928
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  PID:5624
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /main
  2⤵
  PID:5100
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:5644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
31KB

MD5
fed3d68b22d0ef689a7f907c315856df

SHA1
0e252acb80bdd8eb10bd2c97b7be16f757ec9f15

SHA256
815e57b75717101162540f7e6139564d1f10ddd36f37096eb4e35b2845d7c63a

SHA512
145ac1e8ed1e72fd2840f6b3d86e898287f2705d1eee860d4e8349cb2ff9a48c251e90095b5978bd29fa145a0ae7d30ca9eea21fa2e2e5287fcf82bbff47438b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
48KB

MD5
ec5d553ed1c592ef6c64daaa94194358

SHA1
647f0de2ba6b511ceab755fbfb84a0cdf5d0ac6e

SHA256
47825a900e347c3ebe2ed17dba529d293ca8a3016faaad7ac8b3850df2fcf9f0

SHA512
2bd6127cb4ac72949bd136cd47b9646533e9bf224846a5cf7f3390d22b2d4c16873d12d6079e333e62a74c5e163842547cea631e12e7dd610cbfb39c908f999c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
162KB

MD5
475f3b2f4b6829f089f959d8291c69ab

SHA1
10cfe4b0bad5e7fc4c1bd4c4f79f9cc32ed93c99

SHA256
4f40a7d3b7ddf8e77c9b9556b37cdbc062bda1e20757b4c709adcd3ee624b219

SHA512
fb2b2fb4b86dac393e35c42e66e327af699fa1c6baefdeb4ce9f95298990faed0ad556475d16ba6ad31868412f6179d996cff7c15329f4ef92778be592e9d712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9bb5bbf27376bcb50e2246a4c119b1a5

SHA1
bacc335c8500cc233dbd7a52cef0393765b8c39e

SHA256
fcf89fd9a859de74a46d7fdc31856ba0db7c9e958c8edafbca27bb24b03f6587

SHA512
7b964cc67fd9adc0137dbfdfb964d3d5720f079acacd1915a2ee49ba5d83f4107b43ce937099ae926b2452cc3c6e8185bc915efa43216fec9e5f2d3d08a266bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7b5b919c25b3fb98f913e94c55de3eeb

SHA1
3f5aedd1a78d679d755c52770e705164cebb19cd

SHA256
f0c785f1decd35390c625cc09adfc97c265fb428c0d89b6556c97ee8563f2c54

SHA512
3f0fe1c728a1b37a5971adf9b95c35c41424bfbad9dd77bd7d1c946b69247c315dc3f597729db746141db081b48d79d0451298987116cc15ca2ae8c5a0fc37c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
af6f191014145c30d21daa25422aba4a

SHA1
dec3d9dc0496b8cc215188c3612633b5933bc7ed

SHA256
9fd213c1cdd030d39d259365745c74e1e319116e28d1daa907eaf89aaac6c010

SHA512
a751ecb925144d71cbcd85c2bf88d8159a2246b8e395b0fcabc1a676c1db3b49caa043e80ba5dc28de13eaff8356e3d987fe5fdd22813aa05559960bed8368cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
16947a7810f0c4ee75ae0706124bc7ec

SHA1
c884645247f74568db2aa5c348397f1a366682c5

SHA256
7410e3929d0ac8d4503dfd0748254f1e319d1a2c01e64c281df6a5e8a8943d12

SHA512
935ce72136195b014dc45350a22b285e46b6520316ef408b0a8dffe98ad078bb4f712d13c4f7b025ea5ff30868db8404ba766dbf184ef281af2e15d6053b218b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b133afc03b577d6ee3bf973ca4920082

SHA1
7ee5f3fe9d3da910709f081e32ad375c5c31885a

SHA256
72cf2e0ebc1cab2301df45254670f753fb19b0167493db70819ad82499d93718

SHA512
f6fb49fb58982a9a86124dc1ecbefc15a247aece684699c344d8226f2f2300f85b7f64823735ecab16adb9ecdc6c177e25f1421276bd9e671e8d5f740eca442c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\128.png

Filesize
4KB

MD5
913064adaaa4c4fa2a9d011b66b33183

SHA1
99ea751ac2597a080706c690612aeeee43161fc1

SHA256
afb4ce8882ef7ae80976eba7d87f6e07fcddc8e9e84747e8d747d1e996dea8eb

SHA512
162bf69b1ad5122c6154c111816e4b87a8222e6994a72743ed5382d571d293e1467a2ed2fc6cc27789b644943cf617a56da530b6a6142680c5b2497579a632b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\af\messages.json

Filesize
908B

MD5
12403ebcce3ae8287a9e823c0256d205

SHA1
c82d43c501fae24bfe05db8b8f95ed1c9ac54037

SHA256
b40bde5b612cfff936370b32fb0c58cc205fc89937729504c6c0b527b60e2cba

SHA512
153401ecdb13086d2f65f9b9f20acb3cefe5e2aeff1c31ba021be35bf08ab0634812c33d1d34da270e5693a8048fc5e2085e30974f6a703f75ea1622a0ca0ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
cc785a90811435bc9d87d1ba1966b9bf

SHA1
3d56356434cec87a1eea756ff376e08591bfbc14

SHA256
4e85b78853a4690f3079e0645c0debaaa5b3fa82b6ced27163ecbaddac5f8040

SHA512
27fcdb5e65bca356668ce033c9006df7e46dc25aba3f108691e47bf37894db0a351412042f3068c6a25b636a0a3761cbacf42829f3fb47b1a034b2cc3cb857ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ar\messages.json

Filesize
1KB

MD5
3ec93ea8f8422fda079f8e5b3f386a73

SHA1
24640131ccfb21d9bc3373c0661da02d50350c15

SHA256
abd0919121956ab535e6a235de67764f46cfc944071fcf2302148f5fb0e8c65a

SHA512
f40e879f85bc9b8120a9b7357ed44c22c075bf065f45bea42bd5316af929cbd035d5d6c35734e454aef5b79d378e51a77a71fa23f9ebd0b3754159718fceb95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\az\messages.json

Filesize
977B

MD5
9a798fd298008074e59ecc253e2f2933

SHA1
1e93da985e880f3d3350fc94f5ccc498efc8c813

SHA256
628145f4281fa825d75f1e332998904466abd050e8b0dc8bb9b6a20488d78a66

SHA512
9094480379f5ab711b3c32c55fd162290cb0031644ea09a145e2ef315da12f2e55369d824af218c3a7c37dd9a276aeec127d8b3627d3ab45a14b0191ed2bbe70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\be\messages.json

Filesize
3KB

MD5
68884dfda320b85f9fc5244c2dd00568

SHA1
fd9c01e03320560cbbb91dc3d1917c96d792a549

SHA256
ddf16859a15f3eb3334d6241975ca3988ac3eafc3d96452ac3a4afd3644c8550

SHA512
7ff0fbd555b1f9a9a4e36b745cbfcad47b33024664f0d99e8c080be541420d1955d35d04b5e973c07725573e592cd0dd84fdbb867c63482baff6929ada27ccde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\bg\messages.json

Filesize
1KB

MD5
2e6423f38e148ac5a5a041b1d5989cc0

SHA1
88966ffe39510c06cd9f710dfac8545672ffdceb

SHA256
ac4a8b5b7c0b0dd1c07910f30dcfbdf1bcb701cfcfd182b6153fd3911d566c0e

SHA512
891fcdc6f07337970518322c69c6026896dd3588f41f1e6c8a1d91204412cae01808f87f9f2dea1754458d70f51c3cef5f12a9e3fc011165a42b0844c75ec683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\bn\messages.json

Filesize
1KB

MD5
651375c6af22e2bcd228347a45e3c2c9

SHA1
109ac3a912326171d77869854d7300385f6e628c

SHA256
1dbf38e425c5c7fc39e8077a837df0443692463ba1fbe94e288ab5a93242c46e

SHA512
958aa7cf645fab991f2eca0937ba734861b373fb1c8bcc001599be57c65e0917f7833a971d93a7a6423c5f54a4839d3a4d5f100c26efa0d2a068516953989f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ca\messages.json

Filesize
930B

MD5
d177261ffe5f8ab4b3796d26835f8331

SHA1
4be708e2ffe0f018ac183003b74353ad646c1657

SHA256
d6e65238187a430ff29d4c10cf1c46b3f0fa4b91a5900a17c5dfd16e67ffc9bd

SHA512
e7d730304aed78c0f4a78dadbf835a22b3d8114fb41d67b2b26f4fe938b572763d3e127b7c1c81ebe7d538da976a7a1e7adc40f918f88afadea2201ae8ab47d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\cs\messages.json

Filesize
913B

MD5
ccb00c63e4814f7c46b06e4a142f2de9

SHA1
860936b2a500ce09498b07a457e0cca6b69c5c23

SHA256
21ae66ce537095408d21670585ad12599b0f575ff2cb3ee34e3a48f8cc71cfab

SHA512
35839dac6c985a6ca11c1bff5b8b5e59db501fcb91298e2c41cb0816b6101bf322445b249eaea0cef38f76d73a4e198f2b6e25eea8d8a94ea6007d386d4f1055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\cy\messages.json

Filesize
806B

MD5
a86407c6f20818972b80b9384acfbbed

SHA1
d1531cd0701371e95d2a6bb5edcb79b949d65e7c

SHA256
a482663292a913b02a9cde4635c7c92270bf3c8726fd274475dc2c490019a7c9

SHA512
d9fbf675514a890e9656f83572208830c6d977e34d5744c298a012515bc7eb5a17726add0d9078501393babd65387c4f4d3ac0cc0f7c60c72e09f336dca88de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\da\messages.json

Filesize
883B

MD5
b922f7fd0e8ccac31b411fc26542c5ba

SHA1
2d25e153983e311e44a3a348b7d97af9aad21a30

SHA256
48847d57c75af51a44cbf8f7ef1a4496c2007e58ed56d340724fda1604ff9195

SHA512
ad0954deeb17af04858dd5ec3d3b3da12dff7a666af4061deb6fd492992d95db3baf751ab6a59bec7ab22117103a93496e07632c2fc724623bb3acf2ca6093f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\de\messages.json

Filesize
1KB

MD5
d116453277cc860d196887cec6432ffe

SHA1
0ae00288fde696795cc62fd36eabc507ab6f4ea4

SHA256
36ac525fa6e28f18572d71d75293970e0e1ead68f358c20da4fdc643eea2c1c5

SHA512
c788c3202a27ec220e3232ae25e3c855f3fdb8f124848f46a3d89510c564641a2dfea86d5014cea20d3d2d3c1405c96dbeb7ccad910d65c55a32fdca8a33fdd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\el\messages.json

Filesize
1KB

MD5
9aba4337c670c6349ba38fddc27c2106

SHA1
1fc33be9ab4ad99216629bc89fbb30e7aa42b812

SHA256
37ca6ab271d6e7c9b00b846fdb969811c9ce7864a85b5714027050795ea24f00

SHA512
8564f93ad8485c06034a89421ce74a4e719bbac865e33a7ed0b87baa80b7f7e54b240266f2edb595df4e6816144428db8be18a4252cbdcc1e37b9ecc9f9d7897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
848B

MD5
3734d498fb377cf5e4e2508b8131c0fa

SHA1
aa23e39bfe526b5e3379de04e00eacba89c55ade

SHA256
ab5cda04013dce0195e80af714fbf3a67675283768ffd062cf3cf16edb49f5d4

SHA512
56d9c792954214b0de56558983f7eb7805ac330af00e944e734340be41c68e5dd03eddb17a63bc2ab99bdd9be1f2e2da5be8ba7c43d938a67151082a9041c7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\es\messages.json

Filesize
961B

MD5
f61916a206ac0e971cdcb63b29e580e3

SHA1
994b8c985dc1e161655d6e553146fb84d0030619

SHA256
2008f4faab71ab8c76a5d8811ad40102c380b6b929ce0bce9c378a7cadfc05eb

SHA512
d9c63b2f99015355aca04d74a27fd6b81170750c4b4be7293390dc81ef4cd920ee9184b05c61dc8979b6c2783528949a4ae7180dbf460a2620dbb0d3fd7a05cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\es_419\messages.json

