42f7f85e3d8eeb397b2432514d3503b4da8e826824ec58d805405123b993fc37

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

dc109f54f9d26b72b4ac9586443dfb2a
SHA1

c62e12ebaf72acd13d54224023f861b39c4beb05
SHA256

42f7f85e3d8eeb397b2432514d3503b4da8e826824ec58d805405123b993fc37
SHA512

951b38e91abeea8bc5c42a17c70953cc607cf62f31989e0959f49fcc995f5e726ba6308c8ade9d736d1ed452171ac65d04c7a9c9b4c7b3785669973264fd9018
SSDEEP

192:dJkHLxX7777/77QF7Ryrnc0Lod4BYCIpIOmX8a:dWr5HYv0+CIpIOmX/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 6 IoCs

pid	Process
4908	Setup.exe
4884	Update.exe
1172	TataruHelper.exe
4972	Setup.exe
2476	Update.exe
5732	TataruHelper.exe

Loads dropped DLL 2 IoCs

pid	Process
5732	TataruHelper.exe
5732	TataruHelper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
56	camo.githubusercontent.com
58	camo.githubusercontent.com
59	camo.githubusercontent.com
60	camo.githubusercontent.com
61	camo.githubusercontent.com
66	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 379622.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
3980	msedge.exe
3980	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
4428	msedge.exe
4428	msedge.exe
4884	Update.exe
4884	Update.exe
4884	Update.exe
4884	Update.exe
2476	Update.exe
2476	Update.exe
2476	Update.exe
2476	Update.exe
2476	Update.exe
2476	Update.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2476	Update.exe
Token: SeDebugPrivilege	5732	TataruHelper.exe
Token: 33	5732	TataruHelper.exe
Token: SeIncBasePriorityPrivilege	5732	TataruHelper.exe
Token: 33	5732	TataruHelper.exe
Token: SeIncBasePriorityPrivilege	5732	TataruHelper.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
1172	TataruHelper.exe
1172	TataruHelper.exe
4884	Update.exe
1172	TataruHelper.exe
1172	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
2476	Update.exe
5732	TataruHelper.exe
5732	TataruHelper.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
1172	TataruHelper.exe
1172	TataruHelper.exe
1172	TataruHelper.exe
1172	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe
5732	TataruHelper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 2596	3980	msedge.exe	83
PID 3980 wrote to memory of 2596	3980	msedge.exe	83
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 3832	3980	msedge.exe	84
PID 3980 wrote to memory of 1456	3980	msedge.exe	85
PID 3980 wrote to memory of 1456	3980	msedge.exe	85
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86
PID 3980 wrote to memory of 2524	3980	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4908
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:4884
  - - C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\TataruHelper.exe
      "C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\TataruHelper.exe" --squirrel-firstrun
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1172
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4972
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:2476
  - - C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\TataruHelper.exe
      "C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\TataruHelper.exe" --squirrel-firstrun
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17406185834996746945,4260140320958584205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 /prefetch:2
  2⤵
  PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

Filesize
2KB

MD5
08f1e63bfbea86a0e26ffc907e692312

SHA1
0e06896c0931076294da260158b2b8a4f8a81f8f

SHA256
83fa104fd7ee6b6f409982da97ae33c3a652ba8335bea792faac390ba4505f85

SHA512
e578af8717f6e901514fcfd344a2478dc478a22072cd8e17aeb7c450b9c758f79f7119939f2d7df3533f277ff6cf76cbbd1f1cc1577252625798c4a49b07d0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
65ed13f83621695762d15265eaa24419

SHA1
00e50ffd036bfcbcd0db25b5e36731fed2d4baf4

SHA256
abf383221d8b0a278cd6f8b834567fbddee656a04a5e19ef3d311c303095da50

SHA512
5396494586339092deebd5561ad435c54d22f27f9202924f02f4b3038a7d53e106cb96e2e194d79dc521aafa925bb1043cc690493fe57e5cf791e5d65eda361c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
580B

MD5
d2c6bda3819f5b6d72d643a39fbd16ce

SHA1
3120dcf2209775e471b1512c387fd515add2cc15

SHA256
c9e49be792a471e285e8e195024ba26cd6d0acc4115cbe24804414993570901a

SHA512
aa144839b5bcd9f26188e687ee047373801d909d459059e8b2d5e564f02fb9dcd3f323990c01d796a5f987156d6825ec06249f32aa59e7ebb20d4d51e84517be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b76d7f2a8985e6f8706587461b8dc119

