31b50bf84e4920eba936c321dd56086506b1ad115bbf50862690ffb9fe0c5e21

Resubmissions

28/03/2025, 16:53

250328-vdy32aywfw 3

28/03/2025, 16:30

250328-tz1cjszqv3 7

28/03/2025, 16:27

250328-tyb9bsythv 4

28/03/2025, 16:19

250328-tszsfazpw8 5

Analysis

max time kernel
1049s
max time network
883s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GNBQY-997049.pdf
Size

9KB
MD5

036a6b0818e38574dc32f192be0756db
SHA1

3e9a6c7056cd4a1d3c2a2e897b0880f012b85e29
SHA256

31b50bf84e4920eba936c321dd56086506b1ad115bbf50862690ffb9fe0c5e21
SHA512

7461f3e20417a72afcb66b3574e48bcabfe9acc0fc8f79e7233788168dc65da2b617f19593ced669091656c8793aa6ffa7c9ba8c0d587be1cb03de50c53bdf29
SSDEEP

192:826ESYK7DzfYzETR8wlk2w1ic84kOHHrDYDIlYDIvJoYDIYr:826ESY6DzAYTmwe2w1n8DqYDIlYDIvJr

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2896	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-tokenized-card\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-hub\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\Notification\notification_fast.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-ec\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-notification\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-hub\th\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_815176491\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-mobile-hub\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-shared-components\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1779896877\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\webui-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-mobile-hub\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-notification-shared\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\app-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_966519502\shopping.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1942541111\Part-ZH	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_966519502\shopping_iframe_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-ec\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\wallet\wallet-checkout-eligible-sites.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_966519502\edge_checkout_page_validator.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_966519502\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\edge_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1808316878\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\bnpl_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4440_142840129\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2896_574706532\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Checks processor information in registry 2 TTPs 32 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876530724193012"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AcroRd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AcroRd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AcroRd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{6E420150-A385-42A6-BC87-3F876D43B34F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{945E048C-70B5-41A1-8429-95FC6D003DD9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000fa823c672794db014e4a68df3094db0125ab6adf3094db0114000000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
2896	msedge.exe
2896	msedge.exe
736	chrome.exe
736	chrome.exe
4744	msedge.exe
4744	msedge.exe
5956	chrome.exe
5956	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4700	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4700	AcroRd32.exe
Token: SeTakeOwnershipPrivilege	4700	AcroRd32.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4700	AcroRd32.exe
4440	msedge.exe
4440	msedge.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe
5328	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
5328	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 4720	4700	AcroRd32.exe	97
PID 4700 wrote to memory of 4720	4700	AcroRd32.exe	97
PID 4700 wrote to memory of 4720	4700	AcroRd32.exe	97
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 5616	4720	RdrCEF.exe	98
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99
PID 4720 wrote to memory of 2712	4720	RdrCEF.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\GNBQY-997049.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B5DC71304F6126EA7828A5FC8FD66385 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DEB3B8185DB58BC7DA34497ACDE905AA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DEB3B8185DB58BC7DA34497ACDE905AA --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2712
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C67F785B076F04F160281C50189DFD3D --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B821403D5992018691DC3FA04E4B569 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2120
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=663AADE6965E01D593DB9687B11B7DC9 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3776
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B8A911CEDE89BD8A11216CBFC26CA233 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B8A911CEDE89BD8A11216CBFC26CA233 --renderer-client-id=8 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D585CBAAAD26220E5E8160A426B0B2DD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D585CBAAAD26220E5E8160A426B0B2DD --renderer-client-id=10 --mojo-platform-channel-handle=2648 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5AE17D7CD069F1CCEBDC0DA1F569AB9E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5AE17D7CD069F1CCEBDC0DA1F569AB9E --renderer-client-id=12 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://226.187.202.64.host.secureserver.net/tAneFb12GT1OnaBLPYvi
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ffa9e75f208,0x7ffa9e75f214,0x7ffa9e75f220
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2016,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:2
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2248,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:3
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2420,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:8
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4968,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,9063063202267037250,16253213274884465761,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
    3⤵
    PID:4148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffa9e75f208,0x7ffa9e75f214,0x7ffa9e75f220
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1816,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3
      4⤵
      PID:3688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2440,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:8
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1712,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
      4⤵
      PID:2736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1712,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:8
      4⤵
      PID:3116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
      4⤵
      PID:4684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4680,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      PID:3148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4080,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:8
      4⤵
      PID:224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4140,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:8
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4044,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4940,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4024,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8
      4⤵
      PID:2868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3992,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:8
      4⤵
      PID:344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3888,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
      4⤵
      PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
      4⤵
      PID:3792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1020,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
      4⤵
      PID:2388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8
      4⤵
      PID:3796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1304,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:8
      4⤵
      PID:2540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1300,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:8
      4⤵
      PID:5060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4104,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=3188 /prefetch:8
      4⤵
      PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      PID:3308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=3244 /prefetch:8
      4⤵
      PID:1656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8
      4⤵
      PID:652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,11137016040320289335,17007940187688328072,262144 --variations-seed-version --mojo-platform-channel-handle=3912 /prefetch:8
      4⤵
      PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\ssssssss.pdf
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9f5bdcf8,0x7ffa9f5bdd04,0x7ffa9f5bdd10
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2208,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3084,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4464 /prefetch:2
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --init-isolate-as-foreground --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --pdf-renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4916,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5736,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5816,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5964,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6060,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5800,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5908,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5968,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5988,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6032 /prefetch:2
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6436,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4524,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6248,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6372,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6656,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6544,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4836,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --init-isolate-as-foreground --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3268,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --pdf-renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6696,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6164,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6816,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --init-isolate-as-foreground --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6624,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --pdf-renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5592,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4932,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6768,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=4760,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6772,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6900,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=3296,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6904,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=4832,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6828,i,6468406104872194314,11471268908547249706,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5600
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2020 -prefsLen 27099 -prefMapHandle 2024 -prefMapSize 270279 -ipcHandle 2100 -initialChannelId {2b1a6373-001b-441f-a7fe-6cae5c470262} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2464 -prefsLen 27135 -prefMapHandle 2468 -prefMapSize 270279 -ipcHandle 2492 -initialChannelId {1ee4ccc8-74da-4f06-aeb8-b8f0db48b987} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:1812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3916 -prefsLen 27276 -prefMapHandle 3920 -prefMapSize 270279 -jsInitHandle 3924 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3932 -initialChannelId {f4062efb-9fde-4bda-99c5-37d85cd05184} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4076 -prefsLen 27276 -prefMapHandle 4080 -prefMapSize 270279 -ipcHandle 4176 -initialChannelId {2e0c0ce4-b27e-40e0-93e6-1b094c7d1b09} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4480 -prefsLen 34775 -prefMapHandle 4484 -prefMapSize 270279 -jsInitHandle 4488 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4496 -initialChannelId {e88bedd4-fb52-4019-8e12-7571ac6f6d67} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4992 -prefsLen 35012 -prefMapHandle 4996 -prefMapSize 270279 -ipcHandle 5004 -initialChannelId {8a1a1557-3318-4c10-8ea8-750359ea3a7f} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5308 -prefsLen 32952 -prefMapHandle 5304 -prefMapSize 270279 -jsInitHandle 5264 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5344 -initialChannelId {da5f0356-3c1d-4412-990d-020f21117e7d} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5488 -prefsLen 32952 -prefMapHandle 5492 -prefMapSize 270279 -jsInitHandle 5496 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5312 -initialChannelId {a650f85c-d2e2-4ce8-a870-9b5ee79d398f} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2864 -prefsLen 32952 -prefMapHandle 5668 -prefMapSize 270279 -jsInitHandle 5316 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5684 -initialChannelId {c1e4543d-369a-48b9-bc2e-5859651aef0f} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5492 -prefsLen 33031 -prefMapHandle 5496 -prefMapSize 270279 -jsInitHandle 5312 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5444 -initialChannelId {fbc6876d-4d88-4c20-add4-e9b45862e90c} -parentPid 5328 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5328" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1112844146\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1112844146\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1942541111\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1982661927\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_1997999298\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_2100985885\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_333991772\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_450741630\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_618238319\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_815176491\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_815176491\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2896_966519502\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
611d47a8d96bee0164c0fb35170d8ad0