Filesize
959B

MD5
535331f8fb98894877811b14994fea9d

SHA1
42475e6afb6a8ae41e2fc2b9949189ef9bbe09fb

SHA256
90a560ff82605db7eda26c90331650ff9e42c0b596cedb79b23598dec1b4988f

SHA512
2ce9c69e901ab5f766e6cfc1e592e1af5a07aa78d154ccbb7898519a12e6b42a21c5052a86783abe3e7a05043d4bd41b28960feddb30169ff7f7fe7208c8cfe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\et\messages.json

Filesize
968B

MD5
64204786e7a7c1ed9c241f1c59b81007

SHA1
586528e87cd670249a44fb9c54b1796e40cdb794

SHA256
cc31b877238da6c1d51d9a6155fde565727a1956572f466c387b7e41c4923a29

SHA512
44fcf93f3fb10a3db68d74f9453995995ab2d16863ec89779db451a4d90f19743b8f51095eec3ecef5bd0c5c60d1bf3dfb0d64df288dccfbe70c129ae350b2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\eu\messages.json

Filesize
838B

MD5
29a1da4acb4c9d04f080bb101e204e93

SHA1
2d0e4587ddd4bac1c90e79a88af3bd2c140b53b1

SHA256
a41670d52423ba69c7a65e7e153e7b9994e8dd0370c584bda0714bd61c49c578

SHA512
b7b7a5a0aa8f6724b0fa15d65f25286d9c66873f03080cbaba037bdeea6aadc678ac4f083bc52c2db01beb1b41a755ed67bbddb9c0fe4e35a004537a3f7fc458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\fa\messages.json

Filesize
1KB

MD5
097f3ba8de41a0aaf436c783dcfe7ef3

SHA1
986b8cabd794e08c7ad41f0f35c93e4824ac84df

SHA256
7c4c09d19ac4da30cc0f7f521825f44c4dfbc19482a127fbfb2b74b3468f48f1

SHA512
8114ea7422e3b20ae3f08a3a64a6ffe1517a7579a3243919b8f789eb52c68d6f5a591f7b4d16cee4bd337ff4daf4057d81695732e5f7d9e761d04f859359fadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\fi\messages.json

Filesize
911B

MD5
b38cbd6c2c5bfaa6ee252d573a0b12a1

SHA1
2e490d5a4942d2455c3e751f96bd9960f93c4b60

SHA256
2d752a5dbe80e34ea9a18c958b4c754f3bc10d63279484e4df5880b8fd1894d2

SHA512
6e65207f4d8212736059cc802c6a7104e71a9cc0935e07bd13d17ec46ea26d10bc87ad923cd84d78781e4f93231a11cb9ed8d3558877b6b0d52c07cb005f1c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\fil\messages.json

Filesize
939B

MD5
fcea43d62605860fff41be26bad80169

SHA1
f25c2ce893d65666cc46ea267e3d1aa080a25f5b

SHA256
f51eeb7aaf5f2103c1043d520e5a4de0fa75e4dc375e23a2c2c4afd4d9293a72

SHA512
f66f113a26e5bcf54b9aafa69dae3c02c9c59bd5b9a05f829c92af208c06dc8ccc7a1875cbb7b7ce425899e4ba27bfe8ce2cdaf43a00a1b9f95149e855989ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\fr\messages.json

Filesize
977B

MD5
a58c0eebd5dc6bb5d91daf923bd3a2aa

SHA1
f169870eeed333363950d0bcd5a46d712231e2ae

SHA256
0518287950a8b010ffc8d52554eb82e5d93b6c3571823b7ceca898906c11abcc

SHA512
b04afd61de490bc838354e8dc6c22be5c7ac6e55386fff78489031acbe2dbf1eaa2652366f7a1e62ce87cfccb75576da3b2645fea1645b0eceb38b1fa3a409e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
972B

MD5
6cac04bdcc09034981b4ab567b00c296

SHA1
84f4d0e89e30ed7b7acd7644e4867ffdb346d2a5

SHA256
4caa46656ecc46a420aa98d3307731e84f5ac1a89111d2e808a228c436d83834

SHA512
160590b6ec3dcf48f3ea7a5baa11a8f6fa4131059469623e00ad273606b468b3a6e56d199e97daa0ecb6c526260ebae008570223f2822811f441d1c900dc33d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\gl\messages.json

Filesize
927B

MD5
cc31777e68b20f10a394162ee3cee03a

SHA1
969f7a9caf86ebaa82484fbf0837010ad3fd34d7

SHA256
9890710df0fbf1db41bce41fe2f62424a3bd39d755d29e829744ed3da0c2ce1d

SHA512
8215a6e50c6acf8045d97c0d4d422c0caacb7f09d136e73e34dba48903bb4c85a25d6875b56e192993f48a428d3a85ba041e0e61e4277b7d3a70f38d01f68aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\gu\messages.json

Filesize
1KB

MD5
bc7e1d09028b085b74cb4e04d8a90814

SHA1
e28b2919f000b41b41209e56b7bf3a4448456cfe

SHA256
fe8218df25db54e633927c4a1640b1a41b8e6cb3360fa386b5382f833b0b237c

SHA512
040a8267d67db05bbaa52f1fac3460f58d35c5b73aa76bbf17fa78acc6d3bfb796a870dd44638f9ac3967e35217578a20d6f0b975ceeeedbadfc9f65be7e72c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\hi\messages.json

Filesize
1KB

MD5
98a7fc3e2e05afffc1cfe4a029f47476

SHA1
a17e077d6e6ba1d8a90c1f3faf25d37b0ff5a6ad

SHA256
d2d1afa224cda388ff1dc8fac24cda228d7ce09de5d375947d7207fa4a6c4f8d

SHA512
457e295c760abfd29fc6bbbb7fc7d4959287bca7fb0e3e99eb834087d17eed331def18138838d35c48c6ddc8a0134affff1a5a24033f9b5607b355d3d48fdf88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\hr\messages.json

Filesize
935B

MD5
25cdff9d60c5fc4740a48ef9804bf5c7

SHA1
4fadecc52fb43aec084df9ff86d2d465fbebcdc0

SHA256
73e6e246ceeab9875625cd4889fbf931f93b7b9deaa11288ae1a0f8a6e311e76

SHA512
ef00b08496427feb5a6b9fb3fe2e5404525be7c329d9dd2a417480637fd91885837d134a26980dcf9f61e463e6cb68f09a24402805807e656af16b116a75e02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
8930a51e3ace3dd897c9e61a2aea1d02

SHA1
4108506500c68c054ba03310c49fa5b8ee246ea4

SHA256
958c0f664fca20855fa84293566b2ddb7f297185619143457d6479e6ac81d240

SHA512
126b80cd3428c0bc459eeaafcbe4b9fde2541a57f19f3ec7346baf449f36dc073a9cf015594a57203255941551b25f6faa6d2c73c57c44725f563883ff902606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\hy\messages.json

Filesize
2KB

MD5
55de859ad778e0aa9d950ef505b29da9

SHA1
4479be637a50c9ee8a2f7690ad362a6a8ffc59b2

SHA256
0b16e3f8bd904a767284345ae86a0a9927c47afe89e05ea2b13ad80009bdf9e4

SHA512
edab2fcc14cabb6d116e9c2907b42cfbc34f1d9035f43e454f1f4d1f3774c100cbadf6b4c81b025810ed90fa91c22f1aefe83056e4543d92527e4fe81c7889a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\id\messages.json

Filesize
858B

MD5
34d6ee258af9429465ae6a078c2fb1f5

SHA1
612cae151984449a4346a66c0a0df4235d64d932

SHA256
e3c86ddd2efebe88eed8484765a9868202546149753e03a61eb7c28fd62cfca1

SHA512
20427807b64a0f79a6349f8a923152d9647da95c05de19ad3a4bf7db817e25227f3b99307c8745dd323a6591b515221bd2f1e92b6f1a1783bdfa7142e84601b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\is\messages.json

Filesize
954B

MD5
1f565fb1c549b18af8bbfed8decd5d94

SHA1
b57f4bdae06ff3dfc1eb3e56b6f2f204d6f63638

SHA256
e16325d1a641ef7421f2bafcd6433d53543c89d498dd96419b03cba60b9c7d60

SHA512
a60b8e042a9bcdcc136b87948e9924a0b24d67c6ca9803904b876f162a0ad82b9619f1316be9ff107dd143b44f7e6f5df604abfe00818deb40a7d62917cda69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\it\messages.json

Filesize
899B

MD5
0d82b734ef045d5fe7aa680b6a12e711

SHA1
bd04f181e4ee09f02cd53161dcabcef902423092

SHA256
f41862665b13c0b4c4f562ef1743684cce29d4bcf7fe3ea494208df253e33885

SHA512
01f305a280112482884485085494e871c66d40c0b03de710b4e5f49c6a478d541c2c1fda2ceaf4307900485946dee9d905851e98a2eb237642c80d464d1b3ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\iw\messages.json

Filesize
2KB

MD5
26b1533c0852ee4661ec1a27bd87d6bf

SHA1
18234e3abaf702df9330552780c2f33b83a1188a

SHA256
bbb81c32f482ba3216c9b1189c70cef39ca8c2181af3538ffa07b4c6ad52f06a

SHA512
450bfaf0e8159a4fae309737ea69ca8dd91caafd27ef662087c4e7716b2dcad3172555898e75814d6f11487f4f254de8625ef0cfea8df0133fc49e18ec7fd5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
15ec1963fc113d4ad6e7e59ae5de7c0a

SHA1
4017fc6d8b302335469091b91d063b07c9e12109

SHA256
34ac08f3c4f2d42962a3395508818b48ca323d22f498738cc9f09e78cb197d73

SHA512
427251f471fa3b759ca1555e9600c10f755bc023701d058ff661bec605b6ab94cfb3456c1fea68d12b4d815ffbafabceb6c12311dd1199fc783ed6863af97c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ka\messages.json

Filesize
3KB

MD5
83f81d30913dc4344573d7a58bd20d85

SHA1
5ad0e91ea18045232a8f9df1627007fe506a70e0

SHA256
30898bbf51bdd58db397ff780f061e33431a38ef5cfc288b5177ecf76b399f26

SHA512
85f97f12ad4482b5d9a6166bb2ae3c4458a582cf575190c71c1d8e0fb87c58482f8c0efead56e3a70edd42bed945816db5e07732ad27b8ffc93f4093710dd58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\kk\messages.json

Filesize
3KB

MD5
2d94a58795f7b1e6e43c9656a147ad3c

SHA1
e377db505c6924b6bfc9d73dc7c02610062f674e

SHA256
548dc6c96e31a16ce355dc55c64833b08ef3fba8bf33149031b4a685959e3af4

SHA512
f51cc857e4cf2d4545c76a2dce7d837381ce59016e250319bf8d39718be79f9f6ee74ea5a56de0e8759e4e586d93430d51651fc902376d8a5698628e54a0f2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\km\messages.json

Filesize
3KB

MD5
b3699c20a94776a5c2f90aef6eb0dad9

SHA1
1f9b968b0679a20fa097624c9abfa2b96c8c0bea

SHA256
a6118f0a0de329e07c01f53cd6fb4fed43e54c5f53db4cd1c7f5b2b4d9fb10e6

SHA512
1e8d15b8bff1d289434a244172f9ed42b4bb6bcb6372c1f300b01acea5a88167e97fedaba0a7ae3beb5e24763d1b09046ae8e30745b80e2e2fe785c94df362f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\kn\messages.json

Filesize
1KB

MD5
8e16966e815c3c274eeb8492b1ea6648

SHA1
7482ed9f1c9fd9f6f9ba91ab15921b19f64c9687

SHA256
418ff53fca505d54268413c796e4df80e947a09f399ab222a90b81e93113d5b5

SHA512
85b28202e874b1cf45b37ba05b87b3d8d6fe38e89c6011c4240cf6b563ea6da60181d712cce20d07c364f4a266a4ec90c4934cc8b7bb2013cb3b22d755796e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
f3e59eeeb007144ea26306c20e04c292

