f13e756199b357b44b09009335a2fc7f39b884b55a11a3f16b3e0dec00cdea7b

Analysis

max time kernel
355s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

8.0MB
MD5

fc921853bdc96089a46788466465d9b6
SHA1

bd9e02ccde74d8e1f261606d89be0d228dc5f0a6
SHA256

f13e756199b357b44b09009335a2fc7f39b884b55a11a3f16b3e0dec00cdea7b
SHA512

c75269e53c4f9f4e7f79caed121652e3aa92489393d8a1baab667a3ca6e82d4a34a89ca82734969f35f1dedfbd4b157f6dc910ca3d684ef7297591187515e658
SSDEEP

98304:RLKJzFgMQ0dgyNsqWGXwt24z46C+XfBflMPzidUtY3S+URx1RK/TBn/8/nVqmFtJ:9KJzFgMhI86LBfM2n6c9/MVbh

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
48	216	powershell.exe
80	2192	powershell.exe

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\ = "Chromstera"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\StubPath = "\"C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Localized Name = "Chromstera"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\IsInstalled = "1"	setup.exe

Executes dropped EXE 37 IoCs

pid	Process
2972	browser.data
4716	setup.exe
1880	setup.exe
5028	setup.exe
2820	setup.exe
2016	chromstera.exe
4988	chromstera.exe
5036	chromstera.exe
2916	chromstera.exe
2588	chromstera.exe
1436	chromstera.exe
4664	chromstera.exe
4380	chromstera.exe
4632	chromstera.exe
2272	chromstera.exe
1964	chrmstp.exe
3020	chrmstp.exe
3692	chrmstp.exe
408	chrmstp.exe
1108	chromstera.exe
4412	chromstera.exe
5812	chromstera.exe
5768	chromstera.exe
1256	chromstera.exe
4788	chromstera.exe
5956	chromstera.exe
920	chromstera.exe
5276	chromstera.exe
5300	chromstera.exe
5468	chromstera.exe
5804	chromstera.exe
4016	chromstera.exe
716	chromstera.exe
5276	chromstera.exe
5352	chromstera.exe
4996	chromstera.exe
5372	chromstera.exe

Loads dropped DLL 64 IoCs

pid	Process
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
4580	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
3876	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
3876	MsiExec.exe
2016	chromstera.exe
4988	chromstera.exe
5036	chromstera.exe
2016	chromstera.exe
2916	chromstera.exe
2588	chromstera.exe
1436	chromstera.exe
4664	chromstera.exe
4380	chromstera.exe
4632	chromstera.exe
2272	chromstera.exe
920	MsiExec.exe
920	MsiExec.exe
920	MsiExec.exe
1108	chromstera.exe
4412	chromstera.exe
1108	chromstera.exe
5768	chromstera.exe
5812	chromstera.exe
5812	chromstera.exe
5768	chromstera.exe
1256	chromstera.exe
1256	chromstera.exe
5812	chromstera.exe
5812	chromstera.exe
5812	chromstera.exe
4788	chromstera.exe
4788	chromstera.exe
5956	chromstera.exe
5812	chromstera.exe
5956	chromstera.exe
920	chromstera.exe
920	chromstera.exe
5276	chromstera.exe
5300	chromstera.exe
5276	chromstera.exe
5300	chromstera.exe
5468	chromstera.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\notification_helper.exe\""	setup.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	Setup.exe
File opened (read-only)	\??\Q:	Setup.exe
File opened (read-only)	\??\Y:	Setup.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	Setup.exe
File opened (read-only)	\??\M:	Setup.exe
File opened (read-only)	\??\R:	Setup.exe
File opened (read-only)	\??\V:	Setup.exe
File opened (read-only)	\??\Z:	Setup.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	Setup.exe
File opened (read-only)	\??\N:	Setup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	Setup.exe
File opened (read-only)	\??\E:	Setup.exe
File opened (read-only)	\??\O:	Setup.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	Setup.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	Setup.exe
File opened (read-only)	\??\T:	Setup.exe
File opened (read-only)	\??\W:	Setup.exe
File opened (read-only)	\??\X:	Setup.exe
File opened (read-only)	\??\I:	Setup.exe
File opened (read-only)	\??\H:	Setup.exe
File opened (read-only)	\??\U:	Setup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	Setup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	Setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\hi.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\lt.pak	setup.exe
File created	C:\Program Files (x86)\Chromstera\scrF834.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\Chromstera\scr523D.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\chrome_elf.dll	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\mr.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\sw.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\chrome_proxy.exe	setup.exe
File created	C:\Program Files\Chromstera\Application\SetupMetrics\20230823041402.pma~RFe5a4288.TMP	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\kn.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\ro.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\Chromstera\msi8048.txt	MsiExec.exe
File created	C:\Program Files (x86)\Chromstera\msiA913.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\hr.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\117.0.5903.0.manifest	setup.exe
File created	C:\Program Files (x86)\Chromstera\scr989D.ps1	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\fr.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\vi.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\Chromstera\Application\chrome_proxy.exe	setup.exe
File created	C:\Program Files (x86)\Chromstera\msi9814.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\ar.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\lv.pak	setup.exe
File created	C:\Program Files (x86)\Chromstera\scrA914.ps1	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\am.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files\Chromstera\Application\SetupMetrics\20230823041402.pma	setup.exe
File created	C:\Program Files (x86)\Chromstera\msi523B.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\en-US.pak	setup.exe
File created	C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe	setup.exe
File created	C:\Program Files (x86)\Chromstera\scrAC73.txt	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Chromstera\pss805B.ps1	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\cs.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\sl.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\th.pak	setup.exe
File created	C:\Program Files (x86)\Chromstera\msiF832.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\libEGL.dll	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\fi.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\sr.pak	setup.exe
File created	C:\Program Files\Chromstera\Application\SetupMetrics\6e986d47-cb2e-4e0e-9d3d-c1cad7a7d788.tmp	chrmstp.exe
File created	C:\Program Files (x86)\Chromstera\scr8DAF.txt	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\nacl_irt_x86_64.nexe	setup.exe
File opened for modification	C:\Program Files\Chromstera\Application\SetupMetrics\799d1197-2da4-47c4-823d-a5ac429b1371.tmp	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\pl.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\ur.pak	setup.exe
File created	C:\Program Files\Chromstera\Application\SetupMetrics\915d1584-a174-497b-82fa-7cc694354ba0.tmp	setup.exe
File created	C:\Program Files (x86)\Chromstera\scrA269.txt	MsiExec.exe
File created	C:\Program Files (x86)\Chromstera\scr9816.txt	MsiExec.exe
File created	C:\Program Files (x86)\Chromstera\scr523C.ps1	MsiExec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\es.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\ml.pak	setup.exe
File created	C:\Program Files\Chromstera\Application\chromstera.exe	setup.exe
File created	C:\Program Files (x86)\Chromstera\msiAC61.txt	MsiExec.exe
File created	C:\Program Files (x86)\Chromstera\ChromsteraUpdater.exe	msiexec.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\sv.pak	setup.exe
File created	C:\Program Files\Chromstera\Temp\source4716_1835885865\Chrome-bin\117.0.5903.0\Locales\uk.pak	setup.exe
File opened for modification	C:\Program Files\Chromstera\Application\chromstera.exe	setup.exe
File created	C:\Program Files (x86)\Chromstera\scrA268.ps1	MsiExec.exe