SHA1
e0e9b6552fc37adf996abefb018a20719fe1fe83

SHA256
3458f3df053cde9109b5b89c4984879ca846a7bb1e09ca2f130b60734d1ce651

SHA512
f4fa124120bd0ae9239d30cc693211214b93908fae24777418be315adab5576206e7d725552f57e193f86e0ac1cd7372ee575c69c8141d3654e63133e171d8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4bda5e92-5fbf-4add-b494-be845a0312ac.tmp

Filesize
79KB

MD5
4522ced877e7e170dfe60fb186422b22

SHA1
889867ef3478eeda6f92d1227e242c04d09cd347

SHA256
9325316810c365dba099820ef35ff83f3444a9d8f78f99d013a29325d815a0e7

SHA512
166eb69a4e4ed9ff3f604ac797fbb47e3c173dce420b7901560bff341788f8a359f33d88570d2fba75e70eb01954f94387c08f7a655e08a039ebd2fe0ee13a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
13e85db7ab7bd0131b6d7b372eb6b3cb

SHA1
5bd031c1d79faee9f5b180576fb2ba73afd236a9

SHA256
96bf5616e02db2a7d71c4eb64ee4bf0ca8a06700e34ffa47bdc9c02f97092e20

SHA512
63e735544156689c62d6d5cffe428e6cf749066239e69dae910f08b89aa9f87efbeaf9ba5fa16d2644d16478ee854903270d4e330ddf89ea1bae6d54c98cb029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2afcfc1601b31be800828ac6fb0cc3df

SHA1
8b1a922e4cf08fff5e0e4a0b65d0f6a21eb2500e

SHA256
977ab14eed18c0996daab4509474bd2c95a13335eabbcf09304b3565f09f45b1

SHA512
5c5266a07ee48e7f8b502105787c95b016540afd5850dd15d03d47ec7a551fe802cba8bb4f48c842f932a6415d347a1e81891e012bd5c9a69d76c0f0997b12f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
09ff6b8054d3ea9f379c3b0e94fa2efe

SHA1
a2b3d5414dabaee23e172349756f61ac1ec88020

SHA256
6bff8417b6e1f3a815747f33f3f044bb8f4b59de544c346c134a3f32a1431b5c

SHA512
e1e6dac42ac07ce0fba8de9ae6478a0d62db3e82f1c49fb420298b90fb7553d9196630f59f5648fb4cea8e30355e36512b24af8e488cddb3954a3ba0dc1b7c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2600135846103e7b9a229844b1811c90

SHA1
db5f9ccbbe5e795c6a331513dba31a70b90a50bc

SHA256
baa8def678d85c0b6f5ed6dc2e38b9ab8fe79fc1fdeef8c1270964136847d09e

SHA512
b0c6530c972e0cc54463ebc0a7cee77676aa3cf798b8ca31191e5e58f466a5d025653d750ccc1de791a2d0f7109f2ceead48315be8aaceb0236f8ac69cbf8207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
68afdc58a30c4ebbbc297180bb41bfb5

SHA1
c4fe40b3cacdaffe737db6ab7e27d4ad26548705

SHA256
97f6c1d3b25f557a13859b543d8e136547c1ad7cf6dc4f726f03f154293e57f1

SHA512
2ca979debaf66133d31585e3b117a5d538f18b16db81b1fad3a6c8d5057385a2d13041edf72db6a2fb9125d311614d66919dd7ccdaa9c9f66a8c09614f24701e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\gl\messages.json

Filesize
927B

MD5
cc31777e68b20f10a394162ee3cee03a

SHA1
969f7a9caf86ebaa82484fbf0837010ad3fd34d7

SHA256
9890710df0fbf1db41bce41fe2f62424a3bd39d755d29e829744ed3da0c2ce1d

SHA512
8215a6e50c6acf8045d97c0d4d422c0caacb7f09d136e73e34dba48903bb4c85a25d6875b56e192993f48a428d3a85ba041e0e61e4277b7d3a70f38d01f68aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\ne\messages.json

Filesize
3KB

MD5
065eb4de2319a4094f7c1c381ac753a0

SHA1
6324108a1ad968cb3aec83316c6f12d51456c464

SHA256
160e1cd593c901c7291ea4ecba735191d793ddfd7e9646a0560498627f61da6f

SHA512
8b3e970a2beb8b6b193ad6ab9baa0fd8e1147cb5b9e64d76a6d3f104d636481621be52c2d72c588adf444e136a9b1350ac767255d2e680df44e9a1fb75e4c898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\service_worker_bin_prod.js

Filesize
130KB

MD5
d47e43b89edce51bc01fa656962401fe

SHA1
8cdc456964cfbcc7ca62e58d6258c8535b48d980

SHA256
7e2aa9557db237ee59473f8079197e4de851f8faddf3575bc345cbde6aa49dfc

SHA512
548b6d023154d4404567e331ffdd7a740d6144924fd489e2d7fda4a18db94c67bbc493b72058e92878b8d2d1a8cbe58bf4ae7c5f73d7b3bbe6909c8e78bb828f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
472947223e16651a5049425b2d36f1cd

SHA1
16d1bb67d589e78f6e49fc4da8610715a14d2cac

SHA256
c2754552d0c62f6fe50236fd9af7ba7adf6b887d16e3b5bbb5f1b819f50736f0

SHA512
13537169b86a1e2cc9be110762252381049c1188a58dbe2ce43500469a562d196dc650a67d54f70a8944a10ba00bb38dafc1a7f356f653f4a9e80340b8228f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1267d6edffa357e1ab78a5edc4677c95

SHA1
77268fa668652d077e7266bb7a8a8e5652558434

SHA256
687296f6f08da7a4ad734ac75fdd2ea488deba556947473ae85b5534df0f0ccc

SHA512
5dfbe7fa2b3e80a570c081b93a9a07c2dea48f7cd1a8ffc5e1e8acba66457de39a27faa0e001f278ed802973bce6a50844bb421358a6a192a31b79bdfef03c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fe44810564c643de1122d3db9687f0ab

SHA1
1c514465b5545824b4617af5a0b7d693897eecc3

SHA256
a8d3c4f239052d2abc61d67a494e40979b58066db8a28a94cf945bde28f63aba

SHA512
0e5b6a2aa15f991ce562cee283b6f82c003eb361ccdaa353f4a2f4794a79f401ac86b1db76ad494a8a7c012fae4ce56f21be3af379496d96bab555b1a6ff23be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
97a6749ed2ec747e621ae727511b0e21

SHA1
2f27312b8719f5578d519b2be46fe661fcf71ecb

SHA256
d27a7137bc28ff9085c853c891ec3adad661b1d94caacb91e7495f020cc0d0be

SHA512
f0ca648bfbfcba3d97b5c8b566c692487b47fe3c5ce57c91511a68653b8b763bd1bb071a7d3637136428dbf08e347daad14d97f3f9e34d93fdc0930437eda578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bb324d0201095efde01a0b4e0b5d222f

SHA1
d6cd77a4b6855ce941c842d4211f43df8210af0f

SHA256
42095965904a2eabe6ffcbdba96a29ad9881f9025dd89d4fe7870f44ad53b912

SHA512
c461ed90a666a4fbfe517b579ec3dc2fb4c0cce0516fe4310b3c21e0afc79b1a562497659f39833b6a3d25ca56e085ab9101c28c76fdbd2454e973144404457e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6f4586d667110f4882e73fdded406d78

SHA1
0aae546ea74336c7f55ccd8380512fd98be7941f

SHA256
c71ffa53a092bb2fdfd42c9dfaa1cfe04c1a4cded5a94e2911648ec0eff7bcc5

SHA512
fdde26a36e13d9654d32b7f7f6b37af65c00095905cbf858177e613d7b28531d149d46c109ad29970bbe53ca0642addd2580fce36606f7e6e55306382d412ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d79dc385eaf432449dd72042307325f1

SHA1
13a1f4024c4a2356745867c2cea5d42baf3ff70f

SHA256
8ecf16c9b547140128bd01d67043edd1687dd1a37354af1cba59a2241e2c88b2

SHA512
eae2865f2348f8f9ddac367341e5c92e7c15a9dc7ded0fbeba00a14efda82892e160480a1f5e78fc807c41c740c9eac09d58c11f82499ec41d8c90dda9cfe707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f2f98614d80e65b2fc98d08c8c834977