SHA1
83e7bdfa1f18f4c7534208493c3ff6b1f2f57d90

SHA256
c52d9b955d229373725a6e713334bbb31ea72efa9b5cf4fbd76a566417b12cac

SHA512
7808cb5ff041b002cbd78171ec5a0b4dba3e017e21f7e8039084c2790f395b839bee04ad6c942eed47ccb53e90f6de818a725d1450bf81ba2990154afd3763af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\lo\messages.json

Filesize
2KB

MD5
e20d6c27840b406555e2f5091b118fc5

SHA1
0dcecc1a58ceb4936e255a64a2830956bfa6ec14

SHA256
89082fb05229826bc222f5d22c158235f025f0e6df67ff135a18bd899e13bb8f

SHA512
ad53fc0b153005f47f9f4344df6c4804049fac94932d895fd02eebe75222cfe77eedd9cd3fdc4c88376d18c5972055b00190507aa896488499d64e884f84f093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\lt\messages.json

Filesize
1KB

MD5
970544ab4622701ffdf66dc556847652

SHA1
14bee2b77ee74c5e38ebd1db09e8d8104cf75317

SHA256
5dfcbd4dfeaec3abe973a78277d3bd02cd77ae635d5c8cd1f816446c61808f59

SHA512
cc12d00c10b970189e90d47390eeb142359a8d6f3a9174c2ef3ae0118f09c88ab9b689d9773028834839a7dfaf3aac6747bc1dcb23794a9f067281e20b8dc6ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\lv\messages.json

Filesize
994B

MD5
a568a58817375590007d1b8abcaebf82

SHA1
b0f51fe6927bb4975fc6eda7d8a631bf0c1ab597

SHA256
0621de9161748f45d53052ed8a430962139d7f19074c7ffe7223ecb06b0b87db

SHA512
fcfbadec9f73975301ab404db6b09d31457fac7ccad2fa5be348e1cad6800f87cb5b56de50880c55bbadb3c40423351a6b5c2d03f6a327d898e35f517b1c628c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ml\messages.json

Filesize
2KB

MD5
a342d579532474f5b77b2dfadc690eaa

SHA1
ec5c287519ac7de608a8b155a2c91e5d6a21c23f

SHA256
d974d4fda9c8ee85bdbb43634497b41007801fcaa579d0c4e5bc347063d25975

SHA512
0be5c0243a3ce378afa14d033d4049e38f0c5a1e4d30d45edd784efbb95d445f6c4f29e4cc2e28134ea4b04ecee9632ee8682810d9dbe9d5dd186671a508eaa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\mn\messages.json

Filesize
2KB

MD5
83e7a14b7fc60d4c66bf313c8a2bef0b

SHA1
1ccf1d79cded5d65439266db58480089cc110b18

SHA256
613d8751f6cc9d3fa319f4b7ea8b2bd3bed37fd077482ca825929dd7c12a69a8

SHA512
3742e24ffc4b5283e6ee496813c1bdc6835630d006e8647d427c3de8b8e7bf814201adf9a27bfab3abd130b6fec64ebb102ac0eb8dedfe7b63d82d3e1233305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\mr\messages.json

Filesize
1KB

MD5
3b98c4ed8874a160c3789fead5553cfa

SHA1
5550d0ec548335293d962aaa96b6443dd8abb9f6

SHA256
adeb082a9c754dfd5a9d47340a3ddcc19bf9c7efa6e629a2f1796305f1c9a66f

SHA512
5139b6c6df9459c7b5cdc08a98348891499408cd75b46519ba3ac29e99aaafcc5911a1dee6c3a57e3413dbd0fae72d7cbc676027248dce6364377982b5ce4151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ms\messages.json

Filesize
945B

MD5
dda32b1db8a11b1f48fb0169e999da91

SHA1
9902fbe38ac5dff4b56ff01d621d30bb58c32d55

SHA256
0135a4da8e41564af36f711b05ed0c9146e6192812b8120a5eb4cc3e6b108c36

SHA512
a88798f264b1c9f8d08e2222ccd1cb21b07f4ef79a9cdccdab42e5741ff4cbeb463caa707afac5bf14cc03ddbf54f55102b67266c0ba75d84b59c101ad95c626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\my\messages.json

Filesize
3KB

MD5
342335a22f1886b8bc92008597326b24

SHA1
2cb04f892e430dcd7705c02bf0a8619354515513

SHA256
243befbd6b67a21433dcc97dc1a728896d3a070dc20055eb04d644e1bb955fe7

SHA512
cd344d060e30242e5a4705547e807ce3ce2231ee983bb9a8ad22b3e7598a7ec87399094b04a80245ad51d039370f09d74fe54c0b0738583884a73f0c7e888ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ne\messages.json

Filesize
3KB

MD5
065eb4de2319a4094f7c1c381ac753a0

SHA1
6324108a1ad968cb3aec83316c6f12d51456c464

SHA256
160e1cd593c901c7291ea4ecba735191d793ddfd7e9646a0560498627f61da6f

SHA512
8b3e970a2beb8b6b193ad6ab9baa0fd8e1147cb5b9e64d76a6d3f104d636481621be52c2d72c588adf444e136a9b1350ac767255d2e680df44e9a1fb75e4c898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\nl\messages.json

Filesize
914B

MD5
32df72f14be59a9bc9777113a8b21de6

SHA1
2a8d9b9a998453144307dd0b700a76e783062ad0

SHA256
f3fe1ffcb182183b76e1b46c4463168c746a38e461fd25ca91ff2a40846f1d61

SHA512
e0966f5cca5a8a6d91c58d716e662e892d1c3441daa5d632e5e843839bb989f620d8ac33ed3edbafe18d7306b40cd0c4639e5a4e04da2c598331dacec2112aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\no\messages.json

Filesize
878B

MD5
a1744b0f53ccf889955b95108367f9c8

SHA1
6a5a6771dff13dcb4fd425ed839ba100b7123de0

SHA256
21ceff02b45a4bfd60d144879dfa9f427949a027dd49a3eb0e9e345bd0b7c9a8

SHA512
f55e43f14514eecb89f6727a0d3c234149609020a516b193542b5964d2536d192f40cc12d377e70c683c269a1bdcde1c6a0e634aa84a164775cffe776536a961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\pa\messages.json

Filesize
2KB

MD5
97f769f51b83d35c260d1f8cfd7990af

SHA1
0d59a76564b0aee31d0a074305905472f740ceca

SHA256
bbd37d41b7de6f93948fa2437a7699d4c30a3c39e736179702f212cb36a3133c

SHA512
d91f5e2d22fc2d7f73c1f1c4af79db98fcfd1c7804069ae9b2348cbc729a6d2dff7fb6f44d152b0bdaba6e0d05dff54987e8472c081c4d39315cec2cbc593816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
b8d55e4e3b9619784aeca61ba15c9c0f

SHA1
b4a9c9885fbeb78635957296fddd12579fefa033

SHA256
e00ff20437599a5c184ca0c79546cb6500171a95e5f24b9b5535e89a89d3ec3d

SHA512
266589116eee223056391c65808255edae10eb6dc5c26655d96f8178a41e283b06360ab8e08ac3857d172023c4f616ef073d0bea770a3b3dd3ee74f5ffb2296b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
907B

MD5
608551f7026e6ba8c0cf85d9ac11f8e3

SHA1
87b017b2d4da17e322af6384f82b57b807628617

SHA256
a73eea087164620fa2260d3910d3fbe302ed85f454edb1493a4f287d42fc882f

SHA512
82f52f8591db3c0469cc16d7cbfdbf9116f6d5b5d2ad02a3d8fa39ce1378c64c0ea80ab8509519027f71a89eb8bbf38a8702d9ad26c8e6e0f499bf7da18bf747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
914B

MD5
0963f2f3641a62a78b02825f6fa3941c

SHA1
7e6972beab3d18e49857079a24fb9336bc4d2d48

SHA256
e93b8e7fb86d2f7dfae57416bb1fb6ee0eea25629b972a5922940f0023c85f90

SHA512
22dd42d967124da5a2209dd05fb6ad3f5d0d2687ea956a22ba1e31c56ec09deb53f0711cd5b24d672405358502e9d1c502659bb36ced66caf83923b021ca0286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ro\messages.json

Filesize
937B

MD5
bed8332ab788098d276b448ec2b33351

SHA1
6084124a2b32f386967da980cbe79dd86742859e

SHA256
085787999d78fadff9600c9dc5e3ff4fb4eb9be06d6bb19df2eef8c284be7b20

SHA512
22596584d10707cc1c8179ed3abe46ef2c314cf9c3d0685921475944b8855aab660590f8fa1cfdce7976b4bb3bd9abbbf053f61f1249a325fd0094e1c95692ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ru\messages.json

Filesize
1KB

MD5
51d34fe303d0c90ee409a2397fca437d

SHA1
b4b9a7b19c62d0aa95d1f10640a5fba628ccca12

SHA256
be733625acd03158103d62bc0eef272ca3f265ac30c87a6a03467481a177dae3

SHA512
e8670ded44dc6ee30e5f41c8b2040cf8a463cd9a60fc31fa70eb1d4c9ac1a3558369792b5b86fa761a21f5266d5a35e5c2c39297f367daa84159585c19ec492a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\si\messages.json

Filesize
2KB

MD5
b8a4fd612534a171a9a03c1984bb4bdd

SHA1
f513f7300827fe352e8ecb5bd4bb1729f3a0e22a

SHA256
54241ebe651a8344235cc47afd274c080abaebc8c3a25afb95d8373b6a5670a2

SHA512
c03e35bfde546aeb3245024ef721e7e606327581efe9eaf8c5b11989d9033bdb58437041a5cb6d567baa05466b6aaf054c47f976fd940eeedf69fdf80d79095b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\sk\messages.json

Filesize
934B

MD5
8e55817bf7a87052f11fe554a61c52d5

SHA1
9abdc0725fe27967f6f6be0df5d6c46e2957f455

SHA256
903060ec9e76040b46deb47bbb041d0b28a6816cb9b892d7342fc7dc6782f87c

SHA512
eff9ec7e72b272dde5f29123653bc056a4bc2c3c662ae3c448f8cb6a4d1865a0679b7e74c1b3189f3e262109ed6bc8f8d2bde14aefc8e87e0f785ae4837d01c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\sl\messages.json

Filesize
963B

MD5
bfaefeff32813df91c56b71b79ec2af4

SHA1
f8eda2b632610972b581724d6b2f9782ac37377b

SHA256
aab9cf9098294a46dc0f2fa468afff7ca7c323a1a0efa70c9db1e3a4da05d1d4

SHA512
971f2bbf5e9c84de3d31e5f2a4d1a00d891a2504f8af6d3f75fc19056bfd059a270c4c9836af35258aba586a1888133fb22b484f260c1cbc2d1d17bc3b4451aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\sr\messages.json

Filesize
1KB

MD5
7f5f8933d2d078618496c67526a2b066

SHA1
b7050e3efa4d39548577cf47cb119fa0e246b7a4

SHA256
4e8b69e864f57cddd4dc4e4faf2c28d496874d06016bc22e8d39e0cb69552769

SHA512
0fbab56629368eef87deef2977ca51831beb7deae98e02504e564218425c751853c4fdeaa40f51ecfe75c633128b56ae105a6eb308fd5b4a2e983013197f5dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\sv\messages.json

Filesize
884B

MD5
90d8fb448ce9c0b9ba3d07fb8de6d7ee

SHA1
d8688cac0245fd7b886d0deb51394f5df8ae7e84

SHA256
64b1e422b346ab77c5d1c77142685b3ff7661d498767d104b0c24cb36d0eb859

SHA512
6d58f49ee3ef0d3186ea036b868b2203fe936ce30dc8e246c32e90b58d9b18c624825419346b62af8f7d61767dbe9721957280aa3c524d3a5dfb1a3a76c00742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\sw\messages.json

Filesize
980B

MD5
d0579209686889e079d87c23817eddd5

SHA1
c4f99e66a5891973315d7f2bc9c1daa524cb30dc

SHA256
0d20680b74af10ef8c754fcde259124a438dce3848305b0caf994d98e787d263

SHA512
d59911f91ed6c8ff78fd158389b4d326daf4c031b940c399569fe210f6985e23897e7f404b7014fc7b0acec086c01cc5f76354f7e5d3a1e0dedef788c23c2978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ta\messages.json