Drops file in Windows directory 39 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI757C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7754.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58722d.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Windows\Installer\MSI9C41.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4DE4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF485.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA6E0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8ACF.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Windows\Installer\MSI97DB.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\manifest.json	chromstera.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\_metadata\verified_contents.json	chromstera.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI753D.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{016CBE19-751A-411F-B015-0C20E077B419}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7734.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI937B.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\sets.json	chromstera.exe
File opened for modification	C:\Windows\Installer\MSI7366.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F45.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\ProF847.tmp	MsiExec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp	chromstera.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\LICENSE	chromstera.exe
File opened for modification	C:\Windows\Installer\MSI7480.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7D7F.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\manifest.fingerprint	chromstera.exe
File created	C:\Windows\Installer\e58722d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI759C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E1B.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 48 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372376489298318"	chromstera.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chromstera.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chromstera.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	powershell.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win32\ = "C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}\AppID = "{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win64\ = "C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\Application\ApplicationCompany = "The Chromstera Authors"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}\LocalService = "ChromsteraElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\ChromsteraHTM	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win64	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\AppUserModelId = "Chromstera"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\Application\ApplicationIcon = "C:\\Program Files\\Chromstera\\Application\\chromstera.exe,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3011986978-2180659500-3669311805-1000\{A195A760-A675-4FED-BD40-1A45D2D975D0}	chromstera.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\DefaultIcon\ = "C:\\Program Files\\Chromstera\\Application\\chromstera.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromsteraHTM\Application	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Program Files\\Chromstera\\Application\\117.0.5903.0\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\Application\AppUserModelId = "Chromstera"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\Application\ApplicationName = "Chromstera"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrmstp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromsteraHTM\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib\ = "{B88C45B9-8825-4629-B83E-77CC67D9CEED}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\ = "Chromstera HTML Document"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromsteraHTM\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromsteraHTM\shell\open	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\ChromsteraHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromsteraHTM\shell\open\command\ = "\"C:\\Program Files\\Chromstera\\Application\\chromstera.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib	setup.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Setup.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
4884	msiexec.exe
4884	msiexec.exe
216	powershell.exe
216	powershell.exe
216	powershell.exe
2292	powershell.exe
2292	powershell.exe
2292	powershell.exe
2292	powershell.exe
2864	powershell.exe
2864	powershell.exe
2864	powershell.exe
2864	powershell.exe
1144	powershell.exe
1144	powershell.exe
1144	powershell.exe
2168	powershell.exe
2168	powershell.exe
2168	powershell.exe
5080	msedge.exe
5080	msedge.exe
3624	msedge.exe
3624	msedge.exe
2192	powershell.exe
2192	powershell.exe
2192	powershell.exe
2016	chromstera.exe
2016	chromstera.exe
5500	chrome.exe
5500	chrome.exe
5600	powershell.exe
5600	powershell.exe
5600	powershell.exe
5600	powershell.exe
5788	powershell.exe
5788	powershell.exe
5788	powershell.exe
5788	powershell.exe
5984	powershell.exe
5984	powershell.exe
5984	powershell.exe
1108	chromstera.exe
1108	chromstera.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1196	chrome.exe
5080	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4884	msiexec.exe
Token: SeCreateTokenPrivilege	228	Setup.exe
Token: SeAssignPrimaryTokenPrivilege	228	Setup.exe
Token: SeLockMemoryPrivilege	228	Setup.exe
Token: SeIncreaseQuotaPrivilege	228	Setup.exe
Token: SeMachineAccountPrivilege	228	Setup.exe
Token: SeTcbPrivilege	228	Setup.exe
Token: SeSecurityPrivilege	228	Setup.exe
Token: SeTakeOwnershipPrivilege	228	Setup.exe
Token: SeLoadDriverPrivilege	228	Setup.exe
Token: SeSystemProfilePrivilege	228	Setup.exe
Token: SeSystemtimePrivilege	228	Setup.exe
Token: SeProfSingleProcessPrivilege	228	Setup.exe
Token: SeIncBasePriorityPrivilege	228	Setup.exe
Token: SeCreatePagefilePrivilege	228	Setup.exe
Token: SeCreatePermanentPrivilege	228	Setup.exe
Token: SeBackupPrivilege	228	Setup.exe
Token: SeRestorePrivilege	228	Setup.exe
Token: SeShutdownPrivilege	228	Setup.exe
Token: SeDebugPrivilege	228	Setup.exe
Token: SeAuditPrivilege	228	Setup.exe
Token: SeSystemEnvironmentPrivilege	228	Setup.exe
Token: SeChangeNotifyPrivilege	228	Setup.exe
Token: SeRemoteShutdownPrivilege	228	Setup.exe
Token: SeUndockPrivilege	228	Setup.exe
Token: SeSyncAgentPrivilege	228	Setup.exe
Token: SeEnableDelegationPrivilege	228	Setup.exe
Token: SeManageVolumePrivilege	228	Setup.exe
Token: SeImpersonatePrivilege	228	Setup.exe
Token: SeCreateGlobalPrivilege	228	Setup.exe
Token: SeCreateTokenPrivilege	228	Setup.exe
Token: SeAssignPrimaryTokenPrivilege	228	Setup.exe
Token: SeLockMemoryPrivilege	228	Setup.exe
Token: SeIncreaseQuotaPrivilege	228	Setup.exe
Token: SeMachineAccountPrivilege	228	Setup.exe
Token: SeTcbPrivilege	228	Setup.exe
Token: SeSecurityPrivilege	228	Setup.exe
Token: SeTakeOwnershipPrivilege	228	Setup.exe
Token: SeLoadDriverPrivilege	228	Setup.exe
Token: SeSystemProfilePrivilege	228	Setup.exe
Token: SeSystemtimePrivilege	228	Setup.exe
Token: SeProfSingleProcessPrivilege	228	Setup.exe
Token: SeIncBasePriorityPrivilege	228	Setup.exe
Token: SeCreatePagefilePrivilege	228	Setup.exe
Token: SeCreatePermanentPrivilege	228	Setup.exe
Token: SeBackupPrivilege	228	Setup.exe
Token: SeRestorePrivilege	228	Setup.exe
Token: SeShutdownPrivilege	228	Setup.exe
Token: SeDebugPrivilege	228	Setup.exe
Token: SeAuditPrivilege	228	Setup.exe
Token: SeSystemEnvironmentPrivilege	228	Setup.exe
Token: SeChangeNotifyPrivilege	228	Setup.exe
Token: SeRemoteShutdownPrivilege	228	Setup.exe
Token: SeUndockPrivilege	228	Setup.exe
Token: SeSyncAgentPrivilege	228	Setup.exe
Token: SeEnableDelegationPrivilege	228	Setup.exe
Token: SeManageVolumePrivilege	228	Setup.exe
Token: SeImpersonatePrivilege	228	Setup.exe
Token: SeCreateGlobalPrivilege	228	Setup.exe
Token: SeCreateTokenPrivilege	228	Setup.exe
Token: SeAssignPrimaryTokenPrivilege	228	Setup.exe
Token: SeLockMemoryPrivilege	228	Setup.exe
Token: SeIncreaseQuotaPrivilege	228	Setup.exe
Token: SeMachineAccountPrivilege	228	Setup.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
228	Setup.exe
228	Setup.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5028	setup.exe
2016	chromstera.exe
3692	chrmstp.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
1108	chromstera.exe
1108	chromstera.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe
1108	chromstera.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 4580	4884	msiexec.exe	89
PID 4884 wrote to memory of 4580	4884	msiexec.exe	89
PID 4884 wrote to memory of 4580	4884	msiexec.exe	89
PID 228 wrote to memory of 4608	228	Setup.exe	92
PID 228 wrote to memory of 4608	228	Setup.exe	92
PID 228 wrote to memory of 4608	228	Setup.exe	92
PID 4884 wrote to memory of 5068	4884	msiexec.exe	100
PID 4884 wrote to memory of 5068	4884	msiexec.exe	100
PID 4884 wrote to memory of 920	4884	msiexec.exe	102
PID 4884 wrote to memory of 920	4884	msiexec.exe	102
PID 4884 wrote to memory of 920	4884	msiexec.exe	102
PID 4884 wrote to memory of 3876	4884	msiexec.exe	103
PID 4884 wrote to memory of 3876	4884	msiexec.exe	103
PID 4884 wrote to memory of 3876	4884	msiexec.exe	103
PID 920 wrote to memory of 216	920	MsiExec.exe	104
PID 920 wrote to memory of 216	920	MsiExec.exe	104
PID 920 wrote to memory of 2292	920	MsiExec.exe	106
PID 920 wrote to memory of 2292	920	MsiExec.exe	106
PID 920 wrote to memory of 2864	920	MsiExec.exe	108
PID 920 wrote to memory of 2864	920	MsiExec.exe	108
PID 920 wrote to memory of 1144	920	MsiExec.exe	110
PID 920 wrote to memory of 1144	920	MsiExec.exe	110
PID 1144 wrote to memory of 1196	1144	powershell.exe	112
PID 1144 wrote to memory of 1196	1144	powershell.exe	112
PID 1196 wrote to memory of 2552	1196	chrome.exe	113
PID 1196 wrote to memory of 2552	1196	chrome.exe	113
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114
PID 1196 wrote to memory of 3548	1196	chrome.exe	114

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:228
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe" /i "C:\Users\Admin\AppData\Roaming\Chromstera Solutions\Chromstera 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera" SECONDSEQUENCE="1" CLIENTPROCESSID="228" CHAINERUIPROCESSID="228Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" AI_DETECTED_INTERNET_CONNECTION="1" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Setup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1692523246 " TARGETDIR="F:\" AI_INSTALL="1" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Modifies system certificate store
  PID:4608

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4BED425AE7FA5154DF6F717B1FE889B4 C
  2⤵
  - Loads dropped DLL
  PID:4580
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5068
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DE3C2D62AAB1B07E99785E0E2061A9D2
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pss805B.ps1" -propFile "C:\Program Files (x86)\Chromstera\msi8048.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scr8049.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scr804A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Blocklisted process makes network request
    - Suspicious behavior: EnumeratesProcesses
    PID:216
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pss8DB1.ps1" -propFile "C:\Program Files (x86)\Chromstera\msi8DAD.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scr8DAE.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scr8DAF.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2292
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pss9818.ps1" -propFile "C:\Program Files (x86)\Chromstera\msi9814.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scr9815.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scr9816.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2864
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pssA917.ps1" -propFile "C:\Program Files (x86)\Chromstera\msiA913.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scrA914.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scrA915.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1144
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window
      4⤵
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1196
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd490b9758,0x7ffd490b9768,0x7ffd490b9778
        5⤵
        
        PID:2552
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:2
        5⤵
        
        PID:3548
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:4412
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:684
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3180 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:3768
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3892 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:756
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4052 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:1308
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:1
        5⤵
        
        PID:2448
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3184 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:8
        5⤵
        
        PID:5008
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2988 --field-trial-handle=1748,i,9268548670911700116,18437389179987140190,131072 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5500
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pss524E.ps1" -propFile "C:\Program Files (x86)\Chromstera\msi523B.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scr523C.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scr523D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4c0446f8,0x7ffd4c044708,0x7ffd4c044718
        5⤵
        
        PID:2808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
        5⤵
        
        PID:3684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 /prefetch:2
        5⤵
        
        PID:2180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3172 /prefetch:8
        5⤵
        
        PID:2396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
        5⤵
        
        PID:3636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3148 /prefetch:8
        5⤵
        
        PID:1976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3812 /prefetch:8
        5⤵
        
        PID:1624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,7542640266706787834,9881795303190661778,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 /prefetch:8
        5⤵
        
        PID:2184
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pss98B0.ps1" -propFile "C:\Program Files (x86)\Chromstera\msi989C.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scr989D.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scr989E.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5600
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pssA27B.ps1" -propFile "C:\Program Files (x86)\Chromstera\msiA267.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scrA268.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scrA269.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5788
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pssAC94.ps1" -propFile "C:\Program Files (x86)\Chromstera\msiAC61.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scrAC62.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scrAC73.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5984
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5C10D50D42E2C2D1DCF5AA13BBE2829D E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:3876
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Chromstera\pssF846.ps1" -propFile "C:\Program Files (x86)\Chromstera\msiF832.txt" -scriptFile "C:\Program Files (x86)\Chromstera\scrF833.ps1" -scriptArgsFile "C:\Program Files (x86)\Chromstera\scrF834.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Blocklisted process makes network request
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    PID:2192
- C:\Users\Admin\AppData\Local\Temp\browser.data
  "C:\Users\Admin\AppData\Local\Temp\\browser.data" --system-level
  2⤵
  - Executes dropped EXE
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\CHROME.PACKED.7Z" --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6e6526940,0x7ff6e6526950,0x7ff6e6526960
      4⤵
      Executes dropped EXE
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Drops file in Windows directory
      Modifies registry class
      Suspicious use of FindShellTrayWindow
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\CR_DD7CA.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6e6526940,0x7ff6e6526950,0x7ff6e6526960
        5⤵
        Executes dropped EXE
        
        PID:2820
  - - C:\Program Files\Chromstera\Application\chromstera.exe
      "C:\Program Files\Chromstera\Application\chromstera.exe" --from-installer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:2016
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromstera\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Chromstera\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromstera\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffd61b237f0,0x7ffd61b23800,0x7ffd61b23810
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4988
      - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromstera\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromstera\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x138,0x13c,0x140,0x114,0x144,0x7ff6399d7630,0x7ff6399d7640,0x7ff6399d7650
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5036
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1984 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2916
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --start-stack-profiler --mojo-platform-channel-handle=2076 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2588
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1436
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4664
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4380
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --extension-process --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3788 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4632
    - - C:\Program Files\Chromstera\Application\chromstera.exe
        
        "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1992,i,8731595033717489448,5218120862841292836,262144 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2272
    - - C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe
        