SHA1
cf412ce2a7b309a23cd09ad500eacfb317399437

SHA256
9232f90d98110994d3a22b85c01eb4abbfdb09ba46210d6356d4a58ab4f2cbca

SHA512
9610c48c692602ea92f5789f38dde03cc5322f8ecf46d64a0f3d1643bd2d934f8157479d50e3138ad6c4bdbed11ea5f2e077f01acf1bce81c08d4001dd029304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04272ce41ada5a262d62d87a3d04e172

SHA1
e0a1ec39076d31caddbd630e9a010b15d5237520

SHA256
5a2501766f899b01f7164a7e065e089aa676c236368c5e7ec177abeebeb41d0b

SHA512
a16b04936232923c08ca5e461063c4d82b10055e3a78cc340a58ebe04a484896e553140a482649c3973ecb3bffc47e08ec434fef8cd3d05da9286f6cac18241b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d58f8ff80b433f35f5822cabe8470244

SHA1
58af9b88c50f8356b3deb76d2df53d748bac129b

SHA256
ff84f818b2cdb27c965075fba78a6bbfd9fd50c664f2ac7367bb463d641cdac5

SHA512
693475d9f31fd3790d9ab18d56be61e0607138c427dd9f710c77a10a10c60522616ea3e934fe4c6983d0f664419185967bc0d6bcbccfe4620b3ee55ece98f1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
179d2c196785765c1f4c35a4bfc2a107

SHA1
96e006bf79e0303f4250ba4bdf997f5b3a315156

SHA256
5d7660f4fc0e3c5e6e07ac0979da2b00e97fab30d57040f4e9d38c5ef365ff60

SHA512
51e7384b80eb88f34106d68d22c8d2b842a937d317f7d0224ebf0f1d7a029068cfbba3e2f51577b03c661ee7c095437c9b3195caab4e1ff2632a4f760cc63117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
617cdd76c0abafd3c43c966fe15be418

SHA1
a43309feed795cc1bb41f62581498b5caa4f1b43

SHA256
9e196580cf71993ce78544e86e8efe5ba00666c7a9ed4994a020ab3dabf7b33b

SHA512
1f7353894c41f6cb9691f35fd23dd776316cef9afc41468f5833107ca9ac2ea6288e65c93d87c604244647f7c457681974ec3245fd76b14b7d8b3ae058e55f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a732574c47ed01b08a2d207f8d035cb7

SHA1
fd2677adfa31ab064fbe709e91e670b4a8953053

SHA256
b8165b82c95db9c6e5788f251585bdd731f21114f9fdb076d094a1c882ef5563

SHA512
c429d9ae9e7279fd3110e5802f3ca5a3628404333257ed603f94d1af70dddc53bd54180d3a74dd05166855356dd5c884a75b41f599d90116032d68e85eb61e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
141eb14671406bee049bcc9b2c932e55

SHA1
75f49a0dcb1b8ecf35a6053c3757eb6172d23068

SHA256
75abe4f476b19d7c5566973322b4c2cdcef841a9027ed662d7cd5382a10ae786

SHA512
d5869cf4e839890e47070d40f3f69326b41997586408e46db8438fa679c97d538e58f7fb25fc8a078b9c0c134abec9e6afdb68097edc10ef24ed6a6dd704abbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
42a99396fc1bc2c42df422ec537ecbe3

SHA1
60f7a56a22cb1b3f05ffd9755eab9f5bd55f5f12

SHA256
0d8d646f00c2db96c248ec915227d1ffee771b933cc8cd918a67ce23f6506873

SHA512
9a311e8dd6eefaedea02fcea27e6c286475349f4abab8b6b79b9c0dbea16a817c46c6f932f6623f71b5757a968b3a8eb3dc40281a425ec06adc0c468095b16f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e77b3f4325c5aacba8cd5ac1676418ca

SHA1
7e01bbb333aac1a2250a303d1dccf0ddeae6d807

SHA256
a592bcd93af08a4ccda5fb88d445ae62e8925ad3c8b9e5aacbf06ad63e774a9b

SHA512
f366f53d45928a91c927b543b16e5a65fe2d2042cf047825e218f082f498353742f45c982d1bc492b643e6fa27a41bb1427d0abaa204587a77cc3e6bd5b6a78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2564ede9376068aab376fd18f1e87cce

SHA1
454d7ec467c45e2c862f2d6c46fd610cd804a714

SHA256
bfa6f14cdd1efad383e2e51fed75ea2301e7c6d2fc1f6eb6ff22690893349adc

SHA512
920bf1a9eeca2358f24b410bce3c921e787df2df15040d18f04b311738e1c669c21168104f7fc9025aed009829f91c0775a5c2fc7df16ac9386faca89a03d931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
400b77cd0c7c83bd1a3ec1cbb6e69a90

SHA1
e8fee71f4dfdb77e075620f5285a247fbacc140e

SHA256
471332a9dd390ee002acde13c278f847283a71b2ec65c0148e18ce1105c7b3c9

SHA512
3e69cd5d28f307c95ab27e770b2729904c4fbe1f2db2f8a463988aba1fa810ae2cf6ea344b97d32d48190b890e69d88ed64749e3a4b2ff0b82d70600ec3dfc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591c58.TMP

Filesize
48B

MD5
8d306f906cf13f830b12e6b37feab75a

SHA1
65a9ff600b034ac94cdcbbe53b690bc17c244331

SHA256
8d22560ad6f07d2f378d965229ffcf5d9c330b5d415e2ed14f67c0f272cc80f3

SHA512
e8c71bbff990bdd301c826634272c79ff1abf57e42994541b3a10f08b4650aa0d5e58554603e543fd10e479a6eab582a373d8be55769e5a60d5e65bd8521473a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
cbec966c30ead482e79a6e55fdbfc918

SHA1
e77f5c4a0b517ddbed1418d1e651a2bff416e331

SHA256
aee16bf95c40b70457b0e65ec31ac2cb88061053d8921acbc27488dc081a2076

SHA512
3a7da227b49b0bcd368b03356d7acf71d98b852009e7f58e7582cb3fa16ce18ecdc2e7792d403581203d60d19696136978c9d2e108477d00f83c8700779fcf2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
20fe1ea1a484e1960b26befbdab98bb8

SHA1
a93cfe0447862cbb49f9a162cc82764d865edfc9

SHA256
4552b8a75dcba4354e18c65f5ddebd7d649bf277c28a246d90450c31ab942817

SHA512
0e4548e0f73ae06cd3b59d0a30ce2b846b5cdb50fe5ea6d7861d78153a3f6a25f09d2620a35f083a395a36720afe785f7e4888d794b6712ed020234b0aaaebed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
b69f268b734ee562203fcf662d6697bd

SHA1
af3a11a9b2b51e56eb413bd8dfb260219ce5e9ff

SHA256
97c0acaa8b08d556943792f336dfd82de0ed225a7d6f1c04fd4abc6dcf921e7f

SHA512
658266b9348c7494f942e6514fb1040cbfceafa4cfa9c64b80323b9e0da09e8c6fa80b1efacd5738129bfaa3bb0fc003898d69d449c6c5683a2a382baca5b82d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
a118d1f325349b674ec2a1a10e4d5824

SHA1
a12144bae3306ed3ff320a9b8c7b5472074c262d

SHA256
bb40c2d94e7f3fecdc1ca86774ea5294437de9805487f9aad3c79f173b4f9e54

SHA512
bb227db6ee1f00783e5929e99b6b402482aa1b3792c55b84a69ea72c2c48230f5cb205eb9d76e19815db3de7f472432bef6bac643252376ff776298784f8e205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3bc87a12-255c-417f-a99e-071913469291.tmp

Filesize
49KB

MD5
2f36963ad6644c261635fedecb7fd64e

SHA1
81de8e0cb16defdd729ec9d625ba06871365b119

SHA256
7bf6ac33d897415d0b570a674af523f27020e67f666340387f8e27de4db0366d

SHA512
9ed6ccdb1e99ffa2a672de4fd510fc0a319f88e507b8115f871d74265e203dc842050822e62b7b0be81b3ff10df3b4df360d1a086c57ffb3108c6e7724173bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
829546e3bde171256217bf302f4733ff

SHA1
355470b0ee3627e462c332d08ffd613b6fd9a6a7

SHA256
ae728ede8e0449df42ccb8bc8cde4670e039606cbc191ec9da1daf7e50260a3e

SHA512
4b4b012a59f696782ba60548a24bcd879cf59a48a427cd11dbe1d16174efdf22470c1297407d540639af69e993478d843428808ff83eb876e0e02f21345359e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b88f662e02310635b0cc5c2a32345fab

