vidar | 4f550eeca883fa772e5cec50c7c357591d8d24f892fa9ee416f2e780a3caf1b7

Analysis

max time kernel
104s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f550eeca883fa772e5cec50c7c357591d8d24f892fa9ee416f2e780a3caf1b7.ps1
Size

3KB
MD5

b228c467b518134d8c53ff8612fb6446
SHA1

c3eb9933f73851c7f7485813abb9711eabdb4949
SHA256

4f550eeca883fa772e5cec50c7c357591d8d24f892fa9ee416f2e780a3caf1b7
SHA512

21ae6179ae6df3f66268aba2762d882e47459034e790bceab17700fba4b65fa83e58d3cff86b68f146e2b8ea6cab34c8431ccc5763f0d740d4079f20522dcfab

Score

10^/10

vidar 00cb84c6bd4caac4bdfc1131beae4df7 credential_access defense_evasion discovery execution persistence spyware stealer

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

00cb84c6bd4caac4bdfc1131beae4df7

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://tranquilityparadise.com.np/crypted.exe

exe.dropper

https://installsh.pages.dev/config.ps1

Signatures

Detect Vidar Stealer 64 IoCs

stealer

resource	yara_rule
behavioral1/memory/1380-46-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-47-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-48-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-56-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-58-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-63-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-64-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-67-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-71-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-72-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-73-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-77-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-78-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-120-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-417-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-418-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-419-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-420-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-423-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-427-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-428-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-429-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-433-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-435-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-821-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-960-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-965-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-968-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-969-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-970-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-971-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-978-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-979-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-983-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-984-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-991-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-992-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-996-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-997-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-1001-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-1002-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-1003-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-1005-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/1380-1013-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1065-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1070-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1071-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1076-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1077-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1080-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1084-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1085-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1086-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1091-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1092-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1448-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1449-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1450-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1451-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1454-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1458-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1459-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1460-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral1/memory/4716-1464-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	1800	powershell.exe
251	1800	powershell.exe
253	2188	powershell.exe
427	2188	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1800	powershell.exe
2188	powershell.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
2	1800	powershell.exe
253	2188	powershell.exe

Uses browser remote debugging 2 TTPs 20 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
2312	msedge.exe
772	msedge.exe
2116	msedge.exe
1132	msedge.exe
2668	chrome.exe
624	msedge.exe
2200	chrome.exe
5596	chrome.exe
2784	chrome.exe
5864	chrome.exe
3852	chrome.exe
4552	msedge.exe
6120	msedge.exe
4856	chrome.exe
512	msedge.exe
3876	msedge.exe
1960	chrome.exe
3068	chrome.exe
5664	chrome.exe
4648	msedge.exe

Executes dropped EXE 2 IoCs

pid	Process
4384	updater.exe
3452	updater.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate.ps1 = "powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File \"C:\\Users\\Admin\\AppData\\Roaming\\UpdateCache\\WindowsUpdate.ps1\""	powershell.exe

Hide Artifacts: Hidden Window 1 TTPs 1 IoCs

Windows that would typically be displayed when an application carries out an operation can be hidden.

defense_evasion

Hidden Window

T1564.003

pid	Process
1912	cmd.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4384 set thread context of 1380	4384	updater.exe	97
PID 3452 set thread context of 4716	3452	updater.exe	154

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MSBuild.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MSBuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MSBuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MSBuild.exe

Delays execution with timeout.exe 2 IoCs

defense_evasion

pid	Process
3588	timeout.exe
4060	timeout.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879483449700847"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{EED403BD-9AF4-4A71-9AED-B678FD787777}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{D41E320E-A4B3-4F2A-A18B-AD618A233AF6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
1800	powershell.exe
1800	powershell.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
2784	chrome.exe
2784	chrome.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
1380	MSBuild.exe
2188	powershell.exe
2188	powershell.exe
2188	powershell.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4856	chrome.exe
4856	chrome.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe
4716	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeDebugPrivilege	1800	powershell.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeDebugPrivilege	2188	powershell.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
4648	msedge.exe
4648	msedge.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 4384	1800	powershell.exe	96
PID 1800 wrote to memory of 4384	1800	powershell.exe	96
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 4384 wrote to memory of 1380	4384	updater.exe	97
PID 1380 wrote to memory of 2784	1380	MSBuild.exe	101
PID 1380 wrote to memory of 2784	1380	MSBuild.exe	101
PID 2784 wrote to memory of 3232	2784	chrome.exe	102
PID 2784 wrote to memory of 3232	2784	chrome.exe	102
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 664	2784	chrome.exe	103
PID 2784 wrote to memory of 3160	2784	chrome.exe	104
PID 2784 wrote to memory of 3160	2784	chrome.exe	104
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105
PID 2784 wrote to memory of 5332	2784	chrome.exe	105