SHA1
436c258b38e0cfbfba3946493d04f6aa64a35c96

SHA256
8d51049efb3d99055399bff98e94a6c1505ef39753fd42b28441f5bc485779aa

SHA512
d0dec538499399fa40e176e554ba2cc8ad06ef7c131d707f2d98cbb5b797df29a1dbacd055a0770ed7ab16b8e5a5a2847e4ac321df683c41021a11a015728fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25684609d9ce373b712f67f3cf700d3c

SHA1
d241458cd455a77968454532896d7e88184e3106

SHA256
b2fd06519791efee332d4d32fa891b554efc8bc619701688dacfbae810274e87

SHA512
15c5f8958f9c5a22d4a31f67961e27b0f75eb458f0c86f423347e7c41142d1971819e9d9264f037e29b592382b4d1eba19bba1821504550cbec32db2f799f9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34c747c5016c6fa7187e2a3335e1d3e7

SHA1
63accdeefe576c3427814b4c4d927949109e6734

SHA256
6656a90670bc98b251644443c53a25db2e9385b95ccb9d1a59447a6f0075f491

SHA512
83afb9aced7b94f91f041911c53b0c06f2d2b6a7a95f923d1e74aa38b0135dfd3482669dfb2cc9ff90339bfb91aa696cd2027ad356b96b68a1460b1b8df070a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a327eae804e0a8ee1940a6f52cc8f1f5

SHA1
df767dc0e0282dd007f75af9fb90e4a7385d62b9

SHA256
eaf9a20affb92ff6e119cf85922cec6a584203f30b52a4bbfd39d2b0971a5ee3

SHA512
f1ecd3d95f43a1cd63f5ef93eb78a031f44727d5249d29266a251073f42b0364a86accfd11def114bb14b453b0e545997d8fe5a0f10fd109656c9b40018dbdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7b43ed69d72ea261b778928acf22cb9

SHA1
9ff1aec9f0a773fae63a9970b4dcf0f48029ff3e

SHA256
4ed54287465d7d739d152431efed921b4a30f7babd05fc7ce4b37b5c682046dd

SHA512
ccfb662de80f16dd4e782949ece4b1d7cd582c57c7731dce03263f1786b9af9762703a36bddc58390b7a85ce961d1b86289c837e7bf939dab2c509e8e14f2bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e1af6cfda05bfa0caf888a6a90a1091

SHA1
1327f96a32848860d9ad950277e972796fe9b5ea

SHA256
d06e64764c9a1f74fdb4111e4a52ee2d882bef7143b11053e86574a3fe3bda0a

SHA512
dc45ad00ced95eadede715c763ffdc3fd85be0463abc71f8362c3aa1d8b9aba60842d271646453e3ce812736ae307115f3ab4b03d65e9fb30306aa3a9b34b907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db46196552b14fa40cdd1c5ec22b6a19

SHA1
b071ccc60d0d89a57bcc148584d391168c26ab9b

SHA256
e1bc79899e5a361179eedc5e4ff3dfda5e391074a87d6ef03d3b58123ccb25b0

SHA512
6001c517577eed46cb180b4b0e1ddf3282a89d243aa8fe54f7fa602859db2beec964c733e3c02f2d1b82751342181a93ef03b3c407521c7c772a72b4f54d9a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580068.TMP

Filesize
1KB

MD5
07b1a2d98f426427c67c1f794cd14e96

SHA1
a0f2c491fc1021cba535279393948ab543ef3d3a

SHA256
9424941333e5b8fafcf0fb1d689e8b8c5b938fa936029f814035cd626e2da037

SHA512
abcfe2360c99977f5e6d87665d87b346341638f5b3e6ec246c1479f97f600316c5b236f60c010571764f9f6081ead26f8608c284ae2927a96c088d64f0eac8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aaf39c9a40c9eae98d73bc226493b95d

SHA1
cff15284b2cb69306f35a247452365585022640d

SHA256
91487659274e42305486efaee0cb66b4ffcab43f709e23757c44c01350172084

SHA512
7b5e315f2f4d6d0468e325e0f3781cec9e9027ed400c682fa959a016f5b7d755ed2fc25dd14ce77cf6abbd851f45ee0e817e81efa8b645d16723ed99234df27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d50138abeb25da91372a5069c607b8cc

SHA1
eca32eced439a0518fc486e51e365ca8d01593b9

SHA256
8c45d6276458cf9167b8f9164ea8d41f2536b83f37a0927e4ab2538eac0003c6

SHA512
340e5326c904977175fbfd8c81a3a7208446f9a8c105af885fe00c372fb05d2a62c8fbe56445136e539947bf70fcc00ee4fa4366f5a13d2606bf9e936dd85ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbbe539f9f8d79d5d8d0689c38ebd4f7