SHA1
f668d1c32a1f315bfcec451ecdf8e8f34d8ed86c

SHA256
6182ef790b5eae7f6b6adb552c904ddc156e7df2bb22012d85401b6f4f07a28b

SHA512
1f1c837a64983c8d6c3a1e167b3147f4c48c4cd99bfff6eeb349f122f3d7650957ab44926b489cb218b16fe86c0f90586fc054ee02f47a49d6eaaa5321370643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
40e98c83b2580cf1cae75e56b490ff8a

SHA1
cad42d7b758df263e649ffb11fe0e1f804af4871

SHA256
59b4c50ab73ebe06dc6df5d73a3216a2a9a79e33b8d20dabdc5cedb4951227d4

SHA512
a0253e544033a74d761d352b61a624b828e102ced50cd70ef916ede0f471e166484d903ac4c79d3f226f8f2901aa8d1d8e6205167e69f6d55d6bf451160aa76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
5b1ce21c84a826a46df9625009f2f597

SHA1
8f206c0da026201e85c3b85c325a38b843624f8a

SHA256
bed6f5d24235e0f0262f1d5d61a01a48f5527ad306898f8d19b2dd7afeb55f47

SHA512
1489f0db8b6d7fb499df15127c9298fa21a196808d75570457cc5db6e0edc0ca80589e0e6a3a9cf36cd6f9672bed3cc95984df66cef93b006c50a50738bb0e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
76f6a178c4b162f377aba96a0b318ac8

SHA1
8e5a5da5fe251e680c5a1dea54d2fe05f0e2f744

SHA256
f37d10878785dc1cbc04dc834d9187940ca2021b4666aedba006912087b10b52

SHA512
7e1828a2aa3aa716c23317b14c96ad526a214165041655e8f64340f811fa68b8c9aeb63d4548f27a7243b5b991960191f691228d38dfad85a189916bf3eed14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
427bb9e75010ff2d7b14f53b9ebc137e

SHA1
3f23c3d8706b91f869d9adbbfcef4feb3647cd39

SHA256
ef4d6f04c156f4c86c3f613a386626c44ebe41fdee81ce8b9c3da9f89da915bd

SHA512
33c5f4557c2cb1ed125458c9f68a10cc2593fd24e740add078364ef2dd5835f52c850bad0b4b18938ef7a3a55e1622e6c10aa60de7b88c637270f5bcd50212ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
98bb3cc2aef83e3773ce07a2b927fc52

SHA1
4ca1cbf1ee31aa172bbe4f958ec74b788c4b1259

SHA256
aedb3188c238f73c94fc4320a1bb38767d32cc2f2d1451797616e98714e1962a

SHA512
78edb546ebf7276ce217da3308e732e919e08bfec17fb92384e94361e320669e5ab3a57e6ffa5c42cf1e5053999addc96cca89c613861fe32a9fafff0296a1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ff6d120f4342348431f36e707d31e61d

SHA1
f3684bb92d19d24b00c305f3513f64d92ae2f07d

SHA256
4239babee9f6cfcbfaab191e943ab026b5346cdc19edf948ad008a2563641e81

SHA512
122f7f94e5e54ee5a88bc370b057ae2dddc1eb77b42b09b9f36b7503d64312f51d444d01226ef8e7b1fbf371338cb4316f2d3802c24f6c1491bbc8fb7b7bbdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
462d7cb40057d2bf95a1477f3f2c016b

SHA1
448bb69ea181d456bc7984e479367020800218ed

SHA256
c5228fb8735c1639be6570624b0fbc7aeef9612871d12b942717c098f568a9a5

SHA512
13419b505bcee8412b228d3045362c4423a5a72bcc96cc8130349f60bfb39d6954dc09fa34629d744d45c8ac59792681d6a0e42356e2984a8f685d193c4e9c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
eb25c88fcec8c6c6094334511c80fd18

SHA1
092b0026f62e307bb985a5d0ac362bebfda4878e

SHA256
d1b215482d1a243a15b0b85ce0a1cc2c25804b76e06b9d5e21e3313e4ca8f010

SHA512
310401f9f87dc5c33f59c044db60f9278b509dd1e81c16d753a912237f4356f4c8776eb9635e885b060912c27fce22fbd726d768dbfe919438c7c8385634ae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
c2338edfecb437dd4cd5f01e13b9e4c8

SHA1
bc3cafe6c0442d1b749143bf924d2594effa8aca

SHA256
ea95e5cf465cc4c62d35f5676e0425745663499eda8768653597ca480c282655

SHA512
795d4236affce4aac0984f378edabfa3131f86852c57ab28d28398e740caa313fe645c6d2d2356ad314296f3a59591550f231eb9a4f0477c2894288679a58a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
8cc96712c53a1c7e298712b55e75547e

SHA1
d89176b232c821312b2a29419d0e247e280748c7

SHA256
afd74e5e217ac1b97a15e05748c74196de391c9061cfa3bd8a33ed2a2a43ca58

SHA512
83d982dc8326cb839367c5baa53827471a3b36eca1c683802e3e5207af7c9f24c0baf22cdb9ca46a9ec24636c7fb2df103ee14b121c77638d10e73d888c4ce15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
557de113378bb71d21fee01f208ae210

SHA1
f424439c248fa9e3d30260a2eb053b2f7f5b3cd6

SHA256
ca308095c073542fb0f0eb6b37d16b745c25b838b3fc3a4c89a0123070506aea

SHA512
d02b586dbb958d5fc80cea98525e62f81579669d53ee481906b8149c8e4fafeb070a906275ebad7561172440e3caf39e0e3903d5ec4f1b3e2dbf5815cca98c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
b2ed04df5a2cc2c93b531ff2275d69d3

SHA1
f4eb4a3178b55748d60415cd57ce60436db36506

SHA256
45e7ab0075f70d2f8521d39b5eb668f8f43753ad3ae416e9273859ac263b3dd2

SHA512
5b6ce5916a6f7d2a9acd286eb38de43165ede7c1fae01a76bf0f3b1d1682e33ef0c4dae12058d81150988338813ba65545b730df789630574befbcd9cf7d5e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4c2e1c2b99cb7f5af7295f0096ad80e7

SHA1
86126ca7670fc916b498b7a3cd6065c8e3c64b7c

SHA256
4fd6ef5ffb5a253c2e0bd822997d3705ef6c00964d8e640e414eefcc4027c45c

SHA512
bb2d76f5e21279b23bc9518c201c439e1c9ad068ef0365e119cd3d3c2f13dcaac84b8096ef30825e5737015980a03e48e331958e87456f9581f69cda5701c191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b2476372fe897bb32a04f81e6dfad25b

SHA1
2c6eed0b40e5f63cf099ef1370e305501591fafb

SHA256
36773433f8263e218bb1e7b377437dc62f1cc2fd2091b17e9ac5ac6885fbe380

SHA512
ee0e3eb6f16fe9a7247c0c57c600c887c55d17e9793417ecc00c0bde0eb54e34e6b5e37d88c12852346c4dd1ab2aad00be979fb81541d58ff114ba2e81ebb302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
19344e1c9c7c7cb74e56f3a93f42258e

SHA1
b39585bc6ef75bb321d4ad23f1053c9283fa35c7

SHA256
4d6a0b728a2af76176ad583f33c76f7cb81ee058ea4fbf47b6d6bbb12133f4b3

SHA512
31f8e536f123d4b7b3990960207bcecfd4dfcd848a6d2d6fda02fceb3529fafce110b8bd7416f10a056c0e88034c30121f0f5813eb854f4db0b8e65e09673211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a2883c72652557b051befa11a7432fff

SHA1
ac0ef2314bb9cdd171414460dc5282c9147b2e6a

SHA256
ff6cd7c3f17ceea09534f5a0d9102f1ddcb387c1658ac14f415e4d142434bfa3

SHA512
c80e2d75e1ca1ef512c3c95286b4329f7fafc671eab70bfdce110f46798680b9e94f1ec6280070f2ffc595fd0356047a3552cf0a1a8cec78bcbdd409df961669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
a5ee6f8f20128070b2e254cfee325544

SHA1
52f5f300237005f8e299cf7dc486d6e77242a1cd

SHA256
cc3212757d2b1a1ba0888486657c9b76ca06f746c6f39d7609036fd14125b33a

SHA512
ebb94f0d0945edc8ea78f05801e972bc56ce6011fece4aa6b954309d18994453435e835a4a1a24fe20a613d38fe6f698232bccff721a1c2af625d15a803c4c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
3037513a562fcb05bd119f4478cceab1