        "C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1964
      - C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe
        
        "C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff70ebd6940,0x7ff70ebd6950,0x7ff70ebd6960
        6⤵
        Executes dropped EXE
        
        PID:3020
      - C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe
        
        "C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Chromstera\Application\master_preferences" --create-shortcuts=1 --install-level=0
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious use of FindShellTrayWindow
        
        PID:3692
        
        C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe
        
        "C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff70ebd6940,0x7ff70ebd6950,0x7ff70ebd6960
        7⤵
        Executes dropped EXE
        
        PID:408

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Program Files\Chromstera\Application\chromstera.exe
"C:\Program Files\Chromstera\Application\chromstera.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1108
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromstera\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromstera\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromstera --annotation=ver=117.0.5903.0 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd61b237f0,0x7ffd61b23800,0x7ffd61b23810
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4412
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5812
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --network-service-scheduler --start-stack-profiler --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5768
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2596 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1256
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2764 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4788
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3868 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5956
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:920
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4576 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5276
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4684 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5300
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=4604 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5468
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4900 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:5804
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5188 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4172 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5392 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5368 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:5352
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=renderer --disable-nacl --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4508 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Program Files\Chromstera\Application\chromstera.exe
  "C:\Program Files\Chromstera\Application\chromstera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3716 --field-trial-handle=1964,i,1354599135303620058,12499261098488258291,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58722e.rbs

Filesize
210KB

MD5
8be2785bf538be4c427b9fc6d249cace

SHA1
d35863b85cb34a255935219588b86bcd106f66f3

SHA256
9f1b3cc2657eecfed2cabafaf15caff55e1dda33e74f26996d58cbfb6a50d816

SHA512
fbc6ed2b9714821cd69c4d1d67cdc313f09aef2bd96fd8429baade8ce993a6f47890e0b42ca56a8bf189467c61d3552d90b2b4158bcb371d68710e17b0a795ea

Download Submit
C:\Program Files (x86)\Chromstera\pss524E.ps1

Filesize
40KB

MD5
0eb1240197c7b202146f86f2d217a56c

SHA1
19d06da78a5974509fb761b283b8a83fc5936e35

SHA256
8f16f21bf341d7719d2dde8bf68c219c34df44ab7fa77e5854be8ac159c865f7

SHA512
00777ecfbf9e547a9341bbd2001cc5b62004338350be7d592dbfa808c24d9509684c71e98a4db8cf07030d5e8eb027f9d58a790e6cb18383e85adf107c2dbf9a

Download Submit
C:\Program Files (x86)\Chromstera\pss805B.ps1

Filesize
40KB

MD5
0b8ca1a0fb597bc09878399c2739bfec

SHA1
2d10f83b92e57b5e0c1df776c2278185a4012788

SHA256
dca36ee7e0e1d812b420452cd670172e1845be169564401510003e03c2090901

SHA512
18728a6693c1be4b58694be04a55afd865cd4265d9ba85dd7ae596ddfb8d0a4a71a047dcf96215f084a4de0062d386c603c79f6af53569d5a3dd7716ed7fb203

Download Submit
C:\Program Files (x86)\Chromstera\pss8DB1.ps1

Filesize
40KB

MD5
11bcf8001a5fa9e01afcdb3ce83065cd

SHA1
2292922826d1955d57684affca7cc9da89d5f89b

SHA256
5c329b53a179817a794094f9b05507620686dfc93417a45c5c751530e34d5c55

SHA512
5e3f6e7eaba41b254a7ca866e543b9636181396cd3e1b0ffaf487eb4c80d32b81a2f2a44bb51e1b8d709f3969ceba990d713aa580f793424162e8f7dd7b85396

Download Submit
C:\Program Files (x86)\Chromstera\pss9818.ps1

Filesize
40KB

MD5
8a2e1e2bff0480a322fee6d7eca61bd8

SHA1
7aecf9454510d59195ebf2f04e97772058d3cfd8

SHA256
7b124d0919f346d0b783f4e222e87e56e8b88961c261e811791d53e3761b27f2

SHA512
8c08ea9e3d1867f1549a1fd6c0da60a5fc486e55baddde8346b2b325c7e401c867f5729f2fbcabe231b2a6878f21b6e17deb0678a901c5d781ed889af7284c5a

Download Submit
C:\Program Files (x86)\Chromstera\scr8049.ps1

Filesize
34KB

MD5
8f2f8117affa182e95f89fdaa85c84a5

SHA1
57224761cb60e5fe02d9f0c07e289128237832d2

SHA256
12b3b7b67574995661c50ee8392dbaad5737f1cb144b9d459949f631971ec29e

SHA512
fe56036ffe4448f6bb2eaa5c1a40359536917a661e162faeb8988feb0ec3697e149ed05721dd60bf9fd722016725c48e515cb0cb82ec63367f24aed611b23ce5

Download Submit
C:\Program Files (x86)\Chromstera\scr8DAE.ps1

Filesize
34KB

MD5
dc90990f00d1675ad740714babd81ef9

SHA1
b0d20bc4d974f7f52dbc48c39af128bd6dbde41f

SHA256
db76fa2f20bbb034527bce5706f75c63d1bab277aa4ded417cae6f525b10cc45

SHA512
d993a01f5237058cc8607549c2a77ef36f392162f880d8861de3531c7773889e9815cc552413ae6ac86d7b402c905ed0dda5e56ac6db3487516df8107ef88e8a

Download Submit
C:\Program Files (x86)\Chromstera\scr9815.ps1

Filesize
34KB

MD5
64ef47644d36b18e7cbd5682df8b515b

SHA1
10ab6d303b1f7a5f71a3ebe5426d98579a1b9c1b

SHA256
13df9121dd9fc5f703f81d76256a3c83cee862b63912ad498d26ec68b15e9403

SHA512
10166389e287caf0eecd215827004cdb3bb05f857f8212b32337d8c301023ebd3814ef7e32e66c4d00528d997ca548dee7411f327b3370bfe136286273726cb4

Download Submit
C:\Program Files\Chromstera\Application\117.0.5903.0\Installer\setup.exe

Filesize
2.6MB

MD5
6ec935208b9d92e845df94501de319ee

SHA1
c57eb8993385b48540450216a5ec53294690e676

SHA256
0796d9d2ac303acda3aeebb300fddfc926a5a7fa562fb8c6d63047fe8f7ae44b

SHA512
075fe12ce8b4ebc06163d6e256c68da4aa80e86d1c08ad4cb919300cbab2bb08d04f8f886c5e09dab648c423344eb0df7fb879302f346e29297c39c4f709de54

Download Submit
C:\Program Files\Chromstera\Application\SetupMetrics\20230823041402.pma

Filesize
2KB

MD5
1a0cf325b323cd6711c92d3f93e7b82f

SHA1
8a8d3fc4eb26dc2e362355452401bd023e627dd6

SHA256
17d77636ff35a71af4079ddca6fb167e5c860944b171e384abc3ac5868142fd7

SHA512
1a0b89d62378c6716c8a2865cb9c2406a33c6da18d5f6be04ce01eea7976ca09fe39406c07a41e96b105511f9634b86d65ce51ee066336d7e99087d4a6789fe2

Download Submit
C:\Program Files\Chromstera\Application\SetupMetrics\54f110d9-9011-48a3-8543-ba7b5db13b17.tmp

Filesize
488B

MD5
75559bc98a8dd0d2265e376aa0779d9c

SHA1
6f5bc3b03c489df1c1e5a521820cc952501dd629

SHA256
9a3806ffda783797cffa34ddcd2d6aedc5d9b6e229089d9b3b252bba28acfbed

SHA512
72ecabfe5aaacd5beca5c2e5c90c598f45e5b3298d0e1fb7ab0d69d8a262d0cab682a96fc96e522e4e744f6f15c6182b6e597041afccadcebec1fcf52481275e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
1KB

MD5
38c75c332efa6a4ac19694bc703e6313

SHA1
488f5fc1bd04f5b30da51120c6dd606857f3d5ca

SHA256
ac397055e5abfec864ad6ea02f56b11bc23a2632ec26eed34801dfa86d0e26d8

SHA512
215ac4a3e55b7d6d0e88d8201888a0c875b6e0f018bf52e3c6394dfbef2c1acdf51cde762d88bc857f820f1c435716e57c41166434acc1be37d8cbc1fb7b8c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_4E6F055104377B531318FB7FFF3FE1CA

Filesize
1KB

MD5
dedc5f9b7f95f755c25e3b6ba9ed8e7d

SHA1
80d8bc4e1e5ef0bea5f0bb4bb8523f649daf8227

SHA256
3709846a76822147757c86b7352020af9c843bb939c23aee6d94942812e6a12c

SHA512
294b2ec7493e51ec7c4ad66a054a57911e3f11d94b60426258907daf37629c6acc55a45959db16122070ba76f851c071a58716c58ad285a0620182552f225741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
532B

MD5
715bc13eace632ad539ae77d137c87cc

SHA1
beac0719f15a89202a9e7de70648c2466b1d505d

SHA256
ad1fee85f7a9bc9d9c334e5c98c6bf1795e8c4318128bcb466d18a0cf22f7b77

SHA512
8a240f54d6aabbbc366120bec8add3c598cc58e0bbd2f58411a6260045afb930c0949da803b9dc93c37f89e4b7df4006df435d9ef35191e43793210cc9536884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_4E6F055104377B531318FB7FFF3FE1CA

Filesize
544B

MD5
e01b78b05720e4fc3fc122eec0ec61ae

SHA1
fa0881c21cd5c1fd62a285270ad1ff1382f7b9b1

SHA256
1daea45da6651227c3a15f4a3dae0321982aa3e6bf9df5f1084d5d6080e25727

SHA512
ff1659c1b9cb0525680453d223cfbca93c32ba2e67cc0e33ce305b72adfcd0a386f7c198f4c2c2eb0078b7d40c36fc0a27052f0601a28a51e5cacea4aa06c93c

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\4076d7ea-1d2c-4653-88b5-483d2ae818ca.tmp

Filesize
5KB

MD5
0ffe95f0f85ce8bb10ecf1428491520a

SHA1
48977737ac92a87623dc9e0eb1cf5d7d319d5530

SHA256
9a49414de75c036a742d92ee5ebe5d37976b89629c61874fc188db71a4ce9b66

SHA512
3501de18aa703e747a6e24467ca8b210327b41f0c2e283c9ea31f4db1a7d52825e10c33e96ae3932256e14a80cb387b6b9b62ab638cda53fe7cf6752f94787f6

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cb7891efad7e2d008cd143108278880f