Filesize
1KB

MD5
dcc0d1725aeaeaaf1690ef8053529601

SHA1
bb9d31859469760ac93e84b70b57909dcc02ea65

SHA256
6282bf9df12ad453858b0b531c8999d5fd6251eb855234546a1b30858462231a

SHA512
6243982d764026d342b3c47c706d822bb2b0caffa51f0591d8c878f981eef2a7fc68b76d012630b1c1eb394af90eb782e2b49329eb6538dd5608a7f0791fdcf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\te\messages.json

Filesize
1KB

MD5
385e65ef723f1c4018eee6e4e56bc03f

SHA1
0cea195638a403fd99baef88a360bd746c21df42

SHA256
026c164bae27dbb36a564888a796aa3f188aad9e0c37176d48910395cf772cea

SHA512
e55167cb5638e04df3543d57c8027b86b9483bfcafa8e7c148eded66454aebf554b4c1cf3c33e93ec63d73e43800d6a6e7b9b1a1b0798b6bdb2f699d3989b052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\th\messages.json

Filesize
1KB

MD5
64077e3d186e585a8bea86ff415aa19d

SHA1
73a861ac810dabb4ce63ad052e6e1834f8ca0e65

SHA256
d147631b2334a25b8aa4519e4a30fb3a1a85b6a0396bc688c68dc124ec387d58

SHA512
56dd389eb9dd335a6214e206b3bf5d63562584394d1de1928b67d369e548477004146e6cb2ad19d291cb06564676e2b2ac078162356f6bc9278b04d29825ef0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
76b59aaacc7b469792694cf3855d3f4c

SHA1
7c04a2c1c808fa57057a4cceee66855251a3c231

SHA256
b9066a162bee00fd50dc48c71b32b69dffa362a01f84b45698b017a624f46824

SHA512
2e507ca6874de8028dc769f3d9dfd9e5494c268432ba41b51568d56f7426f8a5f2e5b111ddd04259eb8d9a036bb4e3333863a8fc65aab793bcef39edfe41403b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\uk\messages.json

Filesize
1KB

MD5
970963c25c2cef16bb6f60952e103105

SHA1
bbddacfeee60e22fb1c130e1ee8efda75ea600aa

SHA256
9fa26ff09f6acde2457ed366c0c4124b6cac1435d0c4fd8a870a0c090417da19

SHA512
1bed9fe4d4adeed3d0bc8258d9f2fd72c6a177c713c3b03fc6f5452b6d6c2cb2236c54ea972ece7dbfd756733805eb2352cae44bab93aa8ea73bb80460349504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\ur\messages.json

Filesize
1KB

MD5
8b4df6a9281333341c939c244ddb7648

SHA1
382c80cad29bcf8aaf52d9a24ca5a6ecf1941c6b

SHA256
5da836224d0f3a96f1c5eb5063061aad837ca9fc6fed15d19c66da25cf56f8ac

SHA512
fa1c015d4ea349f73468c78fdb798d462eef0f73c1a762298798e19f825e968383b0a133e0a2ce3b3df95f24c71992235bfc872c69dc98166b44d3183bf8a9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
773a3b9e708d052d6cbaa6d55c8a5438

SHA1
5617235844595d5c73961a2c0a4ac66d8ea5f90f

SHA256
597c5f32bc999746bc5c2ed1e5115c523b7eb1d33f81b042203e1c1df4bbcafe

SHA512
e5f906729e38b23f64d7f146fa48f3abf6baed9aafc0e5f6fa59f369dc47829dbb4bfa94448580bd61a34e844241f590b8d7aec7091861105d8ebb2590a3bee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
879B

MD5
3e76788e17e62fb49fb5ed5f4e7a3dce

SHA1
6904ffa0d13d45496f126e58c886c35366efcc11

SHA256
e72d0bb08cc3005556e95a498bd737e7783bb0e56dcc202e7d27a536616f5ee0

SHA512
f431e570ab5973c54275c9eef05e49e6fe2d6c17000f98d672dd31f9a1fad98e0d50b5b0b9cf85d5bbd3b655b93fd69768c194c8c1688cb962aa75ff1af9bdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\zh_HK\messages.json

Filesize
1KB

MD5
524e1b2a370d0e71342d05dde3d3e774

SHA1
60d1f59714f9e8f90ef34138d33fbff6dd39e85a

SHA256
30f44cfad052d73d86d12fa20cfc111563a3b2e4523b43f7d66d934ba8dace91

SHA512
d2225cf2fa94b01a7b0f70a933e1fdcf69cdf92f76c424ce4f9fcc86510c481c9a87a7b71f907c836cbb1ca41a8bebbd08f68dbc90710984ca738d293f905272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
843B

MD5
0e60627acfd18f44d4df469d8dce6d30

SHA1
2bfcb0c3ca6b50d69ad5745fa692baf0708db4b5

SHA256
f94c6ddedf067642a1af18d629778ec65e02b6097a8532b7e794502747aeb008

SHA512
6ff517eed4381a61075ac7c8e80c73fafae7c0583ba4fa7f4951dd7dbe183c253702dee44b3276efc566f295dac1592271be5e0ac0c7d2c9f6062054418c7c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_locales\zu\messages.json

Filesize
912B

MD5
71f916a64f98b6d1b5d1f62d297fdec1

SHA1
9386e8f723c3f42da5b3f7e0b9970d2664ea0baa

SHA256
ec78ddd4ccf32b5d76ec701a20167c3fbd146d79a505e4fb0421fc1e5cf4aa63

SHA512
30fa4e02120af1be6e7cc7dbb15fae5d50825bd6b3cf28ef21d2f2e217b14af5b76cfcc165685c3edc1d09536bfcb10ca07e1e2cc0da891cec05e19394ad7144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\_metadata\verified_contents.json

Filesize
18KB

MD5
4caf0842b05eed2901158557c86b9a85

SHA1
789062049adf0fc5bbaa61e83e76194a28737b76

SHA256
bdee000b3487443b951aa6f6a0a50eeb81caf0fe943977d987e5acda16c5812c

SHA512
c9c7ddc1007a50f2d0445b9e1400fad79c20eb41b6f6e7832c4bc5462adcfe38cfb0020028da1472b7e0f2a83091166ef950d581a1d0f68bf90d7f57226b919a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\eventpage_bin_prod.js

Filesize
77KB

MD5
a03d289fcfab28005ecb9d577944c888

SHA1
3a390c3afd10125e4ecd820bf5e5177589dee696

SHA256
4b36137c70513d476e5c7e86c2bddfa6eeefa0b77092f22f72217cb8f6863c11

SHA512
9182b41c2d4a443f7ec6167601fb280e339638f32b663a46a9afa7546d41591f985ba010d47635119048073f77c8ac496182f94239d1d342c3247a3f89d2fc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
c5f9ca95f25d11c8cb46ad8ad121e34d

SHA1
4183e6899a2011a33d429fd0af9770fc26b297ae

SHA256
5e4edb7d56beacfa752e2ba806c31743b0276fd9a752d937645b2246aa4e7612

SHA512
e2606a971cc80851fa5f3be392eaeb2dbcc3567a1d58eee53bae1f05677f0456fc873569078304e3a7c1fd5f7e7aa832bd2fa2f90ddf28f428eaf4e9f9727775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4936_1232449934\CRX_INSTALL\page_embed_script.js

Filesize
291B

MD5
62fda4fa9cc5866797295daf242ec144

SHA1
b0fd59acfe000541753d0cb3cb38eb04e833f603

SHA256
cae608555363a5ffe6940574ac6ecd03c9ac24c329484598b78ee463554bc591

SHA512
f6a324ad4372387adc9f5b66e4bca678e22b16ca621e6ca8a57b7dd84bc9636f9c6fc3e07251d526ffde03200357c074762cc5d7b707b0a303f9c9a195d98f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c19b638decb7745d5fb77d3e674f7a48

SHA1
2d6ac2faabc66a1bc392e6ea3c76fa32498ef230

SHA256
80696c6458bb567cd40e8c5f308dcac276b0970f4af58a64cc1753a76114c6d5

SHA512
b1975f7b249a74299992d5c629cda0a7b1110b3f6f45481aa9622320e2419a284be31b3e9c48967a1aff12d4450938bac2408850dbdf7dbdeef37cbc678cc2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bf35dafd8f52f524bc33a73d83adb3b9

SHA1
4cc39dc76dbe4cf5b13cbea90d3927d938b31b4f

SHA256
608e8ca3d998da0aa789b94ffc7be26918c7c5127fad8f7e74ab936da6b1e09b

SHA512
b2b806e6b2bfc83f922382392595ebe7dcc66ff09ca528ad63fcd8d106c0164dbe617056a7dcc23e817c4f8e437fb87c0e73af1f8a6f2b34b322ecc18cb2cae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a2018704bbf7be1672b99194a5ddaf7d

SHA1
501457026c56e13fe2289edfb079a49cf6c4e3dc

SHA256
577eee09a30351f6f0583acc614515a208f5e7724b7095886ddb815b36a9f9c4

SHA512
f566535f4351539358c5cb21ec92c4fbc1beae7267e7e33e376a9c0fe56730aa9e6b2c75f359a9c28f86b2be78eddca505b6ec0f1b15d0630ecbfebe33921856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d2daa58cf0dd26dc9e84eace54a1e0e3

SHA1
61fef886d812f3d64507c43fdd19bbbe1eabe240

SHA256
f6532be864591050289594963eeec342981e5439a8e30c29b5c16c26984855ae

SHA512
82576f699443760de2211199cfa66897a6708f093cb4f75a8141e8182dbb0af7aa41e3d60f19e156dd2a86828b32503592cf1918e59da00c7ebb91d5495b9d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed99e75a21915d5c59f91008a6888ed6

SHA1
0e94a36da9eac82845349c32eb5b3c61b19c16e0

SHA256
58f9409f38d9bb54f2d4943ee98d6fc01c139c14590eb052aff9ad6f596a465e

SHA512
0a50993cf00c185d3f3e93a85af066d467957aadf2f35cf6abbd0430bca87b9a6d44b560fc0ea21631daf25cc53cec75d7c55af766f075deb03c8eecad3a1903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bd9d5eaf9dfe4114d57b8a2d6fcf95c

SHA1
2865fcaced7a3de742273af68439e46e4aaa337b

SHA256
69cdebc9c93722b7518eff0ff53d99994921d38ebb92a90885be03e0f10b6806

SHA512
58fda522c132b939f0013200e96f3fa7c10ecaab17a05f39bb455b4010b73829007c1ad52e3f65c110c6bd093390a84a5743e7f978d423808df447915028a4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
684df14cf09b16e82ae7c37c31bd437f

SHA1
4efb13b2330df0cc7af5953168cdfc109ee001e5

SHA256
f88af90b093d939e201d59c754e3d0c50b3f696b83db4292e30b9e144d74df60

SHA512
cf506934a676bf3f026cc49229c4cfb6ab88ada849125565d133cbdb6a798a0fcc09435a3eb74a07f4e79bebc298b8776343697e0fc556509f363efbde26dea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9877736c09b6e969203b9f85d8205882

SHA1
36c1ba5454b9246eda3b31cdfdc546139de4b863

SHA256
2d23f5611634422ed3abdbdf78ab170dbf1cfb6249b76fbba89b08490c813b2b

SHA512
51cd96470bffd37068161be1b2c3c88cc947ed6c38abcb555edab9795d9e76f62647cd099cb68f18a0ddbc0220f9b6d1ff0354655d6d0d980577f82a3a8d1e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d21f2d1f394ee64953a4eb6200512333

SHA1
f2f52654798dd8c865275e50cd8b61429e753b25

SHA256
73f509b23764cf1e58a5113060094ac9fd205706d99552e6cc6eee8c8e93f8be

SHA512
27b1b647acc8f692245184ba4ef39c6771ad8367b5ce1962fbff3009d9c88b76d314a700ebfde2a03f6d20dd7e1c4890a22b431cf7258d8a1837d079195b3411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e268b2dec8d016ecd2e842b1937ad28