SHA1
e986dc4a5d0a34608c59a852cf70e3165c6a5174

SHA256
7628076bc38e87141394a04564c4eb57c3304176cde2af8ecaa96fa9b450eb44

SHA512
51534336295f7ab713bf3d65baa128be395ea1ed0b1ee0af86f51624626a99a3a325c6c72a656d6b3dc74f4aaebcf8d47e3383425a2ea180f084ae4020eec6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2493997b3779f6158967077a830cbbe9

SHA1
6da4db0349deca348a4f16223e57006c02fe85c6

SHA256
b459871bf6e36560b0b81f83dd00b2a5b99b5b05f8a4e9697a860f5c125817fc

SHA512
ab84bf3c8bb445c204de92c19bd209e5bb120cf69345ae3caa0bce85ea92af3d7e0ad09a064d89d085f41070d1979ea932e45bf366ce04b78c99cb87785b90f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9844bd3ccadc7936a020ecc768415cc6

SHA1
4866d12c953ca6ef412ad80c5288e8dd9b0ce63a

SHA256
9b31a6a3c7148d883b8da86c980106b15d21f647bcbd3f908c88a16052660c9f

SHA512
c3770f156750e9b79394a8cc338fd8e0e740882b31575d24f7a6d407ac49394a55675ae4734ddad563deb4e5fc2c863a5976a9e058838b874acf96bc9ff70e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
5e8df6b9f8175b54c8f14f4ce3765736

SHA1
6202b8583c43ddab1cfce57f30824fcd3e6b5ad4

SHA256
9bf9fe709e70ca08b9e13d95553490a5c14f370b51625f5890cc4a289e50b4de

SHA512
db54bc250da571cebf4e5b0aa1cb25ea0256d8470ed465e8ba41a2e6677910605346ddda6df198d101a4840bbbdd61c803c03ab459971092ed9350be4a3b2463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b9b1bc10cbf2895f6d29d795e2416c32

SHA1
096b12c2f6d977a9b385d2273ca5dac11f4f0ed7

SHA256
3565eb0204b00452cbf67428b0e2edead4985e84a8babc938f7aadce872f7ccc

SHA512
ccc69326317c73bc23123bf17bf0922a5b96b245e0813202e34ccaa437fe6cbfe26fbb566dff8d8cf6592d951793294767f38787bca4020955cb01e1aa5651b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
fad6194895f760e92821cd83519a091f

SHA1
8bf8c21942adf7d3d49e5585e97866012ff49f2c

SHA256
4f92686081d6da4e926ef360ed23686b35b461d43024383401ba12a3757e0183

SHA512
fd8b4044f438fb64013f4ecaba4e62f10edd3b304534a313112bda95f5634056015cff29605cd5523783f64dc5c9d3d5bc58a707a85703d91b8c775fb9c909ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dbe2eb1f-b05a-4b22-86c3-d99f60ac2d7d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
3KB

MD5
311b6f9a7fc033b1784569242e56e830

SHA1
2a3d554dcdf6a6f7b9ea1204fe4dd57708c6bc18

SHA256
26483f3fdbaf97f748f83bf2fdce3e64ce02d6a894d1cc88da7d057b256075a1

SHA512
523e3edf2cab0638a98e74ce83e734013b19f0a6c7b835decb15a14fac074d2a15224ca84f389965cf8f58af8f569e9d606444d813af1fa9cb537fdc23a01685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
edc24a23b43287982ff1130360365d95

SHA1
49f13146c2073359083f74a43f40f8ce335c9e88

SHA256
317c62e4190bb8c17f219754a0545bed6f5fc8016b8376c43cb00cae9a40b68e

SHA512
4301cb206f6cba2eb84114d2488c0c281958617b2399db6b9681218b3afd15adb61ea5199ef4aa7b61be4cb052cfd10c76b30dae7bd7050a6e7cc241ce006cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
e9c02d8efd0194e7d898fa410e673ca4

SHA1
1637ab607ef0807f2e6470af9938eddc47a3bd0e

SHA256
d57aba6e0969000207ce1002fed4a6012116db64e57c6c12a9d05b21f1a07b4e

SHA512
48d90afb2d8867a06234a7a6bd8028ad27de2e2f5a3bf0ca30111492498867dd2ab78ac28a908ebdd593b808f2eb2ffdcea420b1f3223190aabcbcb2f82974fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e2ff6ca3b865d3c99239e2b1f1c4366d

SHA1
7cdd3fd15014064fcb81fac08e719aff5592ee07

SHA256
7adbd6b3bfea7f30e8cebe13136a8d4044b3b966def3bd3d8f0dc5bd138c753c

SHA512
00d89aace1f64deba221dc0d3bcee5e7f11c2faf1d30bff04abb3f559b055731e601c00d930c6dd32a2bcd253070694299f149aeb717e60d6dea5da4ed1179ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3e20a5d9351dc6c31d297160632fd82b

SHA1
ebcc8056df692e46423629ab193c18cdcb3665bd

SHA256
a11cb6aae5ca98d0e9d164437dd3853bda5d3ece68f734dbcec693c506b10d81

SHA512
1d0ea8b25530329e14512d8ef268b9d5fad93882a8d3603995c4c75792cff2b2decd1f4ef92a93d4955057d75fcbdbb67e391ddb11d9f28ca9d59ee4585fef94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
81405a36cedf63fc45fb0d9585725818

SHA1
49136cb7b7979d95df3219c676e2a4c4f09969cc

SHA256
8a2435cffcb0ba8fc13ab98bcc3d19053638d987ef79eeed52e90e0fd7aec551

SHA512
db75996db4fd6ab4c1445ca2e344d98e4f6ac7b5c9a6da94a02fe85cbab97b100a338e020dfc2c1670e47c0e75c3139b60290d68e547f2b8dd902d029644b14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
9e5fa17e1e043bddd35c7da56314aef6

SHA1
3f0f6a159335dc682d66ccf0bb26dde483256d4a

SHA256
de4a3e33af0db476f26e70d83e5f3c29aa85a545e0b8c1d01e37a6fbeaaac0be

SHA512
fd269a0ef1a965cb7b9fcba607b82cf8cc1fb5a99d4e0e1c9b0c48aa86f9f98a7c9438087d92dc6daee815a62ccd0ac8e22e4d79f12d1bd62f112655c4ad1a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
b7b92ab85188f87669a7a66ba38d4027

SHA1
ee78a3fdbca65e5f6aba4c7958a6a3748a217896

SHA256
b6a7b4b4d0a7c78d750ffb323722d67e54ab41eb4d79ccee6d7d67b9603f62ff

SHA512
78ae46d80a3d54709b22d997b54a29fdb4993620aea1274a7b30e97624b4459b7413d804f938c59cb993bfdc60f9903e6553510fac36880888bd1bdfa84d2627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
056a369f70e6b32b777b09e7f8677561

SHA1
80e70cf012a2b304b0de8199fba997f601dbb132

SHA256
65ff9812ff53f4cdd6ab2a05f8b4e784e9f9c0ef293cb62e74fb50b29772e9d4

SHA512
f6154c1c3d62161eb536071a2fdab2257da764f6c7ad0234af352d82b392f07743b3ce28d9d606c1381fea483cec079f650a75bdcf434aff15310370e4cd2223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
b2b43ca7222923d62fa5f314cfe8cc56

SHA1
c987bc316ececa27abc09fb9d535f3dcc4b8b7d2

SHA256
f99e69f4158ccef3119711139c042bb955237d6f2fb399a6244ca2e0f4ad7bde

SHA512
d8933fd3842c95e2430c043e52ae8ff1afb34ac09358b61158164fbb026493aaa5b3f1da221853af1941eed9d6a35b6deb19718cd089882261c11d3a473d8464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
4bc6b5f0774a6a3b4d5f938498eb4681

SHA1
16e841b6130b460ae99ddc22b73b3ea3d08f94dd

SHA256
76e1cd098f0853e637f058daee748dbd5427cfae0aa3c8eadc9114f7f920786f

SHA512
c756818fbb74a8a374a22ed0186298cc6c2e9004629ef06a28879bdcfc831280fcd7e3cba0f115988566e1747395e2b9c9e7edd3ff999945d77c1ff067619c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
363ea7e5746ce2336c2ff486deb8fe81