SHA1
ce580406f531ba61786f4ebddfc01e4a93b87f13

SHA256
3cfcdf3ea4fbd785576a47783f2e24ea612b5e0d60f02afd4fe15d6b4117c953

SHA512
fc168f128a640e00e0130bbd5a78db9b367a83265147000b14cea20c40e45750a54838a2db408b094483841cfae56295b602e08d13786ab9512bc22f8c61d1ab

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
72da5a822a986a76222afc5c6b4c791a

SHA1
a5ec36922748f584b7a4c46190749937d0a2103d

SHA256
79ee0e6d3e5826b05a2a2f18842a8453ed446d796cdff0b69a6f64683c4146af

SHA512
e17e0fa77a6198156dd15a5682b3d1191de3c5f1825d486fcc1a88facdf841acfbaf3db9b26ca5a9610c752e287a3479ea65efa66424a02ebde1179ea9449749

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Code Cache\webui_js\index-dir\the-real-index

Filesize
600B

MD5
86f4fe625a87cf7648c27625f3e5453b

SHA1
5331b565a2d45e8933a217ac1b12c3206bf0af69

SHA256
6183584e242140ddba0bd432eabf4b6380ea78256a29bc6484ab4b8df2637af7

SHA512
1a131b3bc1c8fcaf5fb14ac5929a45ac2ee372527a70227a2a2683695b2bc38a33724b0e57b1863264615beafc1d95ac4a0244a68fedf31d49954a7a59d1c23f

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9d18fb87977a4e695845c26bf7ab04db

SHA1
8036709eed6b55601f5d17b0da457802eb2c9788

SHA256
f8a4dd7b3ee2da26ca768af9c10a72bf1bbadb2840242f7d7c3bff6132e748d2

SHA512
ea32992022d9a832c9ca8373c908f4e620fa450a0498e1e291887b48136f0dab70a3b4edf980fd0cba60c2e1f6b42d873baf46c85592d220c01f5dd8578f84fe

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
23d759724d7ebfca62760b7cef80d797

SHA1
699aa5f3731de2589deb507b40a80a34f2ba8b64

SHA256
9581ec079aa203b51a476e90163c40f72f8ebbbc6236c73aee040efbce403809

SHA512
d15662723db35ed2d1ff8e159965aa6770d67653b4d3116686b41796ce51bd98b1ad2982461ff95473f98df34da913a9563a00f5c20bd091ac3ff32863706c76

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\Network Persistent State~RFe5d0cf3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35f8cb9196c7c157328251793d436a54

SHA1
6887a23c6fa3383fa3fba0c5f35766cfe49532b1

SHA256
04378dab079f2c5cb4d84979a098e6b9a95a24a03e532da4678683a915ce5094

SHA512
99a440494b7622854e23d509e4c0224ea9cccd03ee35d684f86a2639dec978a0451cd94713a326ea65a33677587b007bad689636f89d3c6bec93c4ecd091dbe6

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5f537ad05a6ef76dbbaa7fffa6404fb

SHA1
bdf07e2e12105c3168826b394afd6013d8733941

SHA256
2202f173afe7f2161f8daf725341d2642dc64aba025555624cb7d26a50de64e9

SHA512
09928ae1decae22fe76e1bf74159adb051ccb4ad4565ca0a266939546914281ac2b6c2e04ef82f20127303aec67deb42e32e65427dc152e95f57804b3d14397f

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Network\TransportSecurity~RFe5cc05a.TMP

Filesize
523B

MD5
02e9731fc9f9ca4d0f5bc3dbdd6c0560

SHA1
ea2a87816202f675984ad212fb6677e804ea64e3

SHA256
a2939022a84df932622451b8ee00d057b1fc5a1724384fc6757a6eb89e676602

SHA512
cf32a4e6c2c5b227a44a54f761f9c434f4f16732df1e39450d07f4ec118a003eb542e45141d8ba8a0e9ae4dc3bd470512874af1ab0074fef0b16993be1e250d9

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
5KB

MD5
8dcfb1484cf65d0c747152bf0f4ec0f7

SHA1
1d9a5c12097143f9dbf6ec8e5d01fa507c4d4a60

SHA256
173e66f93cdc9d464e5ed7bd0b6bd8c296d6b64ae0ffe3768ce1e4b357ef9f35

SHA512
c2ec579dab80df75edee98c3c05c05aac67bc343415a09eafbfaecfc1cf6fae51d17ea4f245098a1e3ba382f2a11e2bead312b952e3ce66a0bfa47fe84f34a4d

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
6KB

MD5
74ec14776b641d23111db89df9ae9caa

SHA1
7ee254ef9e7a92df65b31fe4729c0b619eb85e34

SHA256
16b9486648d21518ddc0e481ab1ac143fa3d57a2085a7e3a902f30b87ffd4d07

SHA512
f53b88265900b76d8389bf1d366de1dd96603de0bed6717d9bb71984180f979763a3c9cb8ef08f6d9c05820f86c16176828dafada336034fb7c35e55ed6deef0

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
4KB

MD5
b45c90f1b4e2c1dc1eeb751c6e9a3e2d

SHA1
592e534c5790d38cfcf380b5bb1d5bc6a01d17fd

SHA256
89c2e8e58e86c5ba1684be70f03ea33673b93f41edd30d2ea0ef8035d6ce7a0e

SHA512
6bfa29af1d37aa208e4dfd0983f863435c44252cfb39d1f9d0761692ba26030b94d81cf5c3c65a1497b4060336fd0743357a96daa0688dddef56dd464660fd5b

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
5KB

MD5
96c7e71c7e5064336b0be2080b08d48b

SHA1
49d0031d5dd3b07916213d5d3767c45052e1604b

SHA256
dc7b8d6d91feb315194da0ee12e487b437ebd9067da66474a3d4a33b7468e686

SHA512
0f2036a166c2ed83d08306dae908e367a715a8504c51fa8ca9d8719d36ea692e62e711027d5de082eb1e5e53972994d8f373f908cc096599d2ed7b4c90f55cb7

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
4KB

MD5
b1f96888a7cd99713024f0fc29cd3f0b

SHA1
2851c8c264ac30ea5a33b990b200d95378da3233

SHA256
a9a3eb7d7717e31b627a17470fab944707fa865ee98766c5793ca54be4fdf6d6

SHA512
91fd60b47309bebcaef6cf08dfb2f9b4e0a93393542dea423307840ef7b4737b7f36819157fe15191baa36982cdf2622ad84e75d2669000fa29599397f38a449

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences

Filesize
4KB

MD5
ae7663994ace8c9de9d8fe079f374677

SHA1
822e744cfa970f4407eab42eb75b4f48f21aa390

SHA256
44f2b5cacaf69bd386a98cd5e7b5bff0c4c45d32e66233007e44345a2ae20c07

SHA512
d2c4e970cadee8392d266f765b0b463189b05fbd62ec709638e622e819651bc62d2e64e28fd7b55e026ef888f4259faf78a12ef465844cc1ebff62d8a9fbddd9

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Preferences~RFe5ae272.TMP

Filesize
4KB

MD5
8aabfc30f3047b29bfc269cfc8b35e96

SHA1
592fbc94cf36b2b855bb62e0fdb6767effde66ca

SHA256
a1845b45744041c15d0477184825bb699a76b76a007102edb40b22be1d3d9b67

SHA512
3e873836b5755337b890b330c04e10bb125d68e017a5e6ed57ab1444c4424ae68be38ce6d8ad85075871610ee754c54ad7bb648daee316985d80a76859c66f5c

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\e02fa0b0-232c-467f-b282-359d08d36653.tmp

Filesize
6KB

MD5
fdb415aa22e47089251347cea6b012b3

SHA1
e4cb26f0824508566e0ae71cbb1e81078a0b761f

SHA256
6eddf1123f6e0daf38b8186c8caf4c5e7d28e7f8695b148b4b03912798bac3e1

SHA512
602b4ba8c2b87ad3229533078f1068032f2c8da611d55e9e938579e34e2c63206b307c5bc93824fdfbd8381fbd32234b99baf7448da3a4688b11836cda246316

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Default\f0686fd8-83c8-4523-937c-80f583a6c0e1.tmp

Filesize
170KB

MD5
66281682b508926c1c49ea10399cba41

SHA1
38834eda6a69e3b2aa46733f8b5eac74b6f2cf0c

SHA256
ca29d4aeb1cda191cb0c5af83594891aaeae0e9639b90927093b8406cd0ae14b

SHA512
c1356d9a2a63d136f6fbb827eeb3441499973f85270af47e8ae91e7537699c826978c8efb06b38dff5ddaa2d7ecbb2c957b1eb82809b6ed47ae511f602f0e537

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Local State

Filesize
2KB

MD5
45501953c795f1c83bfa0be58f5d1d1c

SHA1
99b159abf1a83a7ae017e4440ac4537f7f8d8f44

SHA256
c1d8cad07197ad0965e9ccf50c01e4563729dd94e98dc5730dbee127cb8e4bab

SHA512
35eacac04fdaedbfaa4b69ac333d03ab18f3f0b89a6bd656617c0e925f14923df3184673ff5b5bb53ddc977ddfd027abcdeb741b4cec02678b0e338e0da7a357

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Local State

Filesize
5KB

MD5
458e520d2f3525c5424f5ad22b0c59bf

SHA1
81bd2d3b18069ea03e7990b239a162bb94845344

SHA256
d75e555dd808fd26a5461f9e7d2a71226c08cfe1e007adcda3c918944d5440fd

SHA512
498690c4bb2d698f22fe4c7cb30b7fc21631cae312edf0a6a6f5f3f7359aa09274a85f3221d9460d87affa4efb9d4c3ca6e1cb0e8b180ef4ab3b23504886acb0

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Local State

Filesize
2KB

MD5
a88bafcd0ba63823da947d166367a2fb

SHA1
2d03a824987f7d062ed29855869a169c3f15dd94

SHA256
810e1d7e27ad4e857d599f8ad40dbc0e3b3ae741cb137d2bba3ed3631def99d4

SHA512
94408f2f2f5e2efa9decc299d4f1984d61eaffb37900113cbe64519b39fe5bcd2f1a64a160c67e697e8676bf086caabbb2b1290a9479363203a76dc0cbea301a

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Local State

Filesize
2KB

MD5
f3ebb761455a6cd22d40a54f2e3900e7

SHA1
59f424e9e3439984235b6e04ad178a1e8f5fb1c1

SHA256
70a3e1d807f2e863a7def70cd1d3a24925383bb15c96d303201fe4d3fc05d8a3

SHA512
86e8b8472448cb0ac873c15c9ec2e3432eeb827f7644cb30970cee3b0734672e7d44591127037d7584503db28dfe031f50196825c226ec8ab05e81b181991b1b