SHA1
dff92d8c0b48e71efd514f0b620de62b1974541a

SHA256
1378961c49b8484921ca44ffc04c6578db7fde24e0a1798048687427586f872f

SHA512
239504b295bc906f3c859b5dd1bd503b021553a143f2d9b9b340f6e776289b8daa733f4386eb4cb21ce54ce2e25d1b45a31b0040b80c853c670ee51a238f5a6e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
83B

MD5
ac29978d064e3f5da0bc85b3084cb085

SHA1
5bf1a5ec40b790a7bf0356494aa9b06d019adfb9

SHA256
540c7196591f2a68100b5256ae46b1cdb77e3b3c459687d42b759a746108be8e

SHA512
b9119a2d26c6f689c0ccfc4dc5fbdf0f20e4043986b7156202e15e611be1d4a9d9cc362dbe18536edef90ac6ffe36bdd6af23ca40ec8c90aee42d9c76070e459

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Squirrel-Install.log

Filesize
2KB

MD5
84c8cce6ba0a08b1e3423e238e258aa6

SHA1
a705c9c4bc0e790ce58ae06da80000b95fc3ad2f

SHA256
a93458ed594b321966ed5f55ab3a97463b8a0103f7979424bbfbbd7bd6c00fdf

SHA512
ed37b72206cc066a5672b83b9a780edf6f63674af32691aa650dbf90612a73013aa18288e6665187927ff6eba3e14955493494ebdda7d9a5e23c86ae6bf6a759

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\TataruHelper-0.9.108-full.nupkg

Filesize
3.7MB

MD5
119ee29c8dab4ff6532bc41f34140ae1

SHA1
f7ca870cb6c6e3885a13c5e3afeeadf6b8419a67

SHA256
73aa36ebe65f4281c32f7d106f554448c6d3d4a3dc16d870b7a87e71f554ac91

SHA512
24fba7ac9b529ecc04495a897f108d67e13bbe5ff7d3c858c9b73350ec6a7d7901f46e7bb300a50d269974492406b17ce795f0bf1b3157196bf2361175c45c60

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
a560bad9e373ea5223792d60bede2b13

SHA1
82a0da9b52741d8994f28ad9ed6cbd3e6d3538fa

SHA256
76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc

SHA512
58a1b4e1580273e1e5021dd2309b1841767d2a4be76ab4a7d4ff11b53fa9de068f6da67bf0dccfb19b4c91351387c0e6e200a2a864ec3fa737a1cb0970c8242c

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\TataruHelper.exe

Filesize
457KB

MD5
3cd7d7ecbdf3e91d5dd92e6dd09e3940

SHA1
50ca69c566e7a3b82ceb91e9ae95f7c3149b4e17

SHA256
aeae5ff2862c9899413eeb71bc87fb66d4b670f9f4c7b460268dd36a9fcba3de

SHA512
534495940b7333c379b309332b21f391ab3568c80940a0c278f698b35be523f59ca5ef0c1af0be17edcd36ba0f93526d7da8a7c5ecd5f7460611190f962609e1

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\DeltaCompressionDotNet.MsDelta.dll

Filesize
5KB

MD5
c848a2f5fa5feaa71409795e8e8c69d0

SHA1
9074f5b0ca107ab915164f790533bd672048c7b4

SHA256
1ce872ed466a8a3466c808a7babf3b597ec12e1cb84870e7a0cf00b2f5ef6df4

SHA512
a432a391354d54ed8b17abcad4f818027749e93df4715c62d537277710a95278cb998ca3cb48b8cca98effbcbc102327267eeda00ca4c5a79eb18c651cea7e96

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\DeltaCompressionDotNet.dll

Filesize
4KB

MD5
ffa8ab2e87481d9da99d224e0389c8d5

SHA1
087df6bcf23eebc46f064c48674d4fe5db3a9b1d

SHA256
13950b911243e13269ef2487a00147c824e2223a7fb9103eb21f765c795be45e

SHA512
cc6f0f9430947cd3926da02d66db31c2581c5e4895d2bd527d5e7f8b163413f23923891dc9c6bf2753825a78b73849b655ebd3a6e16defac4b33237a126326da

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Hardcodet.Wpf.TaskbarNotification.dll