SHA1
184f806f6a90b53e6d5ba06f6d040e24c369345a

SHA256
ee09eaf8ce9ed8f315716bb8e3ca6541ea1668236f419f147da6ee3f2a8cbf4a

SHA512
f09c2abec8cb0fcee760a94f65072abe37f7a39e10beecb476d9a215e76d0cd5b469e15cf7825be664b89c677de0e622872ac1cacd359db196b936f9f0d8d710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ff0c5e18a5acd908e27e88b8117f7982

SHA1
aafe4eb6277c46ecf5c6f93ea1820628b28bb09f

SHA256
59823be618057599a0d9453ee286063cc4228dd6e9f1a65d13829086bc9c4b44

SHA512
b5fee84aaeffcb1240fcc2e12e83ca1ca41571e1f00e1705ae1a5e0b28f29d023d8094918281c44c1ddc82758452414daf36c6de1a4bc38b3c43cce58a7122ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fa4282ed4ff60f93fd564e70b12af79f

SHA1
6b3df5fecaec4234d95bff88acd9fc496d035b93

SHA256
d122a0e6679d64eb1d8c86e9ded124478cb0ae9a884db10b75ba1ad0cd938a43

SHA512
d0978f0e222aaadb4b76e956fa0f32ebd31e1b9f506598c1b9b4ccf34ac58a77885d34f7da508afe56c41c00c1dfd1f79a1314fcabf1a4f6a1b037daf75f7fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
cb1c2adf0768627a842b0aefb3e78001

SHA1
8d346901460c64e2f3729804a1a255f3d2e8b782

SHA256
f1cb1f0470c568be2550c7662d51150c9b7f1718a74bbb4ec57a17df8d100abd

SHA512
ed7f5b042345db5fd16ecb6dfbdeee3e260371dee5d10efcf0a67b914e65252285c69ea43daed39481d06b9d4c243d6cc7b95d80f5b4294761f1adf2ad7ce235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
5bb2d5f6abe43bef4d9e902daeaeda23

SHA1
a7617fe801fa8be3010324883deedc883bf91518

SHA256
46e16fc5ffbf085c137860be127f875f955f79914be5219a3be845326a29bc16

SHA512
9c0e4eb4fd5ddeaa366ff8a710d5fe9a0edcd371607fe51f1b2f3cc2ebcd74d9ca358d4179cfa8e856e9ef89c42f33837ed3b6444e156dadfc10cc4880e6d854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
475c91ccc21148b018fc4a97d4ed6bdc

SHA1
04d64dd4ae66ea13be265b0d6c0440554d807c4c

SHA256
76cbe105cfc37a04190fc09a1d3df61dab0e89c66b06ca36e3d73691bcc04ce1

SHA512
511ec2b86ef09279365bc68431b9e4551dc35130f9bf866b747816b5b33e8fa7b7b853e8d5188b76a63d852dca73e59029f9954e1abe9e47569d4604bd9465bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db

Filesize
68KB

MD5
347b8bafa1ce8a57797452eacddee957

SHA1
e4c0bc84f7b13b0d2c56d62a0ab53a171edb21cf

SHA256
f50eb4e7b1a0e03c2f2f6cd400a5c4a190762b9e9a23790691bd525d8bb27e86

SHA512
12b801c368b58308ee4eaad1f469f5beaa454803daf531f518a7060b84756ed4c9c28e9fcfcb6eed11c9c536afafd5c38b5c75b900dbc38681c10ec3070ef229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db-journal

Filesize
516B

MD5
1c18901219f7ba9d6c52a549a98066c4

SHA1
9cbd826a9a5ab47280f6859eced51c627994c976

SHA256
0802a142e18c99df4481592d09a125ce74a168deaed55f4ffe615574df0ee6e1

SHA512
53ec4a7d09ff53eb0918cb5130f6fc33454cd2611e1bf77816a7c91f93a7ce156f858328fe9fb8d0d50f8300de52a93721ab48279b9a3233ee8b48391880975b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ec00548ac71b98e3325cd0e9d1d420b8

SHA1
5a4011d052c2adddcbec8c65b187e0cd7b5aeee1

SHA256
4bb40125a241f110804a7f426f5155bbe94419c4b58e7f08594b1219056cd270

SHA512
46f2ee88f40948fad1efe9174d5aaa91c8039c84e2b91ec64632ff44e5549a59b65db6cf96c9ae84aaef4ae8d66d1aa00a4fdecc220db8aec2803f128139caa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

Filesize
2KB

MD5
1bfc7fdca2e8f92c098facf4552fcd7f

SHA1
a0baa3dd1abb357fd83297923c3eb4d2bcfd30f4

SHA256
dc351950ef2186776f60882cbaf49d301de4d1c9b17e91d937fcad0ea75aa25f

SHA512
15baa7fec8537dc9f2434d36616f152cbcde0f3448b0b428ce5b10eecbb96edfca55ee79ba136278e6f31d56296f83e186896ae01665c1084c5a2f88704aca59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
117330b11ce35f05edbb21da428a9c53

SHA1
67e0a17e0c1905f54fa02363d5841b1fa97cffb3

SHA256
6ee906c247338be0a449e4bc6f071f6a3c9a972df38a361e7a3aedc57e57495b

SHA512
3db6dc4129a1ae11624144c2b1a5896f0c71d3e3dad91e799a947e0309d5d1b31433acdfca8f8c01d06debaf8c62af7a86f6e4999625f4976049269220663a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
0c2b9ba31b367dfa367ec66b0fbc4186

SHA1
a39f43f5a4d1073611538c6b0b32afd9f201fe85

SHA256
f79b7839a8ac2f5d2ac934e5a1a976a82c5f4ba1500ac9bbd0ca09144b22a0f4

SHA512
1315679916d07c793ba6ed418ebb256ac64eec8f61357fbd03f1700af8d32d83da61ade7112219675139b708d4c63b68ee2aa4cf19177cba254143b6e1d7e430

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2896_1178122187\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\128.png

Filesize
4KB

MD5
d056cec3b05d6a863ddfa7ee4c1c9f0c

SHA1
dcd15b46dea9d234f13d7f04c739a2c516c973f1

SHA256
ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9

SHA512
751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\af\messages.json

Filesize
772B

MD5
7bc8fed14870159b4770d2b43b95776b

SHA1
4393c3a14661f655849f4de93b40e28d72b39830

SHA256
aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847

SHA512
7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
83e0e58d0752ff7c3f888e6406413b84

SHA1
14a8981e4355301bb3073db6d7ffb337ef8482e3

SHA256
64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef

SHA512
fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ar\messages.json

Filesize
2KB

MD5
c825621044e4d5c504404dae9752285c

SHA1
68c1e29daf042487cb76629abcdc03f16fccc92a

SHA256
47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802

SHA512
4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\az\messages.json

Filesize
1KB

MD5
c603747b8578c1324dd262565f643e06

SHA1
5cd18bb971af007d9a589377a662688daafe7519

SHA256
614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64

SHA512
59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\bg\messages.json

Filesize
3KB

MD5
361b516edf253851044dae6bad6d9d6f

SHA1
d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b

SHA256
22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae

SHA512
b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\bn\messages.json

Filesize
2KB

MD5
b1101fac65ce2faa3702e70fd88957d2

SHA1
06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724

SHA256
3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8

SHA512
398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ca\messages.json

Filesize
843B

MD5
fbb841a2982166239d68907361f41f61

SHA1
4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540

SHA256
de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1

SHA512
8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\cs\messages.json

Filesize
953B

MD5
48663a88dcf0ef6c9fade9bee4935b91

SHA1
af7cad1498bb4b0f05c1468abe3563d0182a97b4

SHA256
5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7

SHA512
3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\da\messages.json

Filesize
764B

MD5
0e451c9c8453577e513aabf630c275f2

SHA1
5912cc58aa82bc75691540c8aeaca7c68641539e

SHA256
94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2

SHA512
a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\de\messages.json

Filesize
927B

MD5
5daf77ae7d2b7dbef44c5cf7e19805ee

SHA1
48c06099aee249dd05b268749836e3021e27cfb5

SHA256
22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528

SHA512
b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\el\messages.json

Filesize
3KB

MD5
32886978ef4b5231f921eb54e683eb10

SHA1
9e2626e158cbd26a2a24a50e4e8cfd98a49984e9

SHA256
728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f

SHA512
416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
708B

MD5
c4e77421f3361277f7e3aa3472b5eb10

SHA1
f8ddd7cd0cce742e68443d173196471e8a23bd83

SHA256
c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7

SHA512
6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\es\messages.json

Filesize
878B

MD5
59cb3a9999dfbd19c3e3098f3b067634

SHA1
bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4

SHA256
02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533

SHA512
9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\es_419\messages.json