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\Local State~RFe5a6ce4.TMP

Filesize
910B

MD5
851e818de4d2bbfad481caa2b67a643c

SHA1
50c52d257b07b03236203bca22aadde222e2badb

SHA256
3f8d2684a6a17ec451aff2a6ac4b9e1f27200cc2e4ab393e29f3a3d2206b6ad4

SHA512
44bd05ca496f9a86155d82734f26fbf9f7020ba574c3711e43cb9c62e030b4e603c241bc9c2ac3534811078ce1206b37b24416a5064dd4b552eda4c15ae3e90b

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Chromstera\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
9dd2591bb2cdcd3fabe2dce83d5deaf0

SHA1
c84d5c042b7a4db9f2f406500be518e5996329d4

SHA256
9808350bc1b7134a0d560e37ac654d66ac8bba537d199f571fbddbc053efa8d2

SHA512
9fcad9d6da272ada3701b1131c6f82212b5db225b44802620242d6a98f564b4ce465a8966251d873e34d4c79bf462748e97a4a32a0d15303d71b9e30164ff2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf2b293014361856e3320128e1854dc6

SHA1
ab9259a5ae64ced8b9b648b6ac12ec14c656c547

SHA256
1170ab4fdd78846c0f7c955f06c7790653ba707b22b0d0ad95c7c1f7c23c5747

SHA512
245f78fe66e4242d948c88dc6d04641c8f7fcecde6d0f4e0b0e67e7f340442d363ed06f5fc004c63eddec5de18f61c264e67f77dd8154004b9a81d278d34b077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afc868b5fb4f9f88e1fbfecd5a8197f8

SHA1
0b8c5bacf50a1eccc8c3f443f0d679a20ad28811

SHA256
79d908bccb0daa20e8814645a59726c769b7d81c5793910003ae065292e59b88

SHA512
fa5ba2d8f526214f39261d0b49bcbe3e0886d4b08fecea4cf28818bdd9ff120ff56016066b483ad890526c154d2ab8b183798e69ff6bae5fdaf54bb72f60aa90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
fc63287246da1725d58b71b8a9cbf098

SHA1
0a1f3e8cdc45516f598936662c6e274891fd7814

SHA256
104ade9d92446c473e775e760037a37537b7a0f105f41e04c728102f366bdcee

SHA512
fa4ce2b36823b7813433f5495f7dfa9dcc84398cbe01b70eac5f5849da6a119f199518ba301e77a5471fd0f412f14d9ec603926ddb604d95744cd567a377ef0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
0b0f38393a3aa7f4c615a0e3844b9db9

SHA1
c15505ac113dfea36d8693d643b674ec2262c130

SHA256
8e6a83a42e34df50d5f8fe5b26b1c41d503a943f31aa54a9a5e2e31c666e972e

SHA512
c2278140e5b80a717feee46b65a34574a1435ff2a0a4678b7298c23de7a2392dc45b385bf5534e9972298e58681255f28bcab5ca357421afe56803afcb06fb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
556084f2c6d459c116a69d6fedcc4105

SHA1
633e89b9a1e77942d822d14de6708430a3944dbc

SHA256
88cc4f40f0eb08ff5c487d6db341b046cc63b22534980aca66a9f8480692f3a8

SHA512
0f6557027b098e45556af93e0be1db9a49c6416dc4afcff2cc2135a8a1ad4f1cf7185541ddbe6c768aefaf2c1a8e52d5282a538d15822d19932f22316edd283e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d83c735-8e31-411d-be0d-bfb4c5ec99a6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5080_2000976805\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
922f18a0212fdb61c6b6289dc379bc72

SHA1
236fbb8efbe2576096ae28cd5863a44b154ec87f

SHA256
ff7b1534db985d23e83c48212a01a2f097d7d0c70f444ccefb82070ff41481f2

SHA512
c3f63bf3ed06f5d55b4fefea92afd1a8220cbb3a1d6a69df82d6954d9ccd25300aac58b77cc6cef92cc59099ed19e1491b613563f83c7295d9481a442db9ec8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
54215e7351f2c1e46579907597bbcc9c

SHA1
34bf6424039ff242daf02cc78cb14953f27f4bbe

SHA256
ff98f76a58fdc286a78e51293db4965e1cd4071e8efa9313b328943318050e1e

SHA512
4cf4ed8ab469673612e647a243ba35bf9998340f275b944397f4e62aa96b9f5828dddc7557e51eae457f414602422811eb2d2a053807d8fce4e8d4ab9429004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a978ed7d05e2b2ee2409c0139f5ad255

SHA1
fae4022d094df8ece2b82680ce68695fad95bcab

SHA256
d4a949e15e3d93883ea78bf085989d0a62df1717f1e986075405a33499b78f6b

SHA512
d8812684b530f5b891e74b56d70210d774037ddcc7ce4813e75fb2a8bb114bdb95958620ef2b9743ec4cb246f30a733cb59c8c74be69eb649a464eb298432f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c5a0ab7fad41efa7eb37aa351c304c6

SHA1
7178f5a963cd3be204264569f51382e669c4b5ff

SHA256
3e9921a58cdc9a35b891a7d856b8580993ea8cf28870b1061c7c265382675356

SHA512
6b41afd61ce84b1530a1bb8da29d4618ddc015a69bba7d612c028afd60ff934e0723e428fe6e29ffbeaad5b561e47c011f9c96a713911064aa68e6bc5f816d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ebb25ceaeb19fdf634ac28ab039fdb3

SHA1
b924b6a52827065d1e98c7e0dce2e821ce9128ef

SHA256
c2c9c428287707ff8b527bd63af7cd3dee3d10eab8f83c72c8d124bfcd020138

SHA512
dff5cf4e4af30482ea01c0747364e21f430666cbb1f32af872cbe961b2c5d0b286cdf9c548a549725249bd003cabea1b09880c9ecb2fe4522179643e42da0773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
27KB

MD5
b500465e4f1318ac7f4daf7507ae8398

SHA1
ab68655be9f1e96b90e24dee14c678372c53f864

SHA256
8e8910ae02fd8498126b18616cec9701d0871a14477fb88553478afc17aea379

SHA512
60ce1232c0c76852b430011aea644959d3370c55da26b606001b4e5a2887c49cd28f504ca153924685782d82d5556ba1b0d4f48ea939ec178fc1e9d9d319d703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
1bf562409ca44903295edfc5bfcb25d6

SHA1
7a69e8035b1ddf9190e735ef52ea32e266bd5ff6

SHA256
5221fe562f08d3f3c9ca44b3b92d88a306d9d20eface2b56ead58f2410d1fc33

SHA512
8bc2a18819773bff5026fb657c20a1956878f9c5304c2541ef9bddf5b10a1d1c2a200e8b799d89b4f5de53587b8b3b26f8a0cd898555d19735282be3b673bdfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
58ce70aa4e6d20f73bb4188e7b18a074

SHA1
a93bb66370fbf35a8499816642c6c43f43853557

SHA256
0783de2b9127b74a3550f33e2694893fe5d455ae1c1e5dfa098f73661f462aa2

SHA512
023c604db965460d557c9693e76a3f92b51a3680346eea2abad3910cfbb16266b9053d2a87926d1d7e559d72697f8bd6588b9f75b6b2c7cdd81aa01214a66623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59ab0b.TMP

Filesize
72B

MD5
9e8d49e3720560c8a11db1854d145637

SHA1
252d5d9bb351ffae616209756a9d54dd59a36fbe

SHA256
e5d3cef98a4a2772a585bb3eb46f422bb360fd556f6ddcae095859b53fc75a63

SHA512
beb585214bfb99ca6bd1871e711aab4e5f86c8e1ffd3ca01ff5cbae720b1e8f5f96487c8c73d0a29831b6eeb7ec14617cc5b83abe5ef8b0dd14bd7103684dab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2dbebb6ac9605106e2adb6ff58fbd0fe

SHA1
8aed9cf05276d17965595671b342f419f37183ce

SHA256
79403258361957bb95598b623480d4f4aee7245eae02c42998ed6008f3e29008

SHA512
c8bdb545eb07b22fc606bf039d137a5732cff11527e6db57c1d2e363ec3db994f5577eb63c9866c50b8e94dfd2043c8e73a3cf9e484542136a6e96b5d4144e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2f31ee63d4b1fc5d779d8485ff6c71a2

SHA1
f328074bda4257ae94eebd92b9fbefe15d956ffe

SHA256
6d9845365fd126dfaf648679bb344b03ab01b0adc6851be83888ee152290ca55

SHA512
a203ca20a1e12d45e3277474422f6fb7ff89481508735b0f872b05e2c483a5f685e0dc412ef338b51f337fb601182253c3a01164ed63efdf90c8db33dd009c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
471ce76847e13cf97cf882a5c41a8363

SHA1
79b11c6bbe9c8af88b4027267e02885061a364af

SHA256
5599f4a86f6ef1e750cf748809de82241ab9f65e1762f402c6b65b6de3bd1b2e

SHA512
c13334b4c6bd8ee0eb910f4f1473f99b882c5f658a33d8be2c7bf7fed7201553fcf56029d5871310a477ab147eb6428fef963fce5bc0722165db40cfb630aa8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\banner.jpg

Filesize
4KB

MD5
d5a55a78cd38f45256807c7851619b7d

SHA1
9d8269120d1d096e9ab0192348f3b8f81f5f73d9

SHA256
be83c8592906fd9651634b0823a2f45abe96aae082674568944c639b5b4a95dc

SHA512
959e7410e3006cfef9d14315e8741e34b6e81c4f9160c5d66f3abd77ce72f55f907ab3a0e500780b5c0e0e017e8639f135cc258976b4ab4b9d1aaed6242ce9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\dialog.jpg

Filesize
12KB

MD5
5f6253cff5a8b031bfb3b161079d0d86

SHA1
7645b13610583fb67247c74cf5af08ff848079e7

SHA256
36d9bab35d1e4b50045bf902f5d42b6f865488c75f6e60fc00a6cd6f69034ab0

SHA512
d1fdc364bedf931512000fbf05e854d5aceccb48abb9ec49e68476a5dc2907267490290d92acbb267ffb7bdba9b7a1c88f1eb77830cf953443f4624995dabdc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_left.bmp

Filesize
92B

MD5
0edd17e9905d463ce23fbae64563c8da

SHA1
2c26d30e1b7a5761f5048d9494349cafe40979d9

SHA256
237e098ed029198e9f7cfe71babd6bf9ff3962ed78a263dc7426ea663e601467

SHA512
fc358ad0f2e482ad51af201f2883259dfcf0d577db1be8cff2b9048f22827278cf0cb8a3f76475222d86be7e945ce9b34aa9b86fc625c908ffaea0ad6b1ea2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_left_inactive.bmp