Filesize
41KB

MD5
c23a4547007f58bd4cbbea7238fb19e2

SHA1
a9f01731b43338759d1546a1ae73250c7b8aab7c

SHA256
7c563526754ce4589b98ec69a4cafeb0fd1b2a2bdfe9679cc1479aa36db4e8b7

SHA512
d2fb1f10e5f959f8a0c983a6d89fc85c7b7ab6d991d94a9d140ed6e12331d1bf97287020580012ea749e16f3509fdeb928c4d5c449012a500261c7278bfca1ad

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\HotKeyManagement.WPF.4.dll

Filesize
119KB

MD5
a51ccb32d001b48ea97423d5558fa606

SHA1
e0d24c8fad95cc6aa9c992e3887a1f3837053274

SHA256
d6e4c3f1b2596e9ce72f6a958e577965eddc81b471eba385ca69685c6a3da0f8

SHA512
65957e9bf7a81c120692199aa40d07b5e84e25e31447fe2b343f8df353f7865cb40988d485481e6187ece7ac19666ad27e3760d00bf5c3643fe7b3f14fac3f9a

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\HttpUtilities.dll

Filesize
12KB

MD5
9805bb8277507623ecf46af3bc45f0fb

SHA1
a3f36fed874ddbf397c85aef1928c5c2213836db

SHA256
3679c59464e8bbc9a8c80d767da7a2b0be5d02cd268b152039cc0f76682fea24

SHA512
f03390d2d61b224d339aab68598f3cbe43708544b07a70378f89e4111301b68f9172f466f94527f2c5d46fabbe7fc06be93237bae6859d806cc87a0a8aef87c5

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\IvanAkcheurov.Commons.dll

Filesize
25KB

MD5
9d4243d55674a33bfcc0e50252123202

SHA1
589aedc4d61b8dca9aa7db4bbb65befe57f82f54

SHA256
011378a85a96ae17eaaef52cae5bcf30d918c588458e0e550fe1678b0183e0e6

SHA512
8041d580e959e6443ef5c8ae53160f01aaace8ceb9f76d81af4c07ea9f46c381987dafc95a43b88eed821e82f84d22b9b29ea8bdbd4a0a0e0ff5b2038b70afd9

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\IvanAkcheurov.NClassify.dll

Filesize
24KB

MD5
174ed5d680314e93ed79b2bd0c3d44ff

SHA1
37b9c14a57bb52c242fc4d44fe5b0ddc66ce0dc6

SHA256
d12275c473b044c385e3c4360be0759e1db881b10ad201666418e9e0207a5094

SHA512
05db4a9bb78b50021d9340a2acb728b8ea13e0589a89ae8bd4e5a4790b8bdda045ab41bb055c7001c246bc5fb78d49ee15cb632562c45559ea85eb19ed9a9a90

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\IvanAkcheurov.NTextCat.Lib.dll

Filesize
46KB

MD5
0207af5a5ab104f87c495a8be1ab7d50

SHA1
247bff5244c88a3c3001405177c5bd6497e99907

SHA256
e1805b23757ebf09493312f4e5683fc1f89cdc58e0af9733e02ce0c6ed118631

SHA512
857dad6bdd3bc154d47fda38368a3f12e855eb9114e123aa655f9c6c5ba2790810563d92284283f5d9d8e91a7da38360c3987b6f5c75834b5b8ab4ca43e08b17

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ca\ca_ES.mo

Filesize
7KB

MD5
68a7823664248ffda9ebaed2c94fa010

SHA1
8f7ce5e66b36ccd4c9625417fd44e1b51edc0372

SHA256
8c412c09e168a1f62fad3208b6b9fcf81ed5182001550ad8731861c1f716b362

SHA512
d9cf22d0cabc9a377e9716ad11a6a429c1d244bc4d1e35c42e4b44965fa13b97a275d3a9feffb4b4227da52bc8016c63cc92458e21f07919802e905b1236fda8

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ca\ca_ES.po

Filesize
12KB

MD5
4423ffb7bcf50f6357efd6c4b4460632

SHA1
2f0859a2622f3bbee532c2c6992f14917ba0d95c

SHA256
973b03e3d3d927868324601dadd347352906ac47553db9ee84bb3e7f4a717320

SHA512
3dd5c6b9402b9711e16961e2e2f30382b1ae4a45bc59e1f7f0f9db6800a355bad276a9953b9534fe013af44827856113afae1b52d4ea1319dd1e23c8d7d045cd