SHA1
7f5f6dfdeb79a2457ba171af6d03ab5f1120759f

SHA256
4d5d61bf59dbaeff41c599a802c78c70ae1fab7c5cb32122998495ee9e0c29d9

SHA512
cbc6677add9b7a379e6160763d7de09ad5927712940ff8c4d3fc3009c6635bb43109d11fc685656123b0d2f4caec8b92fdf25d1f9242b914cf96e42c9110c95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f217bdf708cb21d2ff8acec1945a4a3

SHA1
8efc08c45e2fe4e8958d8b5e1af1502b7e21fefd

SHA256
c053da64d2299dfd2040148d68bac64506db47cc90c36972864771414436b9e6

SHA512
63ac082e44c475c9eb58045870fb1d538cf82799dfef2c3fe5544398f869a10707f8af8488a4a1f61a0d06903194e8290c83fc6010fbf19a0bdb7582257655c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
969d718671226ef383dcaa6931334d24

SHA1
12be4f291e2afbd275a7ee9fad8ff3ef3f90aac6

SHA256
096adcae8f22029f954fcca7becb1187219cc65e3b0fa725c8ee66b89695a577

SHA512
505ceb8af343c245d2ec0c8c61a8d60821bd692d41c0eea81882e8b3e329456da531aba24cdb30a102775f1f3cbebec7c9934f63652e24f2ad4a80acd87f6ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba02a54469bdf72406091cdb9d31fd2f

SHA1
c3ffd9f5be7e40e40aaf468eaec06089db9edecc

SHA256
b283175148480d5b080949366247f46b80248cc4bf523e946a2e95fe8e79af32

SHA512
ae1662a33a5167449e60023c137e6e5d21c12b71483f9b77378dd5aef381bf6764dd33448b69cdd6bb8df50fffb187ebec90917723aebd3b575050717b6c69da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fe01150c3d370de1c668fd283d605d8b

SHA1
0a0522ca703f5f2b49a9ae069ee33410f33603b4

SHA256
3692caf67c1b764b97e492ce7fdf4ac487bbb22b99dfe971c0ea4fdb3efa06f4

SHA512
fc8beaa61a398d2c01a6277fa40f34408bbd318ddea05b4053fd2e4c4769f0d6283935cd610f815ec851ebfb6bc6bfbb996d7957f5ff2e92979c99b6ce11384d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
23053a311c65e71e26c9dd45e22ad8ef

SHA1
fe3118b02e60634d3f4abf0106ab4983f7f4447b

SHA256
a3d1db7d4937ca34f86fa1c4feafac16caee5ae6bcdea912519da047765d39cc

SHA512
cd67403b2e94098ef74f6c79da31308f4a33235e42201a40e43fcc23d0b710ad5a703ec2a35ed5d435237ea706bb16798ff7ccaa93924ec74392505ba4f08c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1d0806f14d93231a5c40d7e18925556

SHA1
3dc42bcc19abcce30de67b4f02b983a8e78bd058

SHA256
3cacc6d21c1328e4e8959b704d9a279da619f955e77fde75a2669e30f4c5498d

SHA512
a5f76024894c91b02516f55cde9ca31de38f828f58cc0daddcef34986401265cb331c12d35cbdd34c09bc055095d9b8b0e6cd65fa258dcfc1f377b7086327663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
676afe39c0a1c74d9e39a732c20ded0c

SHA1
2fff301ecaebe175fb5d03b898fe50fbae9e2288

SHA256
50f35c14ddee6d40985986dae4e7958b2ffed8318c16f3599ae7d7c197cc44be

SHA512
43131a072d249d78de64ef87b5f081e403ac3f6dc6d12f53c11373a4040a21152f9755363e01c90124d556954767de96f390479aa12287a856d5cb09e2ca538b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be5ca8eb06c686f5a48c9c07e162446b

SHA1
834fb98278f64a6cf95220008daa6d0c5ba3861e

SHA256
a8bc633ab89469b90298afca6728d43202dd7791194ad1fbe74bc2352017d621

SHA512
3a8ef03ea3927e59b5792eed53845d228ecc112a4f1b4b04fbf91814cf89e03cc9c84c9bbfb8f578821dd7d9e666399aa41acc4d9f425e1752de6f837cae319c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
674ab60b2510e87fa1b6c5333b55907c

SHA1
d30099dd93f5e08cef06ffecf191cfb805fdf663

SHA256
2ecff394ee5978f0842bbd23068e0352fe8088d4a75a3a486f7ded49684b4a63

SHA512
246494fbec7231b41d8f4f39a9870282f308fb1b271310d9c05d92df136a55f9739d8c5d0c14ea222908762a6e562fd083947edf84fd880a0461fc3e6c10a46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f9b4a443dd09d1bf2b36b4f3612ffc12

SHA1
a086f38594bcfe017a16ba5d94ed0390b838726b

SHA256
4f21c8075df69ad7eed9a73cac8157d62e153d95ff51ea7f3045afe585553b5e

SHA512
2bffdfbe22f0858e3bda25be02acd5e09d162ea8e693d7e432af04657c4491a73faa82eb231a384ef354ed2036395b2243616295f16a94f6651d0ff253a5b337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d040fc54b6b2fac71b9a686824a2f312

SHA1
d6776f713d85e15862563f5603ecacf5e8781fa7

SHA256
0177fe575053e3cec0efc28370e3fd3b50ad1e24763cd26c75015fb3e0e992c7

SHA512
df50d4691c346ac82d37fcfc1a11643f5a791767b1bf79e2a5eac64b3a18bf84504f5dda9d5e66c5d62f952a23eb642718ca98290d5d97d700d450543c5970d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
770c1b6eac08073fad467de4ca5ad87a

SHA1
be2ed71005872c7e24a9dd6754e27d544512c1ea

SHA256
a14a7f93599b2b70634709145c690d2e74bdffa8dca7f09528ae82b655964cdd

SHA512
fd70cef118578f3d34e0dd84f72643143d509a4ed6346e998a8cc648a729f9be0db707702a1760b8f47ef89bc859c65dfc34414f74cdc242b691b1419fdcafda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d21c3.TMP

Filesize
120B

MD5
b24311674bd9bfe24627779af7c0dba2

SHA1
e0a8a741993d62d3a18fdcf1986e3a1326675c0c

SHA256
566d6a253f3e14f0fc11d43205ce2343c68168b14cec78bf3b7eb77a76f37b82

SHA512
8c8bfdc6a3cb8df458046a4257973f588d2563f75c1697af502c9bddf707563101800ac37eaca68b8d99ef4bd6bc35fee9c9ef05832b82b74216359613d72a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
388ceedfb42658cc504e2807ef2bcf5d

SHA1
ee715ac0059302aa03b3f29653a65736234c4bd2

SHA256
574425b74bb06d5678cffabc69a6a59319050d6db52ebc63e67a44de2bdd6aae

SHA512
b21fda534c319170aa8f82d2559db37566039dc715a89d5d0b6ee72b0a38c4686c30a7737f429ecf20419f480b671377cf41a8c8fab41bc12f7b24f7ad3785a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
f446e5de36334d2e2960b8139a4c2f93

SHA1
453ea38ed6533176605c028df886cfca454901b8

SHA256
9c965d7fa4b940f950e74bd7507b8b79b16ead8a00173f6ac70d3216a48ae359

SHA512
ae4880aeab414e0cb10c7f19ce2ebee9d6b3ba68fbcd8ee0e774e02df7bea0f7af5f9bb9ea7dc4adf23f6856b2c7857bd124c51f3d4519bfdc383c443087632c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
22234af368b9d1c1c69e3e36d03349b3

SHA1
61ff7ad8c896f8106666c13be4d41250062c0d69

SHA256
a9ef8bdf8d720d7bcff3ca0b7b4d59f7c8f014ee507010824deec7b81bad01ac

SHA512
6abb0fc09cc7a2e7e3b50133bf1026d17a19b1ec7ab483d1e704c98f828a045a29cbe52f7a79bdc40e2627923b79c08b8eb075891b2a3c54129de32d0e1e8008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
08257e526b56bae84a8065bc71826f96

SHA1
c5a2fcbdf4db160a5689dead20b7b7b0a05b9190

SHA256
f92811f0b94bec929ac0614beb1c30ff4088ce9e839386e0e3f4f8cfaf010728

SHA512
53286fb686727dafa94ebe7bc5dd187ce1b22fda8af1d6bec711d7be3ce3a9c4b1bad1981e938b9357e9fb4e2cf932940e1a1df8fec40012976b42f244a530de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
3c7048d4116933ce72bb44b6fc785546

SHA1
da576aced9159c79f3da004c673c664951b30c71

SHA256
c76476654160414d7f1cb3edbef8eebb0e4a73fd7ebb346b03cf0d26a33462cd

SHA512
fb459bb619e8e918668649b291d8997ab26dcd4f66b49a2f2a38fdc36b03515460e06ee0c5fd64348db50eccf0681e102bbd039fea25f04bb76fef6c817ef579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
bc20e6a9aa612545bab7b85e9808edf5

SHA1
09dc69332ddba266d858760cecdf30f06f8376f9

SHA256
6215fd863937b5b099cbdf0f73c2a57a13c0b014b0ce72d89b63259cfff81db5

SHA512
2397bc5a59c5bb44b525c40402a68ede6732934a3a1e238424053c48559a3fcf3ea461ac2ebf9151660904a0de473baef7a9b74effd53d53a0f684294c293656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
cdafb2e253aa3d1011cf42c429b44a07

SHA1
2715fb3125e923818f46538299a287115c7874b0

SHA256
7f5fdb2973cab9b02e7a5e501efd5f2d03eb9c2ec8eaa8cab9ee429d74307858

SHA512
e6b0b3f361d6739918d7df4300844bf4c5a1a5bab98d2afaaa0bab49fd81a2971a1e925d4187768bdc15450623f7951a746c4cddbf85484af63a457d42212c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
08257e526b56bae84a8065bc71826f96

SHA1
c5a2fcbdf4db160a5689dead20b7b7b0a05b9190

SHA256
f92811f0b94bec929ac0614beb1c30ff4088ce9e839386e0e3f4f8cfaf010728

SHA512
53286fb686727dafa94ebe7bc5dd187ce1b22fda8af1d6bec711d7be3ce3a9c4b1bad1981e938b9357e9fb4e2cf932940e1a1df8fec40012976b42f244a530de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
687380b28d572674c8484ae3af8040b9

SHA1
b4cef1a6e84015127696d0166356d8872423bb39

SHA256
a88b6875d0f6361f54d05bf264aea4d26a09bc0b00da04e89eb68ff55c0fd818

SHA512
6101fb33b4802747844b442a2627e8b8d94e98af5e8b741d30affecb89d9b6635fbfedf41111f014eae8325ba1c508a0f8b1d7b8f12b25300e7a3edbea6b386b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
93744451ee2c61b554a7b5f768b59930

SHA1
dbe181cccf8fb8f06723d5701a754761e2aa8a73

SHA256
9fb5d147dabb04034702a1078a8e1eb77138a5e3c9fc946b5d559960a2f8e451

SHA512
17c7db83ea18551c73fb601108bb9428c134431def59c2c0aa00da1a1d33d5056c85ee258ef3e1b74dab6584d856543417d152a67c9243a1652cc2c3f698b77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e809.TMP

Filesize
103KB

MD5
34dbeb7f5690f43ef00c126242db64ec

SHA1
7b61330fdccd39454b32ed926fb0cd17598ca4b0

SHA256
e9ead2416532fba58d0c3418d167ec74864ec383cc889b927f37ba389a190df7

SHA512
33c4bd6bd479af70ae202075aaebd99722898db2dbca07b2f76fd7b09bf5fab0c81f424910549374f0ae0e07576768fce131a0124ef9be6deffa0813e0a3c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a648fb64e6a481ff06b83c3edb2ab7d1

SHA1
4746b3ae9827f21adaf82988b3500982d4c23f86

SHA256
8310ab743e4c0390c626a159d1846217a1e028e98cbc58eac259fd839af4cef2

SHA512
922160779e5d575c24a1cad045900fd12b149b1dfb23f4c11872155ddcc8b019cbed8999073ebce23fba7878fad1205ab32f445efbdcb7a2affb4608cb80c526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a313b1362263c50816327e995eb438cb