Filesize
92B

MD5
1b38ef93df0c5d4c6c2a10ca0115a28d

SHA1
17fa1779a66696f9ee1406da73133745eb4429dd

SHA256
4292ea3565b63946777d999352a1986e8f5950f1e8e51f030443f05dbdbde57d

SHA512
1b0b3c6fe0f359ae383d3d5b069341a900aff610e91d7752d4290fafe11ac73dff3ca349deb6599a6d358add4c769ae6cb05c2b751dbbce738bae4082167e8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_mid.bmp

Filesize
68B

MD5
445b2b911b105ced9b1a3a5caaa594dd

SHA1
c326010a040a6d19837360907745a7a05982254f

SHA256
ecfc46e3ba63cc8d7de04134a271b171d9efd714e4ce9611115836a5b4518e63

SHA512
1ded63a90006bd2bfddb1de399d0cb483e52a94113e43b3099b6bf3dc7a9a0c7ae74249ebaa600d0d184615661f2ff557b62ed65f073bfaefc4f84e0cb420360

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_mid_inactive.bmp

Filesize
68B

MD5
7610648b8e31404e1621a7a5b510b86d

SHA1
d51d517a8472bfe40c469afa8869385d5a0e9783

SHA256
48837b62a6a6bc71359ff74bbe8a672d6b23cc30344c12e006698f069890a2b3

SHA512
24b03969fd28de9919d86609bec03e6ed732ed78b8e0de3f2fe5253180817d1471e3ed004abb5ecd91885b6281cef1b8e508e38e6f76fdcfb88a29e308ac78dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_right.bmp

Filesize
92B

MD5
c288357164d52b2cfd695c792074323b

SHA1
c8b7b1ddb78c929ad56d8bbd57ff5449afa04be3

SHA256
709d6fdbe00694f7dc115e923188f62cdc72d39e739280a1aff072d1a49d2674

SHA512
8d07e5c163c9e4b0d04a861e00be1f578d7a77c2f3eba80deb3895b2b354d4015ff1905a2dfcdccc1b8ec839359dcc302e09f753623aa7f0df212540ce8a56b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_bottom_right_inactive.bmp

Filesize
92B

MD5
2c84c848bbcd7bd57579d3431e8a363a

SHA1
5dc73f68798e73318d03979810bc00a4e94956d9

SHA256
f212b152d4647edcd36d2218713296afbf9ac5e86965c309df8f245fb89a06e3

SHA512
5af2bff30850458ef08340fe4ef9ae9e78d5ae1124c3a9dd365b6dd0e97a30ba079e466ec7f127485f5a89be7350d27371fee665b9d6214cd94532ed346effa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_caption.bmp

Filesize
144B

MD5
a8a4420fbe5dbe8fff5a4457fbdc0923

SHA1
4475046bf4a5b7af62099521d2a28df47eb14fc8

SHA256
4e504366b5a0b48020ee2e29beb17092010cedb50caa9a901bd6b2e921803582

SHA512
dac1a4fce6a95b965259eb7b92fa73bf532f3f2af929d5930538e16a2bab40d58384ea924ce63dac9235cb6e5585171a21b835ec2b2e359091bb2c7861263bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_caption_inactive.bmp

Filesize
144B

MD5
3d8494dd57ae17b57726e6530fc60237

SHA1
09b19ee5fc72b2a07452ed242983c464e2ed5eb0

SHA256
196bf30cc41139ccaecb41584fcdc4a61842c246f81a3c7c4a6ba2a5bea4038c

SHA512
3e02e2c06c922ff58c7a6bb9e6b320e7e9a1dc70cd283986657b02ececf41219454a1d64b5fc02733744f1a2d31b507691b6854e362639ff943ad5e719238343

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_left.bmp

Filesize
68B

MD5
78e5adef0e9078c2a76ddea85c1c4dc4

SHA1
8da1ed8372eea6f5ce10154a52b5bd9bcbf1cc18

SHA256
84cf7696e5b73513bcf78b1611de3fac76e9f99cf9112dd9ea963850441b62fe

SHA512
a1f6ee057ad820ee4fe4bb9b9c7703da8bb9e47109ee384e828e6cb16cab7fc9a258e39d413ffdf40ca51e2275737f0b68acd32cf7c6577ee9d7740069a3da07

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_left_inactive.bmp

Filesize
68B

MD5
39cbd0b2cf89509c50ee74963f89f70d

SHA1
777755cb3e7eac9f8377552820dec7bf9d48fbfb

SHA256
a46d900fb1d3ba41e6f608587f4a4a414314f48a56cdca10716491415d38a07f

SHA512
8d4486150f12cf144d242735c9940c296deafffa4fd92029909f7b402c4f26f7b3e8ae9f2dfa5518edf5c8bfb6b622b6cbe3cd6ef39c4ec40eb601f3c51b310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_right.bmp

Filesize
68B

MD5
2e805b0982cda361e322e201df8cceff

SHA1
a199d51aac3ac44c62b7cf9afae22eea7932c63b

SHA256
c3f2a56930697c4db1ea99bad9f20d7b750f5795181a63eb608c57b7643edd22

SHA512
dade5a2dec58631d4f88129012ae941465397fb498ea52010b2c3abd1e7130d73d47c78bbea0a600b868bd655c2e2b1a141d683b20c7c01099f8e8f116659785

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_right_inactive.bmp

Filesize
68B

MD5
171e23cd227d985b89098c5cc632c144

SHA1
2349eca4f92e1d4dcc2d47bc3d166a7081a5485b

SHA256
c9d87fc1e021caf801e31e1359d3a13e1da0c484e3a21ea173d352f924e1a924

SHA512
d9ae5802b331b6b8f38e129bd1e4e07270b7469df2ddd627ef0d6dc7f1cf33f87c334de00ba35c3033108876291c67aefbf7b34b9434faa42c79a2aae6b4f036

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_left.bmp

Filesize
556B

MD5
d4757da90bf3a96d5ca1b7d8fedf0a1f

SHA1
c4be7503191c6926ad33853b05cc43ad87a6b1e8

SHA256
0e8b86d175526133e239a0a4dc6308c6b529d9b2db2e469ce5098a39f3432168

SHA512
b0fa9ac1b48e4c2d9e4289a65a4f8d46edeaaa5d43309089d67778ce72c72f2e352a792b10c24146c75e604f83158e5b0e665fc70df9886dfd4128f4b1fb2471

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_left_inactive.bmp

Filesize
556B

MD5
df94017171d579959895edc072d39120

SHA1
0c0facceafac06c603f125cc170973851796d961

SHA256
706d0ec93ab304f05f6d3b8b9da613ca404943e9dbff9061984b5417f15711f8

SHA512
2576993c63b702ee9c6428a7d2698f94d6b7afb5277b60a0f51979ab7494651ea68ed46c0448a6f7d6954455aec9dcf17755cf20e666a7267197adfd4d162a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_mid.bmp

Filesize
68B

MD5
440363d27344241cf3574cdc43cca3d5

SHA1
cdeb4f94ae64c5bbe4740c3773e9ea8c8502cac2

SHA256
358fe1e6b51dd850c2463506d20d341b6ac09194ce0844734cd5386a4d82692b

SHA512
4f7edee0f1e294995785f792ed03b74991c8cf8a750e996477fc8590e0645187fe9201bc4847cb4fcb790bdaff0ba29c4fdc7f7a088180514583eb3fda29c58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_mid_inactive.bmp

Filesize
68B

MD5
fc284f137a181d626cbfb9b980265a14

SHA1
af1dc42b8706f65e80b5aa021da38e7c48bf5ac5

SHA256
ebf14004abb9171efb791d5ed78d6f028f09775ec047bfe2bd9a3ad4dc431a0c

SHA512
aab8700806a42877b1b09379a606d49426cd0fa62c0856cc64bccfec6ed1e67130a908fb8d4feba6c6d1b8d530a5acb380fad9d6ed1a170103d3a90a35a788fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_right.bmp

Filesize
556B

MD5
50656c6f33cb1490eee92cfcf2f4fa80

SHA1
ca5a3fe9b1f6130e6452cedf5d3734781f6e150b

SHA256
ef8fc7a18af77fed42bf20fd640543b0cfaf312a4c9dfc0c2f35ce1af9ae58e9

SHA512
b8e2e2945fcb5699e063bfdad3fc6ae72be96bf342883dc60b8ac81c4143888aa23ccf237b935f56b5f586afe4772eda39b443e0797385ed358638cb7052eec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\frame_top_right_inactive.bmp

Filesize
556B

MD5
4178d84d2cd986063d2a7c91c57295d2

SHA1
fc5ea9402cd9c325716a2b79d070ac3e756c9f2f

SHA256
5365b988c102e46f73418ec36e0de5b1749c2080c3d2da660c507a9c505f333e

SHA512
aca1ca7e16049adf1b26dc8d26e99461069fd133587e748012347e66eef9bdb90fda0d197c86334667cc04b0289cfbe8fe8727eabf3bde9827a1066a71133a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\sys_min_down.bmp

Filesize
1KB

MD5
ba8de1a4fb2e3ca280cd7a3f72d28bcd

SHA1
4bcb1fbe1390eb0101df72725b34e364ec0cc551

SHA256
a3f47f44ad19a5e5b42204da311a883025f4f7d951bbd427edb3a20d759fc5e8

SHA512
dfc97335a12e1b33209e2dac7f222dbea7f71b93bcd6e4689dd409cbab6096c78210527f1abe0c3bb00bbe5cb38b3691b9355aa04d92975c3348b2096c141407

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\sys_min_hot.bmp

Filesize
1KB

MD5
02f22afae35430f2092e77bf1ca577b0

SHA1
91f97b9e65a972da62fa1f1254b6d1ef1f0e80b8

SHA256
d36ecf7b57c82496e41f7f5f36fcf21be7f0c061b999c5662f18530909ab6542

SHA512
fae0d6e818c987ef1c7829301b39da098e4766b4a33bac04a7b4d42e68a3b6df3d3a6b4c3e29d31bc0cb48b541c8316d4ecc3216f6c2aa7827e2df5aa1a57786

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\sys_min_inactive.bmp

Filesize
1KB

MD5
216e32733b99d128ba7b1de8748a5d12

SHA1
2b857cb52ce605e9b8470683468bf331a86a042d

SHA256
f856a6e498ef981476b85590200b3cba06b04c80329b434c1a3f89ba7c7240a3

SHA512
3ce39384e4e0138fcf1048819543ba6c6353ae32b597d64c06024f7bf63901d69d23ecf07fd6f754c56e5115a4dcabdb680bd98df86db5d8c729552f80be9d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_228\sys_min_normal.bmp