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\en\en_US.mo

Filesize
7KB

MD5
ec1c2e7e516830a4f1acd87b4cc9bcf8

SHA1
e2b0a7112abf153c3c6dd833364d907f73be9e29

SHA256
4375713594de701774411c305fc04af0c853c4c504db64e687f3b3b592781f76

SHA512
1fce0903af59330a15843fcaeb20a34a4df8357533fd20fff780d2150f86cae01a31be7d21b5548b00957920b07c68b4ef912b7c18968f95f31ba438f54982da

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\en\en_US.po

Filesize
12KB

MD5
f5f36e913ab81681615e41502abe46cb

SHA1
1ecb78c863c71aaa42e23d7a19aa5854d081cd81

SHA256
423f9aa56ed442f079b12f60dcbdd20a496cecc0ce269a9ff3b4e94b58fc2c28

SHA512
fa9dfafc76f7d4d10c073aa710499a13b702d56bdd3bce6bf6a8e58af46917ad4a97b70e956da4861398616a873de5493b9a97bbf6e474c4e3eb2d3ca6094f63

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\es-ES\es_ES.mo

Filesize
7KB

MD5
1f223be09f15f934e98c1918d928c1b6

SHA1
cb259c2df5b63f37fa041cb97e11ebf4636d725f

SHA256
cad2e19c58d70375794ea0767385d32357a876336e06268822cbef3c24c8c482

SHA512
f6d40619806c12c467c08956de9cf5d60d03208009dcad5ddcf09fa8363f181d462af2a834bdf2babb81959f80f9a003501223c4a091d0982bab2e4ea91177f3

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\es-ES\es_ES.po

Filesize
12KB

MD5
8b97f66ae0489957c02b5be1822f3134

SHA1
de6b5bc70f7f7f7a292b16044fce1e3f1a9e8ebe

SHA256
87633ba0b23d550da4e48618d16819ac0f3468442c3fde84e6fa20b1cbccb7e1

SHA512
6c6999aa4dafe479e0afd3075709674f19f8e607b2c116d420198d9c501e4cb5e84b0cf9c36a1b0e2e567632a41ea13a8c68b20d01fefe80f9da93cb4c20c87d

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\it\it_IT.mo

Filesize
4KB

MD5
dbe5373817b79c9970d960de3c3f275d

SHA1
a37ecce55a3a6ed014b9216d0de3894ccbcc6438

SHA256
91eb2c54da251cad79e105f4f6efb73ef17c263376d32bc27c548efa92201b5c

SHA512
e7805103d99063d89865edc96a09d17144ef26749050161b93e0949930781e1618f53636f0d0d18a18f8db9c36041d120a388e555279b3efcdbae46d2ff07d92

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\it\it_IT.po

Filesize
11KB

MD5
af4acca1737f4ca707ff56d77886baeb

SHA1
fb6dadeb3f60d78c82d3575b62f1cfcbe2cd97d9

SHA256
9e69368e8c61792f952ec85c498ae722867aad317a24c1443c2ad0cb410ba823

SHA512
0be7943663ec9ed36145fccb624a401f79105882b7cbdec47282696b1fa01ade646f98e07e84b3aa8fdf5b900a6b4b94580ef1069a22fc513f51e19ac35eddf8

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ja\ja_JP.mo

Filesize
8KB

MD5
35c196809c9c70e8772363307a0c2844

SHA1
ad69e76e4eace9077f1a8b809ebea92ffe487d4e

SHA256
2b1282df8f18e5e643062d62bd0e384fedb07d029cfa849870b5a3eb8a6b85b8

SHA512
3828e37176cfda9861396ae2f7e1e54e47e49fac4fd0217bda5c3827c06f6842be3686d9e0f071bcaa261a2fa8a51b886558129d1a4c2c077a15b01a6151cbb5

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ja\ja_JP.po

Filesize
13KB

MD5
7fd81c70a26e71153657e24956c0302f

SHA1
546423915ad453ae6e91ed47087b15c26a9168d5

SHA256
9c1dc11e625fc2976dbac6901a198708e7dedd98038d38ff6ba4768d48ed267f

SHA512
0fe4705f4796ed637d6debd321a92c63688b37f20f730b8ca86c1ba0d5d519568272b15d50707ae079672b70b6fb1fc3ada6a828a00caed5d6ed20bbb4df92cf

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ko\ko_KR.mo

Filesize
8KB

MD5
2797f7315a1f2ad682cac4782804e79a

SHA1
2a24abc7926761f0473b28792dff49969136a401

SHA256
27a9a05e345a7d5f6977f23980fcd7596bea1e875fb8fe135f45f14130c5a187

SHA512
35ab2b1f3c21071143bb845038c354c256a72b3374dd93cd8e2169bd284007297a556c3c40bd62e02908bbe2c95aa8df8634fec1b8ff056881f1b82e2bd29d0e