Filesize
880B

MD5
94bc2d5609f6d670e181e1ff0d041869

SHA1
58d2c17878e7b6e73daa544b8ca7774e5d902a17

SHA256
e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7

SHA512
04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\et\messages.json

Filesize
914B

MD5
b18007bfc2b55d2f5839a8912110b98d

SHA1
842ecac418424b2fff4db81e4385d59e098b65de

SHA256
7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f

SHA512
166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\fa\messages.json

Filesize
2KB

MD5
e578e08ee604158d674982ba060396fd

SHA1
fd601092203317fe9f576fbfd675e274001efa80

SHA256
e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e

SHA512
131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\fi\messages.json

Filesize
840B

MD5
1d4778e02337674d7d0664b5e7dfcbbe

SHA1
fe1763ac0a903a47446a5896a2d12cce5d343522

SHA256
a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213

SHA512
771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\fil\messages.json

Filesize
799B

MD5
f954b2e970dc96e5889499db7392fd59

SHA1
39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf

SHA256
41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a

SHA512
23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\fr\messages.json

Filesize
902B

MD5
85718fe4820c674c5305d33dfb5cbddc

SHA1
d4170743349f3e037718fde17bc63a369c2e218a

SHA256
6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c

SHA512
678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
901B

MD5
681422e3fcf8711af8eefbb75a607c8e

SHA1
3d3576a989c8010a397888429476f2800052e79a

SHA256
af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317

SHA512
2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\gu\messages.json

Filesize
2KB

MD5
86de754c2d6b550048c9d914e55b5ff0

SHA1
5b6654101b3596742be06b18ef2a5d81da569ee5

SHA256
cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61

SHA512
3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\hi\messages.json

Filesize
2KB

MD5
4a9c9f947b479e5d89c38752af3c70ea

SHA1
799c5c0ba3e11ad535fa465ab87007c36b466c6a

SHA256
14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e

SHA512
293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\hr\messages.json

Filesize
863B

MD5
eb6c5133c1fe7f9e8e4449a917d185d9

SHA1
9be42ac75487a77dfbbf01ea2098886e69956356

SHA256
985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1

SHA512
1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
fb8d08676aa88683f27a2759c5837529

SHA1
80badd0de6a8d87a8e14232f71fbcbe231eee443

SHA256
cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7

SHA512
5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\id\messages.json

Filesize
718B

MD5
3fefe403f5f537d9a2d28ab36b2c1a94

SHA1
dd674520092f333aff63138f660987fbd8fa51e0

SHA256
35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb

SHA512
45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\it\messages.json

Filesize
756B

MD5
88a9acd41521d1d00b870e2da3044a88

SHA1
36716937ce047463dbfa5cf1f5ef4277fe354d9e

SHA256
3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345

SHA512
a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
113a674f2e4c66cc4d2a9c66ed77adea

SHA1
f5d38b743efa022d6f886bacd3afa850557e2762

SHA256
c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35

SHA512
e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\kn\messages.json

Filesize
3KB

MD5
f55ce2e64a06806b43816ab17d8ee623

SHA1
27affcf13c15913761d0811b7ae1143e39f9eea4

SHA256
5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed

SHA512
a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
e71a91fe65dd32cac3925ce639441675

SHA1
91c981f572497a540c0c2c1d5fb28156d7e49416

SHA256
57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec

SHA512
2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\lt\messages.json

Filesize
1002B

MD5
8047409dcc27bfcc97b3abce6dab20ef

SHA1
d85f7a7a3d16c441560d95ce094428973cbad725

SHA256
b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c

SHA512
4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\lv\messages.json

Filesize
959B

MD5
20fa89ba92628f56d36ae5bd0909cb15

SHA1
52d19152e2d5848ebaf0103d164de028efecdbb7

SHA256
80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267

SHA512
5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ml\messages.json

Filesize
3KB

MD5
ce70315e2aaeda0999da38cc9fe65281

SHA1
d47fc92d30ec36dcc102d5957bb47a6c5b1cd121

SHA256
907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663

SHA512
af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\mr\messages.json

Filesize
2KB

MD5
34ce3fa84e699bce78e026d0f0a0c705

SHA1
5c56d09af53d521fe4224a77aa66e61a3b0165ca

SHA256
275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3

SHA512
3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ms\messages.json

Filesize
796B

MD5
db4d49231c88c11e8d8c3d71a9b7d3d4

SHA1
4829115ace32c4e769255cf10807f3bdb1766f44

SHA256
9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81

SHA512
c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\nl\messages.json

Filesize
771B

MD5
d448e11801349ab5704df8446fe3fa4c

SHA1
6e299363c264fa84710d6dbeaedc3b41b7fe0e42

SHA256
e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198

SHA512
49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\no\messages.json

Filesize
758B

MD5
66439ba3ed5ba0c702ef94793e15de83

SHA1
2b3ca2c2be15207deae55e1d667c9dcdc9241c74

SHA256
b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518

SHA512
8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
10ba7fe4cab38642419be8fef9e78178

SHA1
fddd00441dccff459f8abca12ba1856b9b1e299b

SHA256
6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d

SHA512
07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
832B

MD5
8e24ec937237f48ac98b27f47b688c90

SHA1
bf47d23436a890b31799fff14a1d251720eced00

SHA256
a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68

SHA512
060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
855B

MD5
aa431ec252b4339a49d172c6b9292ba3

SHA1
26fd7003368d5342620464a53af547ddea7c7328

SHA256
156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357

SHA512
c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ro\messages.json

Filesize
930B

MD5
ee122cf26ebe1ad0cc733b117a89ff3b

SHA1
a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e

SHA256
4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c

SHA512
4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ru\messages.json

Filesize
2KB

MD5
f70662272a8fc9141a295a54002f644f

SHA1
23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0

SHA256
df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7

SHA512
b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\sk\messages.json

Filesize
947B

MD5
a46e08b45be0532e461e007e894b94f4

SHA1
387b703c55af0cf77874a1b340969ece79c2705e

SHA256
5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3

SHA512
388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\sl\messages.json

Filesize
855B

MD5
9cdfa5371f28427f129d200338c47494

SHA1
19653347e92967564bd8df14fde2eea2dc87bceb

SHA256
75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581

SHA512
e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\sr\messages.json

Filesize
2KB

MD5
c2026342237e7686b1932af5b54f8110

SHA1
5af235b29947c7f770070f0a693979d9191fadb5

SHA256
a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73

SHA512
2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\sv\messages.json

Filesize
800B

MD5
f008f729147f028a91e700008130da52

SHA1
643fff3dc0694fd28749768314150b30572caa54

SHA256
5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba

SHA512
f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\sw\messages.json

Filesize
840B

MD5
84eb1d6e827e40c578469eaab778e368

SHA1
3f53de16ab05f7e03ae6c8605c2339043c1a385f

SHA256
2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f

SHA512
7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ta\messages.json

Filesize
3KB

MD5
24626ad7b8058866033738380776f59b

SHA1
a6abd9ab8ba022ea6619252df8422bf5f73b6a24

SHA256
3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957

SHA512
4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\te\messages.json

Filesize
3KB

MD5
50ab4deabad394d13c265b8b80d9f9c3

SHA1
ce9c786cc92359ca34483bd57ce121f699920ddb

SHA256
90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599

SHA512
3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\th\messages.json

Filesize
2KB

MD5
0875b0bad81161ccf2c16e13ee49af9d

SHA1
686663983a022689dedf5ba22c0f169e1a654e64

SHA256
d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810

SHA512
d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
3104bcd0d4ad6b47fe36f36c1b5aa333

SHA1
36ec46c7230487c0d26e185aa82f340d8312a265

SHA256
ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35

SHA512
873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\uk\messages.json

Filesize
2KB

MD5
ae938164f7ac0e7c7f120742de2beb1e

SHA1
fc49041249eaef40632f27faa8561582d510d4e3

SHA256
08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174

SHA512
b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\ur\messages.json

Filesize
2KB

MD5
f6e8fca4fd1a7af320d4d30d6055fa6d

SHA1
1c4aae49c08a0e4ee3544063c10fe86e7fdab05e

SHA256
504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a

SHA512
241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
1e54afbacca335be3a050920ddfbe863