Filesize
1KB

MD5
eeda62be091f6ef68d9ba7d76c9cfd84

SHA1
822372b556a550dd93f931b1d115c888d611fd20

SHA256
3c746ad942bdd0a9b95414f80cd0e20c32251601a9d579bbdfdab6c9ad7414f8

SHA512
ee394717a1191ed3556ff9359d35861a475a96a14e4026f304d42156e357ec564522333ea745e90bfdcd2ee1a85a01316999ef9b601bdac47b6ed7015f0c8e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE214.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE214.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE447.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE447.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE477.tmp

Filesize
1.1MB

MD5
c519803f83155ae74401c90f1f6ad5b1

SHA1
5d7df65f700d0303b924b08f576921ca60479374

SHA256
14c4decb2bf71c253aecb0c36a768a1cf202f93c1769265c2819d9ff4bc2b349

SHA512
879251e3a07316869f92e1e0f945399bd1c5b451b014c88299076faa34b7745f5191db20016ea860ec5fd4756cf99db9a94dd87c6d710dd609acc19d88736190

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE477.tmp

Filesize
1.1MB

MD5
c519803f83155ae74401c90f1f6ad5b1

SHA1
5d7df65f700d0303b924b08f576921ca60479374

SHA256
14c4decb2bf71c253aecb0c36a768a1cf202f93c1769265c2819d9ff4bc2b349

SHA512
879251e3a07316869f92e1e0f945399bd1c5b451b014c88299076faa34b7745f5191db20016ea860ec5fd4756cf99db9a94dd87c6d710dd609acc19d88736190

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE5E0.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE5E0.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE5E0.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE61F.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE61F.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE620.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE620.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE631.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE631.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE651.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE651.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE662.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE662.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE97F.tmp

Filesize
1.1MB

MD5
c519803f83155ae74401c90f1f6ad5b1

SHA1
5d7df65f700d0303b924b08f576921ca60479374

SHA256
14c4decb2bf71c253aecb0c36a768a1cf202f93c1769265c2819d9ff4bc2b349

SHA512
879251e3a07316869f92e1e0f945399bd1c5b451b014c88299076faa34b7745f5191db20016ea860ec5fd4756cf99db9a94dd87c6d710dd609acc19d88736190

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE97F.tmp

Filesize
1.1MB

MD5
c519803f83155ae74401c90f1f6ad5b1

SHA1
5d7df65f700d0303b924b08f576921ca60479374

SHA256
14c4decb2bf71c253aecb0c36a768a1cf202f93c1769265c2819d9ff4bc2b349

SHA512
879251e3a07316869f92e1e0f945399bd1c5b451b014c88299076faa34b7745f5191db20016ea860ec5fd4756cf99db9a94dd87c6d710dd609acc19d88736190

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA7A.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA7A.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEABA.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEABA.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEB96.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEB96.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_prkytqrl.qdt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1196_141091272\apps.crx

Filesize
11KB

MD5
56515179422a9bafdab7c4757ebfb9d9

SHA1
686e9dbe31fdad5305f0afbaf5ceec9f292d33f9

SHA256
f389a0a5a3856e980b6d479b0409eb28612a25f8f742e9a64599582ea5df5f6b

SHA512
6c5ae56dc57ec547d01d3aefdff50ccd8b943c62af4af0b74fe811dd30e7583bd492b1095e6e66c72c9a608ff0dde1c7da4b1a2093f22bddc40407166cc5a902

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\constants.js

Filesize
429B

MD5
220ca809c03c47b9b3d6a9b18170b1b0

SHA1
efdcd7e176cd483bdf26103c965489de8a98c354

SHA256
2dadfcdc686d90e38c160901549a09ca472ab0bb3d34b5f26af0bc34c4f8234b

SHA512
f692277a9d2e06d8065ab7e4b5d38ce010720faa9e27530531f9e618f38fe188b1ab2aa2e43a4b796c6c6117e66888de03c52b14bb3d77dcbf65f2b21904e910

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\frontend.js

Filesize
686B

MD5
e860f2a011729aeb1ef57ba1d8751230

SHA1
10f94757530e7d2598ffa03ef4da9eca51f638e3

SHA256
0a6c31b1f52978b5dc627cbb3189a89b4d452d16a257a9f1c816b086ad3921a6

SHA512
03f4e65f1f8abbea49148c40fd271a9e26d54214c17eb768db765fbdff2abf81d69838c8441e869b78771e7c4b459d708154d776719a90eebcd8295c2e6f8564

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\functions.js

Filesize
931B

MD5
044d498a4954ecffc122b0bcfacba5d3

SHA1
4cfb79ee895070e87b7cb144386a897146d50a8b

SHA256
d65af7c37a31b42d226788e0035ccc9ec8e861fc72072bfe40b64912b9a55bf2

SHA512
646f8b33243a2859ace0f40a1214cb24e55d2721c7634bba972908a7936d6c1130c03c592f2b075c8ebca5ea871f09fa90a22516e7f32f15d10dcc76fe790d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\helpers.js

Filesize
5KB

MD5
31ecaa1979fc1ae717f72603884f8265

SHA1
6d86ad38b7d2891f9ee8cf6672b2c52b8bd32d90

SHA256
3c34e5bb434f35313f1a4c2f4c9a8260572c0168de7ae7a1a536ff9ba4bed42c

SHA512
8ead06207f77acf713b59db81cd23f5689b252b643360b0df7ca02594f37b3473a7617aba73452b375128758d48a689db0f7af5c096d86b371bd98ac6ece7367

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\img\icon.png

Filesize
4KB

MD5
56ec49b699de9c5d2155f8d46d5a1d8d

SHA1
915949dcc4dfc76d53b2c177123f448f3f4bd833

SHA256
c20bbb80ac4da9c8ff50912ed2e23338f640036189733430ac90d473ce72f3bc

SHA512
0e92544ecd9ef1fbdcd72bb0acfa1d69088e08c5fa442d73697874282bcddfe4bc898e0dd24c66aca52250a7d8edb0f651f676dc8cbbb5acfe42cbb6d579c183

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\manifest.json

Filesize
708B

MD5
b6647b0e4cc087bb395ddc62cbf4486c

SHA1
58459a7c9da40ad55481198f89764a8843010bd0

SHA256
4e576e031e1ebac321ea00e6ac4a6d7d69b270cb5662b2fcbac5fbc1e798ee7e

SHA512
e65ebc22417a665f7ed224df19959b064a831d1315f92c99d3540cdfffceb9bac9d1cbc5b29768c07c57161e21554005eb3284a82708e88a1909ce457e5e0ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\service.js

Filesize
4KB

MD5
1cab361b4a0533abe9942163579fd84a

SHA1
535658c272e524fac7aeb10458ce3d1505d0dcc1

SHA256
f7977ce0ed65faf65e51a4e922244290c7aa6ad31e280988e73977a2e857d859

SHA512
85cdef4919f3b653e4c3894aed9892b5d7dae432e83509c0ebebc955da18e036dfb3cb1b899fc050578cdf4fc300173a5abe6b3ec4a91a67e7663e1a34935ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5080_1923898684\CRX_INSTALL\web.js

Filesize
3KB

MD5
96a3ab560ba904e6b15b7c8f2fddc018

SHA1
017e8dfb6abbc24696aec75ef5860afe8eb36547

SHA256
0f37e3b46ec9fa4831b8d038a91f2f89081eb8478ebd9c60aed50c88c4bbf305

SHA512
f6a4a8a8df2e190cda2719339c5296083d8904db8710a811e1cb1b3cb689c37076b84ac162c6c0cc6d6554c11e38819c2aa17e92b4116556b57d856dee3966d8

Download Submit
C:\Users\Admin\AppData\Roaming\Chromstera Solutions\Chromstera 1.0.0.0\install\Chromnius-Main.msi

Filesize
4.1MB

MD5
e3a64f8d5f2c382419f34c18b15ba130

SHA1
eae311d70e5ed90fb6ff70de82912c01546aa75d

SHA256
546604b796b712b21fa6f21afc7afb191fbe9935c53e6122480556bbc21f0949

SHA512
d7bed842e8d69d524ddbbedcaa976ba893e5d1f8b1926c9de4bfef4477e977231c5225497d71b6f1f6d30fe681baf0d590ec1a12e2b2834aee65cb02432261e7

Download Submit
C:\Users\Admin\AppData\Roaming\Chromstera Solutions\Chromstera 1.0.0.0\install\Chromnius-Main.msi

Filesize
4.1MB

MD5
e3a64f8d5f2c382419f34c18b15ba130

SHA1
eae311d70e5ed90fb6ff70de82912c01546aa75d

SHA256
546604b796b712b21fa6f21afc7afb191fbe9935c53e6122480556bbc21f0949

SHA512
d7bed842e8d69d524ddbbedcaa976ba893e5d1f8b1926c9de4bfef4477e977231c5225497d71b6f1f6d30fe681baf0d590ec1a12e2b2834aee65cb02432261e7

Download Submit
C:\Users\Admin\AppData\Roaming\Chromstera Solutions\Chromstera 1.0.0.0\install\Chromnius-Main1.cab

Filesize
536KB

MD5
b4fb8b182c54ce9ed3b6e386879d2559

SHA1
0a2ed28f3f920576321aa90ab2b83b263a003dd2

SHA256
ec48f99aaac5cfb0e239b2310cccc499695b2aef3dbb9c32815a7531d57c4624

SHA512
aab173c81df4e3f77dbd5b67daaeecc1125ff0159550e071ac39cbfa385c05ff480e44847f6a3d6fc08ad4bf60d16ecb352379e2ef2ebf43989e63e65ba872eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromstera.lnk

Filesize
2KB

MD5
d13f5c8f91b152e41c807eda37910b97

SHA1
ebd8e5f17b1df0a30c5af3226241c0d98d030a29

SHA256
5ebfc227f0670f70fd0e100152379db176ab65509d5bff8a70414b9e8fe48333

SHA512
b482a86cf81973f18f54e61c18644d5d0c362cb6aaddc8a8f2314958b00a5672cb2a9985885e085ef1b2ab9cf138eba455be998e49a158c5115b1806a2c475af

Download Submit
C:\Windows\Installer\MSI7366.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI7366.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI7480.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI7480.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI753D.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI753D.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI757C.tmp