SHA1
192ea2b6c591f25fd06df0004488204433200bc2

SHA256
8d3845b2d544bdc64e27b52d7c1c161aaed68cf94eff4baa8c6e9b1fe8215d24

SHA512
d99e770b3b2c624f5606b352e31fdf4661969071808242ec499ad8668bbea1890d38a687e85c80991a57fac312871bb9e05dba858629d7ca00ae84fc25fbb57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1024KB

MD5
d57daa4ffdda1a42f33d157d14d4e493

SHA1
6bb9f2b6e401b101d8dd19b2da1f33f5be15c255

SHA256
936d0f517be63c1cfc5814a22d6a655df67785a5c310516e5c104cde18934a37

SHA512
f806f82260f24dcc69951cf48e6aeec16d4c70e22e831682953f0beb7be96d465fc674e582d2a8932d361db1010dd2dec88a2ea2ae62e36733dbe55245b63dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
211KB

MD5
1ccac7a52dbe5c6dcf6c90c51b9ac0d2

SHA1
7e32d0a90dd5178aae011565f952fcae8a551e3f

SHA256
7b8f1280847781d87824584efc91d58b7e6f63140bf7423150dece05581114bf

SHA512
e84a71ceb59214c9ca70b46e691e1d2afa58e59436b3b335feede17d9a79521032ca62a027b51ac492a4dedc50c270f692b208b2622fcd3ad63489c3019fd04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
788d12744a66aaaa5ffeb187e27d6a10

SHA1
2abe8e9c40e296919ae805bb1e55c6db79dd0df4

SHA256
0c6ba4daec8c6e7f842bc032860b951a10a25e182d7e52057d7b3e48fa474083

SHA512
f63af269bbc7c39d75231cfc6989dd560ccfbc5601023d99a8603f36b8fc525b880a86f4fdb4edf9c9726d41612e15593e86b9c52cb8a2c03ba38d3dd70c4132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
44KB

MD5
430de2c912f253f8d51a1856606c31a0

SHA1
5d05a96f897c16b69d7821c25c84ce2ec37241eb

SHA256
6ec7910f13251ad765a288b17a24f6b30abb82640c4e89778dda1b0e01b1df59

SHA512
44b8ea6451719c38cb2361865ad32b2cba9bcb63ab71409717e7d7c56f93786e253714d3813e9da1dd807f044dc084a7df1e960f1f2634679e6516e5c93b3f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
63KB

MD5
2b335fe63839f1360f392aa7acf2394d

SHA1
8df47c549173105671b2797d2b61ac41c008ca2e

SHA256
d5785be91a1fda269805a2ec9a3e96b22d85da7b7f03eedddb929aa83e6fae5f

SHA512
3106da251727d33bf374a56465666415fcb20d47fb46950e939880e7fc88a7abc0ca84c20de6cdd2880bcde80de0bb9e470dc6f1b4276a9532c3a57b8f525e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
67KB

MD5
4325ba9aa4a03c25695bca8c3aa40313

SHA1
6ced0c2d03d897e6c1396aef853cb2587b80061a

SHA256
9d3c920ac4e721b9dce6060bb12f6bb3c2c417cd4abbc47b7d6c7eb13f22678e

SHA512
51237995192eefe155e217ed2d0eab6c1aac6fd5d96dba515dc1a0434b45594ecf1c07d568a7bd9ecfaa57f5095209e0d82d066334b11f84f1497b770d9acd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
d085f2668b2a0351dd6e8c7eff89997d

SHA1
f3ef00f0d20946f8654cd5c6585c9792355bc3ac

SHA256
b094c97f73585f074b3e0b6b0b6e2b7a19accca3d12ae867fa9b763499777da5

SHA512
e0f197ed280829d4a7f90b05bc99c6a61524342b29d8bc0e27212d3dc2058dbf14cc914244a6a809585b004b3c7f2e28ac27b96305d7a9ff4c3a0fda2984ab1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
35KB

MD5
c8af07388dbd6b5b626a5dbf85a4fbe4

SHA1
5711de6f166dd0f8f255b3acbb2fef32c7126983

SHA256
e3f3945dc1c7733773f709d35809dfbcf8c53b3a81f73e55ece67b83f3ca085f

SHA512
5952eb1910e52be62107016a7d5a122080dba7d172fad62797e7a914c1ae0700750da582b54db4b1e1f5ab7de0950f8c06bf302734a95f76679c6bd8ac10a50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
107KB

MD5
a1a95777eb32e3eb5f1214811b9bbe8c

SHA1
b5a5e58194772744f8ca9b968d3e8ac24ae2fbe0

SHA256
49540cb8bb87efde9c72da7ea7562ef1b3f4e9c1020a0784bcf97f62ec5bbd3b

SHA512
207f3c462726498840410be7b575ff824f365a1add653a723deabd234d4b05e9f188a53b168a8c8e0173ad8aa5da1c72560cee983b431b6b64875fb84d24cf3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
19KB

MD5
bf85c1f67d425f502767d54bec3f7ac4

SHA1
0050d6197f99f1ad1faa82ff5eda627eb1995b0a

SHA256
a42576ba307e668c3bbf0d3c1f3dfd123ec396aa3f4cae2615009c674cccb956

SHA512
5f655c44ef12cb784df580d9e9f7d167f1047cd7ba9ed2802004b22f71c33604976a061e27ac6eb28f356720e60b555d4580870b35066fe3834369bb376cf97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
41KB

MD5
7542c23779db75fbda56aa19bd358d0c

SHA1
0e8f67210047f47c010bedd3571b0de72a21a08e

SHA256
c2c855cecd94f120f01132753748aab887cc09a45c60d88ee914e98e5775b317

SHA512
b6fad57b19aa5ab8151ae1081d89c3be213fc87eaad9a69793d30fc91d442f4f07c951d2a1cf9283163d3d01ca57a011dd585f2da66a2adffdf2e37be7072327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
70KB

MD5
f32f60d5ca67a4291167b18b0c7c5450

SHA1
8933948daaa0f77d0bf3f0506a04cbca30c7749b

SHA256
dbdf8c4b2704200f54b6879a1417c5e09d339a18baf29ccce0d778230380cf1c

SHA512
d2abfc440ffd685d3a2b603da9bf040e60a134ae95941453cdb630f9939c1d10da4ad514e47d0bba0c291b05fb1ea9cfab47a49a28c5be0159fa7c8be6acfa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
54KB

MD5
e196a9a78e7b17d8a51a11b25f7cbe6e

SHA1
79b00487d8605d4a5df986cfef7fd80532e63c5a

SHA256
524515f3c3ae8d022827a67c05451e1de61c2e917761ad8c3d8f8697f3c81c15

SHA512
f8fc9aea78ae7028efda676903a7aefc0e54a999509ec6b14d69e46118011b7c179fa03dca754d7d2e51f12995b186c95b8379219dd1bdd88d76067068344a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c7daadeb735097aa619547c63324baaa

SHA1
b6c30570456ad0b1f03ccf0f44ed9d381f5d551f

SHA256
62d910e0ad9ca4d241ed6c5a45796fa5ea771b538df679d3957238fa48faa3f0

SHA512
43980790c1e8914af677d9509fa922d8dfe01daa6ed495af8351db8de5e0bf8292dc7a33a823397d338713670230a801efdf97a2e2fa22effcf418e8f28df638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d09279f11c651e87808b207c770d3a31

SHA1
ff2a3774c7a8122598b34d5ccd430fdf87f5bc59

SHA256
01b03f4c4b169e8d49ffcc88522f83b24864f4dab723025cee953bcf6ed5326e

SHA512
098f785574a068c2734159b378c8f582df124d3f42344cec73f2c31467957dd27265d9c302ea45cbe9201d58da4602b0aa07f8bc31f97a2c13f4c2a857ba0203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
cd664195579f1ea27eface05c384b011

SHA1
303d29eea1511200715e551f985cf57a71995273

SHA256
924ab6f9e799608b17fcb614d94522c6b727561d8c4ae5347603cd5fc92efba6

SHA512
e38f820781cd74b5b9a91c1a25305b529319606cee20ec5c2d7dd7247830bed45ae844a9e0d8fd7a940cd4406e661adfb2fe9215cea0b5322bef2e7ad751f48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
943dc3f56ddd98256f3a1812742940e8

SHA1
36e575475c353a44a441f0ca333113ede1c29fbf

SHA256
c6d10f29ceb17b51e22c4ab55b13f4377afd095ce1d0085e310808316528fd1a

SHA512
37aa5a03eed60329ef046c5a0b76a43c670d7c7a94cda0180ec20aca67df4769f660ffb85c08bcf1d84762cb3f5f504cac3eb5cce44756e81076c83a25aeaf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
25ddf1e9fe4df7c3aceca1477bff5c2f

SHA1
044569f510f18c06b2bc870a91a9437231dc2ef9

SHA256
959f67da399bcea5febe34c5d002ca84f2de1e7ee7aef04979addf1b64d145e5

SHA512
0a0977c5ece0ac2aa69d9f3b5d6e8d8f00fb93969ac2524081b13cebb0cbd76d88f28fb0c5121d2995a22681fda4961769bb884b0d5368289033dbf05f82039b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3319d94853a5a3cb7693d3dedb612c80

SHA1
923573f7200ce1bc65a3c327adc59c2a37bc5508

SHA256
dcd612f9ec6c31140a9f73c53902c5a7cd5e83403947e837a4b3bd6e40d7fc31

SHA512
352658d828ec105459af7120be4756def8031b513a0b9311092e23271736a19f9f3da8d3abe548858cf00ee83e4bf73289737c465628001a1df0bfc7955f8fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
98cea2e05074ba10d761f822a797e25d

SHA1
e88932cf6250d7b152dc60f696e063d8b7a8f9bb

SHA256
43d5aa73aa2cef52e9b01f1e699e68d3e9239eb52f41cf47001206ac14598cbd

SHA512
37be332b283a25cd8cce2372c72c99d3c2eb04fcbb32280e2474783e8837496fa05028d14115bfd8d9b570dd12e7b29398f95491ada46eacbb011c31f54ca237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
50904ab1fe68976c9485e08e7e9d087a

SHA1
ded31fd4d10f595c3d1c3e83e01de0cb6cd0da67

SHA256
28e33838d85fbaa46473265a1ec175bfa9c1a6942989073249c0bdba4faec957

SHA512
9f8d6c145729bb6e4ad72948880051fcb2136a5f9f6477975f0eba1abedfbb4d28ace4829bfe7251865058b8efefa89aa5f9b3f51d3dec3e1714b50dd5780475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9bbb22fe5bcfe7c7c3a6d87d4346db53

SHA1
8ef253ae33dd09c6e8cecfd39e329273b1e0f4c1

SHA256
325d34963ae4675c2230d4f6ed5a0e4aeb7d63c12afe739a195df85e55e2ec29

SHA512
0ad7996d56cfbd47074a758ca42a377b5a78fb852d54a951f9d7d70a110e5d41b99954291e3762c6cdebf833c10b061598a50006db2a15423b4a9e113fcca143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
008ac22880bcbd3575b8d20511d9c31a

SHA1
586e5f03ebfd96a03a5bd4cd67c77dc7b847d04f

SHA256
dd22b30ba312d67014c23651b8feb6b6999f843d6518abc11cdd9700bde0e787

SHA512
2e06203bdbb8e73ee37ea306cc2d1cea7bb39c0fed6eeda53aab18910d283dfa6b077291a88a471b296fa6bdae0f672b960a4c39a5a0dd7f8199e9b3279b0fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
cf68d6d83b639465286d158228e819b2

SHA1
8abb950c89922c1a384d421da4cdde369f23f4d9

SHA256
b2701d003007270b0fe5efbdd24b682621f2ebb0849aa10d78e587867cc6fe57

SHA512
aae77f7dce07a56ef17406f6cc311cd09f0c3ca8fda81e94ba7cf8c2ee48a54aa766707a339feff334bafc29822f606811062c7c80770eecb63ae4ee051d75fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a27d2fb7addb1bb8d407683668bf916

SHA1
7d812f82ecd07e6df37632950730bbb439f0ae58

SHA256
6141b75cf02174ecc61f86d64101f53debe1ac9ac1924ff77deff93ca737fe15

SHA512
0b11d201787abcb9da50c89edbe7a6c169a0e30fee0f1c9806792736f76eac41ff0e5cc7a0874c7ba438dfd3fda6602920dce2a3c3ac6824e0a6f2a71d1c90bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25cabc2474a7dba701df02c50ac4a6eb