SHA1
fabd5e9d6bda46c9708a0ee26302156ca413a1dc

SHA256
f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327

SHA512
dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
1KB

MD5
e910d3f03f0349f5c8a6a541107375d5

SHA1
2f3482194c98ecbd58a42bd29bb853267c49a39a

SHA256
3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc

SHA512
387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
1KB

MD5
b571e4cefd96a2651ffb6621c4d3d1b4

SHA1
9fce97192139d1ec0885fd62a059fa81e473f9c5

SHA256
16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146

SHA512
6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir736_432206914\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8fc29c5d94268b68c3a6687e96f36329

SHA1
b397fcd0ecb02a38d80dbdccc0df62611f4a92d4

SHA256
828f9f2e8a8e2a2d7730f824a0a97933117f2ee14cb3d53409137541e778df5a

SHA512
4543297557992ecc6c3023a90a176148873c6f14020891af746ca42e935510c0e339656247219f77db13ede35cc0c400407a76bf5e93df1c488f3c0d6f63befc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
15b373dea5c38869beddd33b1c389826

SHA1
b208fc9ec0089ff86fc7bfe47eeab3d120db4e5a

SHA256
c92391b5558fe05dcaedf17ab4fbd3a7dddfaada06bacf3fdf9cb6fc546b0a7c

SHA512
d45c27b321f68f6554e28e4304f94337549290948a7417e3a4e0bf76424cf3a469711b6f9910f363cbbae01386b91ab4bb2ed4356c267008cbc16c118da43d99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
2f3faf50f7d3b31b444b296c15e9abee

SHA1
3c7ca41a4ecd26a3db1f8eddd816c32f0ad5ebb5

SHA256
a1a0ca2ceade2030dd945556f905259113510e743ea25e7cef5c0e6317cc4b91

SHA512
a625492694e017827ddb6747db26eb7b36d740e243f9ad19823333b9fc24b5e795330b750b176afbb4dffab7e90c1ec73c4ed5e768cdf3ba9d39e2bedb3bf535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
4f10fc017c0f5531060d41d4f4966c73

SHA1
fa7897fd20cec2e53614d7023cddf8485680c009

SHA256
ae590565f6b5073f7368a4a8948c2309e14be6e9f684ffaee9cb80bb6e945f12

SHA512
f8cb694706bd86eeadb0358fe921cd20993089e829faa387a9ba7fff07c01ae6e27bc901962441f665746dddf81663c6fbf7c84752c23eb7927bf5c73744f791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\20d4f0be-1331-4174-8bc3-fb7dd0803bcb

Filesize
2KB

MD5
51c5e07027ff1239a7a6df9a47c2662f

SHA1
e4f1bdc82b6968a748533bea7ed48740f973b05f

SHA256
cff77ead533f871271854bcc086f6cc8312508fa1b16ee3694473fecc789c481

SHA512
1afef250355c0b199fd1735cc6e987932abe3e0310472d3dc27adff3eb3bd2e391a1c62f07038ab7784be0bd965d9d7968a1ad81188ae773c57d7753e396a129

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\24f6f206-da77-40b9-a2db-0c55a5fddc38

Filesize
886B

MD5
67ed08f8b6a5db08bb0bae05926274fc

SHA1
46db8d0cf8c51718fccb2c8a5ace79dccff03c4c

SHA256
4e984aca892b0027f5e258b9ffb35c21ce7e2f1178fccf5eb76886f6ebde38c9

SHA512
01ce11dc1a383966eb30d6150daa8a8a6ada57977bd3f0c557651b9c6a226a28510f9c078f1df47d1dee47fd1497716136ee60fa080dc0d31df32e170d5a5735

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\4e138c5a-5058-45c1-80de-0bc2807a55d8

Filesize
235B

MD5
e4f2992d914ceeae12dff5ec1be072c9

SHA1
4d20105a6e377e907e40ee31173098e9e6ef6eac

SHA256
38ce78c61f289ce2e7ee66c4c9854372ee05d4f6e3b8d7b2bdf99db1061d7da2

SHA512
210f8e989f01053d981ff4ea4fc166b7b33b1096712889995674c070160bcb90659f266151193b2eb1963dcfa50ad02c0632a8240cbe08ccb413d9aba97e8608

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\ab8416df-729c-4792-804d-b2831ca2726d

Filesize
883B

MD5
dd64ca5021500c81c6bc06e9ca3a40ff

SHA1
f06bc56b4417a53dd41188d90e85945bcaa2bae9

SHA256
3c09d22bbda36937b33fd641a308774ff7e680a23d1831cd09838146c1541fd1

SHA512
b0532948a5c39d9071d92df8c7fcb973dcb75f0923ee3afa7cbbbc49df368601077363636b9b74069daca3cff7bb6b20983d3cd3085771240da441b1977237cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\b541652c-f7a1-4a0e-b26a-7c1440a0fa3f

Filesize
16KB

MD5
6f616691c1634d93d3d1cfd7df3aef75

SHA1
a4f2cd6bde3f89ff56cde7a1fda6d16d3ca011e7

SHA256
6a90f7586364bb431c6be6dfc9de204508765dabbeffb53a2ee9f83dcf03898a

SHA512
e829535984e83458773c67ac05f54d5ad9d1e6288403b158e38efd2a51c8972a26e078e4eaef95159d320408e79a65aba72353319992c6cf66fd7254f3e4aff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\f300ab52-1ce8-4cfb-96c5-2578aacdceb3

Filesize
235B

MD5
005956efe188221a36150915b1b69a10

SHA1
b345b8baffb9b559cd0a81a32cd7ac3a5859050c

SHA256
463d9bc754d8945a3f604f96e762f875bc1e77eea8ddf8ca4c9cd7f04f3b5e8f

SHA512
fdacf5df0e247b16192e884039fcc237dc586f8e355aa97d8963810c9a952f9ed28102d8749f2c4958ddbd3c04761d51d2c6795fe7e76c840b3504efb69a59e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\datareporting\glean\pending_pings\fce54df1-2cef-473a-b3a2-cdcbef0274a2

Filesize
921B

MD5
4017ad25bb72a378fc92ac4709ec602b

SHA1
a549fe826394a22d52dd785bf21b696ca6d14734

SHA256
c37a25f0da3eb841176934e94032c34022f23418c6a50bd39f865bc68de9a983

SHA512
65ce0270e83dccfbace4f7bb99cf169bcbd681f8877f47c3c38216499cac88f108fd7a272b720baddae2fbcd2065dde7d0906122d2ff0a335c2d9ad1d0805b0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\prefs.js

Filesize
6KB

MD5
d9dc817581ef1054217629b42207f9d4

SHA1
1d5de3dfa3cea3e103344d64dd1b49e62e39dfbe

SHA256
cb8eec9051780e2955ed2b1994e479c19125dd010732dd17fbb90b3628082e74

SHA512
eab86397eebf5433dd94acc7cf3fc09c13804c450308253921371489802da163a4bff3331855c9e704b69069dcf515949726cc51e31e7d9c2f765c6a3de809ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\prefs.js

Filesize
6KB

MD5
e44e3b99a624b3f6cd4c3f91b86e90d0

SHA1
30ec3e8bdfc93bf71ad3a9a96e7e92be7eb3ddf0

SHA256
d6292e0c8fbfde59e08e15cb6eb4b263a3f902facdd95a6dd151a89c077819d5

SHA512
43cb25cf7aa824c1979e00d60cdeb87fa7ef9a5a6d4815c497f5afd54ec90cec1879366f498943098d30ec2fabf2d1b5227187ece48f4eadb9a4417221fdaad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\sessionCheckpoints.json

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpvc2cwh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.8MB

MD5
e9ca34583cdef7aba58009fbca4ffbaf

SHA1
4f458b1ac7a1d78b202450b7cd603e3e1d19cf3d

SHA256
997d010b4c3f33cff9d9aae2a7d48e7a904c5f5f5971eaed139cd4e6c6d38878

SHA512
ca9c4000a3bce004de9dc5e1e36b517c4fe8db710069d5c4e80b9f2b810092dbe2d3cf5127c72253a7933f396464ea4bffea38a5fa8f966744d2c6ad4fa72188

Download Submit