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ko\ko_KR.po

Filesize
13KB

MD5
954b2736b55520a84cd9abb03c5f3dad

SHA1
158f809977dcb9e29bfb8869986c5ce17139813b

SHA256
21a20bcc92f46e2690da1e9cd3d3279090ae677717df4a8cf08ac0dc8760568a

SHA512
7e24900d8973d605e07757587536afba0f981a5e995947a059bdafab4e179447a378c17b78c9d30f1e6dc6541935a563f380990337b2d00e2a3fd4fc01fdc1cd

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\pl\pl_PL.mo

Filesize
8KB

MD5
dc54717b6538408ad2e62c1f271cab89

SHA1
67eec7e8a8cbfc13ed4b8502e3d4660c05eb05fc

SHA256
6e91124f0e39ac3716d5f672d17fb418701d1e44ac7b7c2e3aeccc66f99c3e78

SHA512
9abcdca54430c4f3a888d781d51e3669d78b4788a590ecb3664d65e4460cf5afdc0c13dc54693d97700de91d8e331c3e05320270da5fe13a12e65ce064d9a17f

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\pl\pl_PL.po

Filesize
12KB

MD5
f1d4bf535c43c4685b553f774b080f9b

SHA1
e4ef9ce5c2bd270c4af923610979a1f1cd4acf0b

SHA256
7c6d1c556523cf7944f6cbb41f2ceba57f55d42dba01ebeb7fd73d50d34605e6

SHA512
2a86935339b4699caa212abe5b64e98d4647382ab6c8cb39887576cb7e4e2360de0e9c661fbd1e7daae83c1d43ec415c8ebbf7a19861532db90fbf190c7891ff

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\pt-BR\pt_BR.mo

Filesize
8KB

MD5
43d15502a53aee8bb3fbc0c77cc0d302

SHA1
91d8f845e40d136599383695ce0e90bc0e8b73fd

SHA256
9dea1152b55079dcce46b1b561a34499b7c825df1d527071662fe9f3d2292851

SHA512
a5a1d83241347960e7f81d5bc6b3f39bc8f693d842f4c72664b8674939a1b5fa8e2667b846987ccb9e1d6c885f3e87f1873ab7fa770cd07234671e85f7014d58

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\pt-BR\pt_BR.po

Filesize
12KB

MD5
91c4040471b2c94e9716e432b09cfe7e

SHA1
bf848aeb9b0f014965020ca960744b42abe680d9

SHA256
653d4597c4581a4d109e18a81ba305e216230edc734d5025f019f0e378f0c129

SHA512
04bb71a8dc12da2fb023658e9f339808fdb6c16bbe969d427b18aedd716760a5f80f7ab6bceda4a6fef39e72b3208427c0be7e695ba9c4fbaeb2c78f8786b82d

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ru\ru_RU.mo

Filesize
9KB

MD5
acba3115099f8274430d4801661d6449

SHA1
acc6a5b8f5d4971d0922a47e757201cf276c1f57

SHA256
f4f6dc120ba85232c52e34b1ca5e89ffd4891f6331399c7a55c09e495a957fdb

SHA512
d020a60e32bf30905cd43c0af4ba34ee5d0d48dfedb8f5159bfef88162ccc8501edb57c9b798d6f210a5d642fc87dd6c9b74728daf288b0ac55e6e170b9cfb12

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\ru\ru_RU.po

Filesize
14KB

MD5
907dbda7cf1c441c3df373e9fd4b1ab1

SHA1
29ee91f122ee2fc73bb1b1f58d1cd0856c53b182

SHA256
47dad0fcdc4bd929a23df426153aadd5d3d66ee3c4f160da9b5be78fd7dc7df8

SHA512
d527da62bb450712f566eac5710b9a4142939028a537da1cbe1949cc6441a96c337d84a0785558c28cf3303241b24eb792172f87f8c9f39819540e3997fbf706

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\uk\uk_UA.mo

Filesize
9KB

MD5
a547a4b28740153fb86241dc9f691b17

SHA1
7bead6f59410158d33273e07c1491d7375ea4ddb

SHA256
f4f5d49e528c0eb05c5eb5fc3b4a668d8bf41db49cb9d1b11d06b554e29d33e7

SHA512
53f7dea24ebfa5d3d7e1d29dd69f0ecc2447665bebccda45518a00de1cb4d240d5f9763968a763fb389b0396ffd0c3d8a1a34de1aa5b15acd7598b3d34839154