SHA1
96861f85663ea69721619b42c2ed6961e098cc04

SHA256
d64619331b0a53a3494d9f04e369a58753e600f767762b441820672c6e2be5e1

SHA512
83257aa084b7f14415d131a2c91f9313a50295bc5b7d0fe93c990fe2af750b11220af80dd8e6002136289f6ccd00aed870e04a7c326922ebbade6d66158ed527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
663ddee524f82684b17ca85035419008

SHA1
f9e6ba10a8aa77bdb8127eb163284c74cfcbfb33

SHA256
7f400926882b96d8eed12dc9de358122afdb276da831eed15b2cc335729f87ad

SHA512
0d99997c079b97faa09aea9490e000da04e4e865851e172b7a916f7d9ce61d05fe91825cce09f0cca9ce63fb8afdec6ba64213a39d006c9e5a4c4923e4b20333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8fe3f7711853dade4c11a371acbcb884

SHA1
1e7bf1ed89bad0136b906be643f4d36abbb61b47

SHA256
74690b19ee99391d8a5be4f9c046e255dd80fbe808526a79d07a425d764b95f0

SHA512
6ba814b040cb31ac0acf12fd97e0300a09f07bf3eea2f725cfc6e671987f562d00e923707f6cd4dd4ca30afe99a4b254d19a2aa544b2ed8c3fb523d2d9614949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7bbdae4acc8820eaab2029b9bca3faca

SHA1
d4c8f9e17a2d955d1f553a68359d64a472c3f378

SHA256
b19fb4810fc4c676e1a5c85f4a39b591c9ab93df82fc05c776d64b3f5995c542

SHA512
2ca9d3573bf5c29a0290bf2d505172d1af33fe51fac43d7d5bea31359bb122e0bec0b6c7befd35468d2d73c5388a630341ec497bdc4425d3c9b48881832a1ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cbdf2978b994b461ee2dd4492f0fddf

SHA1
ec67a330e37803879a562c5a11583f179060c9c9

SHA256
0fe53cb43efe648e72736af72529886d38882f901550dd8a4fcda6c7ad1bd554

SHA512
802c89dba353d6100d120e15c27ae204ae67486efef54b183127220cf3ef65dfbe9ed5fe334717ae55203dd10e4049aa4e8c5e7c0be43c6e046196232c989ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fac4dd644e60aa6ba40cad3d85493f5d

SHA1
b2da4c643286a68c495288684ffa7dca13d17d63

SHA256
c6f5b5480131b9a04c7aa099c341c3157f3e5e7539d97800d7658960d963cdd3

SHA512
f88abff6cc52b65b9f2426331e3e2f40f836c51b5cb2cf93000402cd995efbd94803cf095fdcf6aab518a86ea293c8d1376f5b90bc9970b99039f8ca95e62618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
a81faa83c09b4b05837f5f8295a052c2

SHA1
d0320d9f0cdecc621da7899d574404a7b02f67e0

SHA256
34bfdf3f1a9b937b3b4279fa1fef1c4d6d7b8c04ef56eb6f5a7c8d9ac8ef7b36

SHA512
60a676e7a9db997818fb55d84ab4b0d11c085d38591237c3c6776dae269c4c50e8ed6690dba2bb4f762987eedabddc1df40dd40c32b210e58c26ffee1d2188e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc5970b5-40cf-4a58-b35c-2efb1ec48878.tmp

Filesize
1KB

MD5
815b2e10bee8575ce7140a083ddb7f04

SHA1
9fe5e7a9a2ab619abe510698e7cc3e2b1ee012bc

SHA256
b38d30ae65418f14426824f4c796d6e825f1d96fe69a1aa544b301859d1c8b98

SHA512
f4f44879a3a1c43dd313964e7a07a5fa57fe3e38aec385c4caf8df25a3ee1d07f4578880bd6cefcbcbbcd911ae6d0036ed430bde21a62801e7942023c86186d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2f2e495-8cd6-41d8-82c7-36f2188bd76a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
e5d235c5aeeb5009de9e78c4c5b0e44a

SHA1
54812bb2dd8418ad1fb110c6e70f2c5dbd1abd36

SHA256
ad6a898869c72847978a185ce0a2b4e7c763c28dc430cf409d995c18ddfd32c8

SHA512
a174d9f5733fe60b697d2673e5ae67738349b75f30ab31c8688fdc2c8d77fd9c5ac21a1de3e0359abbb3304c183a70abf43b116e5fa280e0bf2440b6ce628e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
02d299f31c691bc798fed7f7ba6a5d0e

SHA1
317e8bb88cd239a055f5ae1b7940ff63bcbc36a8

SHA256
7854541ef5ace88a1c32abbc555022ec4306492344b7973091b06834751e2ba6

SHA512
b1164c79f65aecef8ab1a256f206503a3dc76493d2d733e9e3a90e119c7c0aa4251d7ee4a77b3394afd97ae36b7cc03c0814c7cf8d407d491cfab45581947284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
70ed33c1f002e6639c1e0be506bfd4f3

SHA1
3d6601fd879fd0f4bec9f0a9e38125b1a9baba99

SHA256
efcd8420159c6a19187028869e108d8bebf72eadea4469133407a42134e41c27

SHA512
f8020d6c85925a20ba535cc599f8c17581fc41691020800876814f8168b9fc18fe7bbd0dbf7072986f28eee9e7670e3ee133911adc0fb9e9a04e3bacc95444d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
c2cbbda3e3bc9bfff4b62cf3a5b17233

SHA1
668b7b9b692c65fc6c006b1fd6640973fb0810bf

SHA256
b11da6785e91eac86691a323b5b69abaf72fca04c5f452684957a9a5db5bdddb

SHA512
c59b3ca94862acb990e25ccb3e51740d8143c7499d496197599093bd75773a764dcfb51c5d6bd3b3ba27a76a39e211f2acc530da3d7c5e37146ea7ffafbc5822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
bf8d75a2c506dd36f6cdbbc3b9b5844d

SHA1
f05b151f24080b1621cccf149029e255fb4e4ee3

SHA256
ba0514a04b78d731e86b39388d3152052dc7557d6bdac2f54d698068aa372ce3

SHA512
628400792294ff4a8820d0bf4d090b52027b76c76704978972a63b3821c989b5cde5cf6af7fe4daef8e84b7d63103e1f244ec66a70a010bd5d73684887495679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c81ef0dce9fbaa14622dd681a20a5e73

SHA1
27e27b79ec15407778e4d05487128e7684b01ded

SHA256
0010aa94753484ffe919fa2110905941f3075cb1fc8b6c69f234e633207af7b4

SHA512
03eef0ba0825a22b0c2a53e853fb655f7b7432b3e7a3d3f0fddd0e8134ce69a82624bfef044e8074f97260803b92a6860718d66fd692681402e760bb46f129b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\additional_file0.tmp

Filesize
2.4MB

MD5
090de281df0aff70c6bab2e004321dbb

SHA1
25746cf9a368636c35d552b0c08f74b455c7c44b

SHA256
9b829a0ac23000a77a4455c46b49f23e27e99251d56c99edf9a5b3163d0a5be1

SHA512
263945666f7a077368ad20025eb71098b604a3a7af04d08ee5fcad81e12be3fe39d9dd415cf26d194cf645c534d3056e8385824889dceea82657993e6c47d61b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\Assistant_98.0.4759.6_Setup.exe_sfx.exe

Filesize
2.4MB

MD5
090de281df0aff70c6bab2e004321dbb

SHA1
25746cf9a368636c35d552b0c08f74b455c7c44b

SHA256
9b829a0ac23000a77a4455c46b49f23e27e99251d56c99edf9a5b3163d0a5be1

SHA512
263945666f7a077368ad20025eb71098b604a3a7af04d08ee5fcad81e12be3fe39d9dd415cf26d194cf645c534d3056e8385824889dceea82657993e6c47d61b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\Assistant_98.0.4759.6_Setup.exe_sfx.exe

Filesize
2.4MB

MD5
090de281df0aff70c6bab2e004321dbb

SHA1
25746cf9a368636c35d552b0c08f74b455c7c44b

SHA256
9b829a0ac23000a77a4455c46b49f23e27e99251d56c99edf9a5b3163d0a5be1

SHA512
263945666f7a077368ad20025eb71098b604a3a7af04d08ee5fcad81e12be3fe39d9dd415cf26d194cf645c534d3056e8385824889dceea82657993e6c47d61b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3c942ff0d46769c4ebebaf8af7cecd09

SHA1
22edc54535ca0d310f078741e5a384032dff4dda

SHA256
6411b8efde988c3c5e24c1555ee0b910985a5e037b3beb887b38754aceb7f533

SHA512
4138e8d6c21510451d47b7ad7f3d4954eccdf8fa04b2a676082c710e79110da8ff21e96337c93bd5903442740d2cf4b249974248571a05bcc0fd5a25018d8da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3c942ff0d46769c4ebebaf8af7cecd09

SHA1
22edc54535ca0d310f078741e5a384032dff4dda

SHA256
6411b8efde988c3c5e24c1555ee0b910985a5e037b3beb887b38754aceb7f533

SHA512
4138e8d6c21510451d47b7ad7f3d4954eccdf8fa04b2a676082c710e79110da8ff21e96337c93bd5903442740d2cf4b249974248571a05bcc0fd5a25018d8da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3c942ff0d46769c4ebebaf8af7cecd09

SHA1
22edc54535ca0d310f078741e5a384032dff4dda

SHA256
6411b8efde988c3c5e24c1555ee0b910985a5e037b3beb887b38754aceb7f533

SHA512
4138e8d6c21510451d47b7ad7f3d4954eccdf8fa04b2a676082c710e79110da8ff21e96337c93bd5903442740d2cf4b249974248571a05bcc0fd5a25018d8da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\dbgcore.DLL

Filesize
166KB

MD5
8e7190bf9a51e2951b140642511c00fe

SHA1
8ac4ad95c91cca1f5a048a97f63619b2babd7348

SHA256
775c3e3c76780e8a61db42a4520b81a663eac224e7ec33dc252a1276e47613b5

SHA512
d5dc33882b2a211a997cb178aefdda7013f30efd626722dc56cbbb1b85855a5eb7b77c70bf7fe6b605e93658498ae086f590b1b53346df01891fa0071c5cf4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\dbgcore.dll

Filesize
166KB

MD5
8e7190bf9a51e2951b140642511c00fe

SHA1
8ac4ad95c91cca1f5a048a97f63619b2babd7348

SHA256
775c3e3c76780e8a61db42a4520b81a663eac224e7ec33dc252a1276e47613b5

SHA512
d5dc33882b2a211a997cb178aefdda7013f30efd626722dc56cbbb1b85855a5eb7b77c70bf7fe6b605e93658498ae086f590b1b53346df01891fa0071c5cf4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\dbghelp.dll

Filesize
1.7MB

MD5
bcc596c2460244066b3c40a6559b88d9

SHA1
6ee955c1efd65eba6eb6020467bc4d26aaa82793

SHA256
e7ba778244de4144318b6946e2f9aa382ee6c8e93849f49ed54bbb9a9625f34f

SHA512
016468a0188239a5e9eb93dd3842eed5bde60b1e5fc69ea822099ebc2a7d2094d307ce4abfe98a222fa684d3538cd3df1b63bbf5dd694d020020543f41f328be

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\assistant\dbghelp.dll

Filesize
1.7MB

MD5
bcc596c2460244066b3c40a6559b88d9

SHA1
6ee955c1efd65eba6eb6020467bc4d26aaa82793

SHA256
e7ba778244de4144318b6946e2f9aa382ee6c8e93849f49ed54bbb9a9625f34f

SHA512
016468a0188239a5e9eb93dd3842eed5bde60b1e5fc69ea822099ebc2a7d2094d307ce4abfe98a222fa684d3538cd3df1b63bbf5dd694d020020543f41f328be

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202305160909391\opera_package