Filesize
736KB

MD5
8f517d6c505b7f9ec21cd40db49227d9

SHA1
e7c7e0ed1d8b2f09ff187c516f22747cd3ed49f8

SHA256
a908cd8fc097381f5a49a9fe1e1d3f81873d4004732a655ebf2afa93bdf126cf

SHA512
dcd087f3ecf30a348a8d99962d5b69a1a78627218c775e03a41233622f433b2c12fa3138084b84e89ac8a681601a5333e379bb3701fe7321c36efb2e20e5f26f

Download Submit
C:\Windows\Installer\MSI757C.tmp

Filesize
736KB

MD5
8f517d6c505b7f9ec21cd40db49227d9

SHA1
e7c7e0ed1d8b2f09ff187c516f22747cd3ed49f8

SHA256
a908cd8fc097381f5a49a9fe1e1d3f81873d4004732a655ebf2afa93bdf126cf

SHA512
dcd087f3ecf30a348a8d99962d5b69a1a78627218c775e03a41233622f433b2c12fa3138084b84e89ac8a681601a5333e379bb3701fe7321c36efb2e20e5f26f

Download Submit
C:\Windows\Installer\MSI759C.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI759C.tmp

Filesize
588KB

MD5
fe647318c4cc7f18012bdf5f8f96c468

SHA1
82e516c4247ca5eac3365bf80120d8a1f30e3042

SHA256
aec9f4cb37604c67c69fc0fee1dc630db016e1471212006ed787dd9432158e69

SHA512
2ab40a563fa4afe48ba74067653a244bdd53f9c04cd3764f29c5f80349f68b2126c6442e0a75ffb3c207f8c9267d4fae7b407ca7d1d5e31d729b84b0edea817c

Download Submit
C:\Windows\Installer\MSI7754.tmp

Filesize
206KB

MD5
6ce8f1d957a3545827aba750e2087548

SHA1
4ef30873a3a4cd2138320a3aecf9c0235f2993a9

SHA256
6de3b9b00849ab2398b36446b16e7a435cdbf8610b31ffd36e381636dc33e3a8

SHA512
030e400a759b4f4b972d92bfca8771a90bd87de8c93b8bad99b814563d52cc97703a0c21dfaa4d022d2111ccd77f9144d028f2016c66f3429e59589a8b390db9

Download Submit
C:\Windows\Installer\MSI7754.tmp

Filesize
206KB

MD5
6ce8f1d957a3545827aba750e2087548

SHA1
4ef30873a3a4cd2138320a3aecf9c0235f2993a9

SHA256
6de3b9b00849ab2398b36446b16e7a435cdbf8610b31ffd36e381636dc33e3a8

SHA512
030e400a759b4f4b972d92bfca8771a90bd87de8c93b8bad99b814563d52cc97703a0c21dfaa4d022d2111ccd77f9144d028f2016c66f3429e59589a8b390db9

Download Submit
C:\Windows\Installer\MSI7D7F.tmp

Filesize
206KB

MD5
6ce8f1d957a3545827aba750e2087548

SHA1
4ef30873a3a4cd2138320a3aecf9c0235f2993a9

SHA256
6de3b9b00849ab2398b36446b16e7a435cdbf8610b31ffd36e381636dc33e3a8

SHA512
030e400a759b4f4b972d92bfca8771a90bd87de8c93b8bad99b814563d52cc97703a0c21dfaa4d022d2111ccd77f9144d028f2016c66f3429e59589a8b390db9

Download Submit
C:\Windows\Installer\MSI7D7F.tmp

Filesize
206KB

MD5
6ce8f1d957a3545827aba750e2087548

SHA1
4ef30873a3a4cd2138320a3aecf9c0235f2993a9

SHA256
6de3b9b00849ab2398b36446b16e7a435cdbf8610b31ffd36e381636dc33e3a8

SHA512
030e400a759b4f4b972d92bfca8771a90bd87de8c93b8bad99b814563d52cc97703a0c21dfaa4d022d2111ccd77f9144d028f2016c66f3429e59589a8b390db9

Download Submit
C:\Windows\Installer\MSI7D7F.tmp

Filesize
206KB

MD5
6ce8f1d957a3545827aba750e2087548

SHA1
4ef30873a3a4cd2138320a3aecf9c0235f2993a9

SHA256
6de3b9b00849ab2398b36446b16e7a435cdbf8610b31ffd36e381636dc33e3a8

SHA512
030e400a759b4f4b972d92bfca8771a90bd87de8c93b8bad99b814563d52cc97703a0c21dfaa4d022d2111ccd77f9144d028f2016c66f3429e59589a8b390db9

Download Submit
C:\Windows\Installer\MSI7F45.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI7F45.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI8ACF.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI8ACF.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI937B.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI937B.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI937B.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\Installer\MSI9E1B.tmp

Filesize
649KB

MD5
f2dd0d7ebab0352e434fa65386425f33

SHA1
a6d808538d1a0d7984b4ae3dcd16aea185702e50

SHA256
1c65e72519b605e0a322dd32625782978a5bc74cec81f73638a215ca5b9d0f9d

SHA512
76d1f0125835c13b5e0ce52e9aab450713cb45a82544215e1ee17b094fd5d16b066544e032e96f94f727427f055f691655d6dbbb5e4a8c54af774a2b97f524c0

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
a83e474a96c500e9516bd21566aea42e

SHA1
6cbb97c1711488c8454e476d213a927637a5275a

SHA256
067042bfa9ab96032c069a957fab739b653193e480a823a9b1647c36e20c8269

SHA512
64943704feb18b28cbd9db4c6fd20f7ec90bc4c5c8727c957ab8e12414a74435691279929da90f4085d4c728fda0f0ca5ae368ad42019917de583fb3a6e1be9b

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1108_664858796\manifest.json

Filesize
84B

MD5
ae3dbcbceb2d47b867c80a2e22ceffc9

SHA1
408b47d39abc8d3f06eed1ac6ded552eb8763f5b

SHA256
7b7b06b4e52adcb88e0755bd532490f155371fc4268ef67b6ce97f538765b9b4

SHA512
ec0f41176f34f4aa34129331ff7782da70f04ba439bbcb96cb4a1e613b4b9f0191520f42b47dc68540675169975029d72fc241a7b85c9bec7658b3e02331f7e3

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
9178458ff208e459720967fabdbdccbb

SHA1
64cb6293b503e6ad52f035b455509821075a822a

SHA256
55d0ececbce6af0658bde17814de93da2a727d3e22aee57249d3a2a0231466a5

SHA512
d50baaa027c9b476f9eeec4cf6c34d1fc643f54ffa95632c3fa8b1299e71e88eb765b07b1b877c530641152ec9809a266407f339b2e8a3789bdb6026b93f8437

Download Submit
\??\Volume{1f21c27e-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f2790ec2-ccd1-4e0d-85f1-55c649ce784e}_OnDiskSnapshotProp

Filesize
5KB

MD5
f7fe6a8185a7fabe241defb1b09f0f04

SHA1
5764acb4efbb0a2df94eb2d2f19b71be01dbfe3d

SHA256
42d228493b88cd1a10df732ae63408a055b5abcf0243a79f04dad8e120dfce07

SHA512
2d6ac61f0bd6a850d6a01d830c72c69a363b15e14c2d909156562d2cb52623fda0e79fc23d100988eb276f952abbede7c079fe9f7e91891c485a52efd5c1ac21

Download Submit
memory/216-449-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/216-442-0x0000027AAAF50000-0x0000027AAAF60000-memory.dmp

Filesize
64KB

Download
memory/216-441-0x0000027AAAF50000-0x0000027AAAF60000-memory.dmp

Filesize
64KB

Download
memory/216-440-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/216-434-0x0000027AAAE80000-0x0000027AAAEA2000-memory.dmp

Filesize
136KB

Download
memory/216-443-0x0000027AAAF50000-0x0000027AAAF60000-memory.dmp

Filesize
64KB

Download
memory/1144-583-0x0000019963990000-0x00000199639A0000-memory.dmp

Filesize
64KB

Download
memory/1144-617-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/1144-580-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/1144-527-0x0000019963990000-0x00000199639A0000-memory.dmp

Filesize
64KB

Download
memory/1144-526-0x0000019963990000-0x00000199639A0000-memory.dmp

Filesize
64KB

Download
memory/1144-525-0x0000019963990000-0x00000199639A0000-memory.dmp

Filesize
64KB

Download
memory/1144-524-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/1256-1356-0x00007FFD6F560000-0x00007FFD6F561000-memory.dmp

Filesize
4KB

Download
memory/1256-1357-0x00007FFD6F810000-0x00007FFD6F811000-memory.dmp

Filesize
4KB

Download
memory/2168-764-0x000001B6261E0000-0x000001B6261F0000-memory.dmp

Filesize
64KB

Download
memory/2168-763-0x000001B6261E0000-0x000001B6261F0000-memory.dmp

Filesize
64KB

Download
memory/2168-646-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2168-647-0x000001B6261E0000-0x000001B6261F0000-memory.dmp

Filesize
64KB

Download
memory/2168-648-0x000001B6261E0000-0x000001B6261F0000-memory.dmp

Filesize
64KB

Download
memory/2168-649-0x000001B6261E0000-0x000001B6261F0000-memory.dmp

Filesize
64KB

Download
memory/2168-841-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2168-759-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2192-865-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2192-859-0x0000017B1C570000-0x0000017B1C580000-memory.dmp

Filesize
64KB

Download
memory/2192-858-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2292-471-0x0000022AC15D0000-0x0000022AC15E0000-memory.dmp

Filesize
64KB

Download
memory/2292-469-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2292-476-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2864-500-0x000001C2F7690000-0x000001C2F76A0000-memory.dmp

Filesize
64KB

Download
memory/2864-506-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2864-496-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/2864-497-0x000001C2F7690000-0x000001C2F76A0000-memory.dmp

Filesize
64KB

Download
memory/2864-499-0x000001C2F7690000-0x000001C2F76A0000-memory.dmp

Filesize
64KB

Download
memory/5276-1580-0x00007FFD6F630000-0x00007FFD6F631000-memory.dmp

Filesize
4KB

Download
memory/5600-1084-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/5600-1085-0x0000026A79D60000-0x0000026A79D70000-memory.dmp

Filesize
64KB

Download
memory/5600-1087-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/5788-1102-0x000001BEF0940000-0x000001BEF0950000-memory.dmp

Filesize
64KB

Download
memory/5788-1101-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/5788-1104-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/5984-1125-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download
memory/5984-1119-0x0000016DBFD10000-0x0000016DBFD20000-memory.dmp

Filesize
64KB

Download
memory/5984-1118-0x00007FFD50C40000-0x00007FFD51701000-memory.dmp

Filesize
10.8MB

Download