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\uk\uk_UA.po

Filesize
14KB

MD5
0e2e6562e930d3ce615b5e40615105ad

SHA1
ca80b58f5796eb31782fb5b3bae2f31184384966

SHA256
4dfd52247da4317c12812390525dded308440966cca7c1840d7c264538f834ac

SHA512
39affc192768c1a7aa2c36fd8ed8a36cfa4ec7307764b5d47ccd697d886d3ec471f197178ff9a9008851e7cdc1fb20562aba0507b7cf3a9676e35f3ba8396512

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\zh-CN\zh_CN.mo

Filesize
7KB

MD5
0354bf500cc3a96a52d4925c0e900a3c

SHA1
f7eed7c333b90a6a474df57e172e65feaf32504e

SHA256
d6422fb4ea254f44f256a03644482c2f28d03fb211a0cb62a64332d951860046

SHA512
edc775da88c54d62f2ae79e494c055c6963a8193d1502bca137f22179922a4a65c037eafa83153ebe3dae794e8996b090216066a7b4964b53000dd2e461787b6

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\zh-CN\zh_CN.po

Filesize
12KB

MD5
d8ca7f86e5c0fed32e88b962cbc2f454

SHA1
7f6783d8d7b01b7a534478c33fc196a714f1b609

SHA256
d64c4ff5737dca05712dcad3ad00761f43c756f37997e059f56323190a1c884f

SHA512
83512682e16fd0dad5deee6022d9de7fb16abd259aeb578fc8f81d43c2b56ad472f0ff326b5c399b7c426391ccbbb37d9ccc8b93297f05a8fe6527b30db15f5f

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\zh-TW\zh_TW.mo

Filesize
7KB

MD5
4a42d39288752b39accfe2f3fa2300dc

SHA1
ad2980cb2e24b90197b95a04aa5e39ba00e72bde

SHA256
2ba80f79b9b6605e87b1d332fd6bbe6afd53932ffc5e109a7cc4dde058f685b1

SHA512
203bccb7157077f2c7666268fbe985006de6f887df62cbc69da387e7ca602881a27b8245118da98db7e1e3dfa99a7f9c0ddf227fab13e9ecf8a82ef2f84db647

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Locale_cloud\zh-TW\zh_TW.po

Filesize
12KB

MD5
e2def3646ccf6e192e3c666b7f260d84

SHA1
0980425c1d23ac8a39e6316b263911144b842669

SHA256
e02a2ab0c9bc2ed02172818e430c747370c45ebbb7d197d217e4534747dea61e

SHA512
1dd729ac357376bf50ba52f925cba3fb76623ad63ca6e33d8faad9444fe33391d0525d327e45f842b9ed682e99e080370543ef683070c79be61a35f014d855ae

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\TataruHelper.exe

Filesize
967KB

MD5
f156f3dace2da129910142c7c77a6dc8

SHA1
235eb6e60ded54112b5fa6b841df239b2f3ed954

SHA256
a24b62ea4fa5ab725d9e9c0fbfb7ec0932f37f73d82e7a37d5c62f0a4e30e388

SHA512
aca7c9ccec7ce9f6eb00541279e8e072ce3aeefc49d7e89bdb525557e7575ebf193ec0e0c8367b50aa77da2d6cf5fc9de30502233948cc5a0fef30a248458783

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Translation.dll

Filesize
58KB

MD5
d136bdc4b4e9713e36c119bc203a135d

SHA1
ff96abbba37d486b5d28a6a47dbafe09740bdc87

SHA256
b67d97898f8e790689c32d299a7fbec5d715ce484794e896f001fe352b963a16

SHA512
296f14bda97e92e31b9c3b5aa113bbcc598d36dc3ac9c7a247dd5ba46143d8900753673226772eebcf515234d7d1f2591c292c093d0cc77a74622105f4f56676

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Updater.dll

Filesize
18KB

MD5
1862fc794c664af6b456b28543c7fa7d

SHA1
cf89cb39b833944421d24e2fabf57dae61598b8a

SHA256
ec3776e46c9b61c7d6f7a9ba03a83f740a8d111e5ae55a7c75f98c22cf9f5d2c

SHA512
a373fcfd59cdb1bbff94d936d373cfa2bab85f8360e61048fb76a434dc974e9b5fd4e53ffd9fab4b44ffe7bab05cdd01b37572adfc040a89cd2a0e711dfc641f