Filesize
90.2MB

MD5
e24919e48966b75eca44327e8df7294e

SHA1
9c2daf45a2dd968c1fe210af98f551bcde532385

SHA256
3906aa744f50a3f276e5473c60714b9a85a87f400a9625a2ed894fc8def97896

SHA512
5229579b2ddbd31cfea28e99efb4cfd564e891cb4eda37820219a856e952ebfd7012fcc3cb31f651e8da21b6c1a1d9459c133fa250512d301611219bbcb88c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909360282112.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909370121692.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909370121692.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909374935252.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909396294348.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2305160909399264284.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K4HIH.tmp\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp

Filesize
3.3MB

MD5
85041dcf9c01a109650e246ad62aa873

SHA1
a0f8c1ced7d11105f91b599ebef5c8a860f99d76

SHA256
14636eec24dd231f1c34d6d5baf7321cee394585c8335bd752ca9b792bbde009

SHA512
1146c4a45d2b3234a8d7c82a7ad298cbe8010f17023fbd460163e69d2f93a15b7cb198645f77652da0c68d2de1e2236844a746e855ec033a6233acb5143e2cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K4HIH.tmp\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.tmp

Filesize
3.3MB

MD5
85041dcf9c01a109650e246ad62aa873

SHA1
a0f8c1ced7d11105f91b599ebef5c8a860f99d76

SHA256
14636eec24dd231f1c34d6d5baf7321cee394585c8335bd752ca9b792bbde009

SHA512
1146c4a45d2b3234a8d7c82a7ad298cbe8010f17023fbd460163e69d2f93a15b7cb198645f77652da0c68d2de1e2236844a746e855ec033a6233acb5143e2cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\AppUtils.dll

Filesize
1.8MB

MD5
43ce6d593abd5141a3139603f352ae05

SHA1
a97c75e23d275dddfde15ef5fdf3ff3253c0992c

SHA256
94e874f2702ea6be50e7d74864b66e7f763449c3db237803f3fad6adfd64ed3d

SHA512
bfc527529e5f73ba190dfc5bd043175c7e2ae963b665d6d39421c29e025020f1d593dc88b7bee33d86ef6b4f7a4c5e1a0339df4e99cab6849a275d1dda9f439f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\AppUtils.dll

Filesize
1.8MB

MD5
43ce6d593abd5141a3139603f352ae05

SHA1
a97c75e23d275dddfde15ef5fdf3ff3253c0992c

SHA256
94e874f2702ea6be50e7d74864b66e7f763449c3db237803f3fad6adfd64ed3d

SHA512
bfc527529e5f73ba190dfc5bd043175c7e2ae963b665d6d39421c29e025020f1d593dc88b7bee33d86ef6b4f7a4c5e1a0339df4e99cab6849a275d1dda9f439f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\DimensionUtils.dll

Filesize
1.9MB

MD5
ce2dc2cc12aec529511da19cf63ba802

SHA1
5b45c33a34df73920077f546176a3aa96df0f80e

SHA256
bde7cc0193ad2fbdfa9f072d9003bf1c82cd27e027b2e038343514f8cc8ee6d2

SHA512
98b5017e437b05639238b63bdf6cccdea7665f3fa0c55e87e8c7139551c213b1a63d641d588b950346ec66bb03b4800dc4e3dd4c60f80e0e76779b1ba58d2be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\DimensionUtils.dll

Filesize
1.9MB

MD5
ce2dc2cc12aec529511da19cf63ba802

SHA1
5b45c33a34df73920077f546176a3aa96df0f80e

SHA256
bde7cc0193ad2fbdfa9f072d9003bf1c82cd27e027b2e038343514f8cc8ee6d2

SHA512
98b5017e437b05639238b63bdf6cccdea7665f3fa0c55e87e8c7139551c213b1a63d641d588b950346ec66bb03b4800dc4e3dd4c60f80e0e76779b1ba58d2be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\Opera_new.png

Filesize
49KB

MD5
b3a9a687108aa8afed729061f8381aba

SHA1
9b415d9c128a08f62c3aa9ba580d39256711519a

SHA256
194b65c682a76dc04ce9b675c5ace45df2586cc5b76664263170b56af51c8aeb

SHA512
14d10df29a3bb575c40581949d7c00312de08bb42578b7335792c057b83ab2878d44c87042bbdb6ec8ceaf763b4fbd8f080a27866fe92a1baf81c4f06705a0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0.zip

Filesize
2.5MB

MD5
50a047c9410a6795b16efac1282e06f5

SHA1
6ca6cab3791347cc73ee0bcc95800041abb8bb9b

SHA256
d652c51ef76666282e8e9d165ef7d053414899aee4fb20f537aabf3e82e05a61

SHA512
33f01275c6cbdbf26f8750402e2c9d5a857d3f6d267249c38ca26ccda90c76a22dbc5b25f6c9eff41b17401e7283d93b119607d195cabf7d5e4353bc4d6ff9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\prod0_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VGBGG.tmp\side-logo.png

Filesize
29KB

MD5
06b0076d9f4e2488d32855a0161e9c74

SHA1
7dbc3c098f7fb1256aeca79c256b75802b5fdd69

SHA256
929243f002eb4209a9e68af6744a3d63ece2b173c910a59d6752536dabf3870b

SHA512
7cecc1fc1c13f97dfe1ae7592918c9df16233851a8dd667ac2199b92fd24410a6ef76acfa014cd00aad2d27dfe2887f41100563cf2240f720466dbebaed0375a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4936_1227052206\1a894b7f-692a-4201-b0d3-271ce5a7b050.tmp

Filesize
88KB

MD5
9caa8c614bab0c667ec308c2fc7268d0

SHA1
118810cb2e84e9fb58b45786809e1062c1032658

SHA256
3474c2e016e2e6558afa52729659a90e014e7437be68f8606f9f152f1ba2f8fa

SHA512
85111e6075bd5b5a260684cdcb30718f6b0ea295faeeb5e8e406848597a3e35b62a15cd0977c6a13c62537021db00d0bb2317bfe3773e40028495f4e19bf7369

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4936_1227052206\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4936_1227052206\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4936_1227052206\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0f9390b97f80d566078d78af8558e5a4

SHA1
dfe4088b7474f8a2db7486aebce1d3bd4332e387

SHA256
47354a37c8282e1410e6e54f6520d0cda92ebc1c5772937790c5205d4cc71f3d

SHA512
3229778e125d393356fb3f7644cc85abfb882aae4210566df97616013b235b5b93f3abadcf486bb23a1b5f0929ceec3a9e794bc9245e2a60b74e8acc54f90270

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
abb507e93b0c892980841938dcbf73ca

SHA1
cc8e50e08d981b0770616873428269a1c451d3cd

SHA256
f9d6e344ca9bbbc7f1f79d8aca12ae2a88839db10928cd4153baa1e9752b2dd8

SHA512
fff34c872fd248175ba4da235ad24e60dcfa5c9f6225944613b5187dd0a51095629f8f22c3e038df24fdba9af157932a7356345bdc00aeb4d730229d0db816a3

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
abb507e93b0c892980841938dcbf73ca

SHA1
cc8e50e08d981b0770616873428269a1c451d3cd

SHA256
f9d6e344ca9bbbc7f1f79d8aca12ae2a88839db10928cd4153baa1e9752b2dd8

SHA512
fff34c872fd248175ba4da235ad24e60dcfa5c9f6225944613b5187dd0a51095629f8f22c3e038df24fdba9af157932a7356345bdc00aeb4d730229d0db816a3

Download Submit
C:\Users\Admin\Documents\SazInjector\bin\VAC-Bypass-Loader.exe

Filesize
20KB

MD5
d6470ec79abdf87e3fd88d10c25fa49c

SHA1
38a998c4000f9bc828f20407d4e1c71dae175c01

SHA256
d67f9e3b89151914808fb8e8c99c6dc11131a523271b0915baf34979b61afd68

SHA512
80b0ba4bdfee00877f218917b2e88c2af231e8577aac6a889d21504815fa54f2e665dc58b2716308ae56cf06ba1ca7e1a0165fe4d1033c22a34860b890ff182b

Download Submit
C:\Users\Admin\Downloads\16-05-2023_WzIR1Z6cNxOn1NB.zip

Filesize
1.4MB

MD5
ea10111a7dc8ae71ce082b8206024853

SHA1
98b2281f5cab567f9d9204afde19fe0e1e771fa7

SHA256
89e5523710604bb6b8a6bf2cf0f11f140bc7ed00b85c6e0edd6107294d115cc3

SHA512
89ba15522237fcb6942b7f6f4e5df738f5ca94eb204eb269fb6b555513991f8edeca74699cdd06c94da62525097ed8f86374033d45a1f42aa879db301f0c8de9

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\Downloads\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe

Filesize
10.8MB

MD5
77ace8cefc74012837464791584b01b8

SHA1
e36ede095cc4723a91b042aefcf4a31e0d866cfb

SHA256
13093a7b664a9bd4e0dddfca84d0e5b1cd75da70afff7325be457b4342f79fa3

SHA512
979b551012941130af7d515d757521a97b11ff1f938bf696153ede67cf70c73815731a7461b8c0f4e8b2c0bb53b31642a36ccf0bfd200d83c574dd21730e27f2

Download Submit
C:\Users\Admin\Downloads\SazInjector - FREE - Linkvertise Downloader_3b-ZT51.exe

Filesize
10.8MB

MD5
77ace8cefc74012837464791584b01b8

SHA1
e36ede095cc4723a91b042aefcf4a31e0d866cfb

SHA256
13093a7b664a9bd4e0dddfca84d0e5b1cd75da70afff7325be457b4342f79fa3

SHA512
979b551012941130af7d515d757521a97b11ff1f938bf696153ede67cf70c73815731a7461b8c0f4e8b2c0bb53b31642a36ccf0bfd200d83c574dd21730e27f2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 712418.crdownload

Filesize
10.8MB

MD5
77ace8cefc74012837464791584b01b8

SHA1
e36ede095cc4723a91b042aefcf4a31e0d866cfb

SHA256
13093a7b664a9bd4e0dddfca84d0e5b1cd75da70afff7325be457b4342f79fa3

SHA512
979b551012941130af7d515d757521a97b11ff1f938bf696153ede67cf70c73815731a7461b8c0f4e8b2c0bb53b31642a36ccf0bfd200d83c574dd21730e27f2

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1692-1783-0x00000000006C0000-0x0000000000BCE000-memory.dmp

Filesize
5.1MB

Download
memory/2112-1773-0x00000000006C0000-0x0000000000BCE000-memory.dmp

Filesize
5.1MB

Download
memory/3332-1970-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/3332-1717-0x00000000062B0000-0x00000000062BF000-memory.dmp

Filesize
60KB

Download
memory/3332-2014-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/3332-1971-0x00000000062B0000-0x00000000062BF000-memory.dmp

Filesize
60KB

Download
memory/3332-1699-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/3332-1749-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/3332-1754-0x00000000062B0000-0x00000000062BF000-memory.dmp

Filesize
60KB

Download
memory/3332-1768-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/4284-1966-0x00000000006C0000-0x0000000000BCE000-memory.dmp

Filesize
5.1MB

Download
memory/4348-1962-0x00000000006C0000-0x0000000000BCE000-memory.dmp

Filesize
5.1MB

Download
memory/5252-1852-0x0000000000DE0000-0x00000000012EE000-memory.dmp

Filesize
5.1MB

Download
memory/5928-2599-0x00000000051D0000-0x0000000005262000-memory.dmp

Filesize
584KB

Download
memory/5928-2605-0x0000000009260000-0x0000000009282000-memory.dmp

Filesize
136KB

Download
memory/5928-2658-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5928-2597-0x00000000006C0000-0x0000000000878000-memory.dmp

Filesize
1.7MB

Download
memory/5928-2600-0x0000000005120000-0x000000000512A000-memory.dmp

Filesize
40KB

Download
memory/5928-2601-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5928-2604-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5928-2638-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5928-2598-0x0000000005970000-0x0000000005F14000-memory.dmp

Filesize
5.6MB

Download
memory/5928-2623-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/5928-2724-0x00000000053B0000-0x00000000053C0000-memory.dmp

Filesize
64KB

Download
memory/6056-2015-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/6056-1680-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/6056-1733-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download