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\WpfXamlExtensions.dll

Filesize
17KB

MD5
48c9754d3ba68da5fea2b3dc511d233f

SHA1
0b6e5b923082b70b63d0b34be2f95b758ec038f0

SHA256
366158a538614dbd4f33bccbe1b28d51f78b266e9c4e8de043959bc5b8be2aee

SHA512
dd29c44ea1795970a5b99715f260ec799609888e423fb6840bb995d34845c0b1e9235be1c47b7c30898bc83d18a78d9bad14f11d65ea9265c66c9634efcc7d3f

Download Submit
C:\Users\Admin\AppData\Local\TataruHelper\app-0.9.108\Xceed.Wpf.Toolkit.dll

Filesize
1.1MB

MD5
5349b07f9c0c63cf66486e37bc3c4b0d

SHA1
af3482030d701a013d145406c4f969eb61341f71

SHA256
711001125ff67ce9c8041beedaac3fa6441d64f3b202db53e34010cd42e16ed0

SHA512
814841f4c918638abcc4b95fd76c7fd38aad1015cd532b713eac4975d6772ec865291d7ffb4c5c31fe66014ce504529e755ab4badbaffdad8d28482f8de6d951

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 379622.crdownload

Filesize
4.5MB

MD5
e198c1dfe827a46f67f14ea72814fd4a

SHA1
8c6d13489315f3f370c9d4346ca7245cc86060ce

SHA256
365159c414beb46fc2954389119f73455fd8085a129859f7d36b8b4fae001d4f

SHA512
482710f9fa7e5020fea617d86e01b009a903778ce40e718b95a7803baa65ac1d27c8dd97bcad57acc0adb2559a181325b1e6103dd2b5f6d80a19b14eeae011a0

Download Submit
memory/1172-358-0x000002B4F37B0000-0x000002B4F37BA000-memory.dmp

Filesize
40KB

Download
memory/1172-360-0x000002B4F3EF0000-0x000002B4F3F00000-memory.dmp

Filesize
64KB

Download
memory/1172-365-0x000002B4F4460000-0x000002B4F4574000-memory.dmp

Filesize
1.1MB

Download
memory/1172-355-0x000002B4F3720000-0x000002B4F372C000-memory.dmp

Filesize
48KB

Download
memory/1172-353-0x000002B4F3730000-0x000002B4F3746000-memory.dmp

Filesize
88KB

Download
memory/1172-363-0x000002B4F3F40000-0x000002B4F3F48000-memory.dmp

Filesize
32KB

Download
memory/1172-351-0x000002B4F18F0000-0x000002B4F19E6000-memory.dmp

Filesize
984KB

Download
memory/4884-357-0x000000001BC50000-0x000000001BC58000-memory.dmp

Filesize
32KB

Download
memory/4884-361-0x000000001EC10000-0x000000001EC48000-memory.dmp

Filesize
224KB

Download
memory/4884-362-0x000000001C820000-0x000000001C82E000-memory.dmp

Filesize
56KB

Download
memory/4884-252-0x0000000000CD0000-0x0000000000EA6000-memory.dmp

Filesize
1.8MB

Download
memory/4884-323-0x0000000003150000-0x0000000003170000-memory.dmp

Filesize
128KB

Download
memory/5732-507-0x0000014000240000-0x00000140002F0000-memory.dmp

Filesize
704KB

Download
memory/5732-519-0x0000013F83DB0000-0x0000013F83E9E000-memory.dmp

Filesize
952KB

Download
memory/5732-516-0x0000013FFFF50000-0x0000013FFFF58000-memory.dmp

Filesize
32KB

Download
memory/5732-522-0x0000013FFFF60000-0x0000013FFFF70000-memory.dmp

Filesize
64KB

Download
memory/5732-524-0x0000014000400000-0x0000014000482000-memory.dmp

Filesize
520KB

Download
memory/5732-523-0x00000140000B0000-0x00000140000F8000-memory.dmp

Filesize
288KB

Download
memory/5732-526-0x0000013F84570000-0x0000013F84A98000-memory.dmp

Filesize
5.2MB

Download
memory/5732-520-0x0000013F83CC0000-0x0000013F83D9C000-memory.dmp

Filesize
880KB

Download
memory/5732-511-0x00000140002F0000-0x000001400036E000-memory.dmp

Filesize
504KB

Download
memory/5732-508-0x0000014000030000-0x0000014000052000-memory.dmp

Filesize
136KB

Download
memory/5732-506-0x0000013FFFF40000-0x0000013FFFF4A000-memory.dmp

Filesize
40KB

Download
memory/5732-505-0x0000013FFFFB0000-0x0000013FFFFD4000-memory.dmp

Filesize
144KB

Download