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\4f550eeca883fa772e5cec50c7c357591d8d24f892fa9ee416f2e780a3caf1b7.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Downloads MZ/PE file
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Users\Admin\AppData\Local\75a5a056-8a71-4665-9f90-cc5fc9a1ab49\updater.exe
  "C:\Users\Admin\AppData\Local\75a5a056-8a71-4665-9f90-cc5fc9a1ab49\updater.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4384
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb8eb3dcf8,0x7ffb8eb3dd04,0x7ffb8eb3dd10
        5⤵
        
        PID:3232
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2012,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2008 /prefetch:2
        5⤵
        
        PID:664
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1604,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2296 /prefetch:3
        5⤵
        
        PID:3160
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2284 /prefetch:8
        5⤵
        
        PID:5332
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5864
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:3068
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4228,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4308 /prefetch:2
        5⤵
        Uses browser remote debugging
        
        PID:3852
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4588,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5664
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4844,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5288 /prefetch:8
        5⤵
        
        PID:1840
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:8
        5⤵
        
        PID:2132
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5604 /prefetch:8
        5⤵
        
        PID:5444
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5664 /prefetch:8
        5⤵
        
        PID:552
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5548 /prefetch:8
        5⤵
        
        PID:556
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5676,i,9177047694330919104,10369909524176796391,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5512 /prefetch:8
        5⤵
        
        PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:4648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffb8eb1f208,0x7ffb8eb1f214,0x7ffb8eb1f220
        5⤵
        
        PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
        5⤵
        
        PID:5104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2512,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
        5⤵
        
        PID:5260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3548,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:2312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4200,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4228,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:2
        5⤵
        Uses browser remote debugging
        
        PID:6120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3736,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
        5⤵
        
        PID:3920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
        5⤵
        
        PID:1208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
        5⤵
        
        PID:8
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
        5⤵
        
        PID:5776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
        5⤵
        
        PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6252,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
        5⤵
        
        PID:3608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,13751793932079279208,17924885355451013862,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
        5⤵
        
        PID:3748
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\fcbaa" & exit
      4⤵
      System Location Discovery: System Language Discovery
      PID:5844
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 11
        5⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:3588

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\UpdateCache\WindowsUpdate.ps1"
1⤵
- Hide Artifacts: Hidden Window
PID:1912
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\UpdateCache\WindowsUpdate.ps1"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Downloads MZ/PE file
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2188
- - C:\Users\Admin\AppData\Local\3f7dd024-b79a-4479-b334-f088424c497a\updater.exe
    "C:\Users\Admin\AppData\Local\3f7dd024-b79a-4479-b334-f088424c497a\updater.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:3452
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:3972
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:4716
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        5⤵
        Uses browser remote debugging
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:4856
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb9102dcf8,0x7ffb9102dd04,0x7ffb9102dd10
        6⤵
        
        PID:2132
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2140 /prefetch:3
        6⤵
        
        PID:6064
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2012,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2008 /prefetch:2
        6⤵
        
        PID:4444
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2536 /prefetch:8
        6⤵
        
        PID:3776
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3096 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:5596
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3064 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:2200
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4236,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4260 /prefetch:2
        6⤵
        Uses browser remote debugging
        
        PID:1960
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4576 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:2668
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5268,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5288 /prefetch:8
        6⤵
        
        PID:4772
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4836 /prefetch:8
        6⤵
        
        PID:3848
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5612,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
        6⤵
        
        PID:1500
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5364 /prefetch:8
        6⤵
        
        PID:5460
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5616,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5704 /prefetch:8
        6⤵
        
        PID:2824
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5316,i,522922339260491151,14598726970197945878,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5716 /prefetch:8
        6⤵
        
        PID:2244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
        5⤵
        Uses browser remote debugging
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:2116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffb9070f208,0x7ffb9070f214,0x7ffb9070f220
        6⤵
        
        PID:5136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
        6⤵
        
        PID:228
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2192,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:2
        6⤵
        
        PID:2084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:8
        6⤵
        
        PID:1452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3584,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:624
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3588,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:512
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:1132
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4160,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:2
        6⤵
        Uses browser remote debugging
        
        PID:3876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
        6⤵
        
        PID:3824
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
        6⤵
        
        PID:1988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
        6⤵
        
        PID:1972
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
        6⤵
        
        PID:1092
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
        6⤵
        
        PID:5804
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
        6⤵
        
        PID:6072
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6812,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:8
        6⤵
        
        PID:2612
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:8
        6⤵
        
        PID:4160
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8
        6⤵
        
        PID:4972
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6572,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:8
        6⤵
        
        PID:1524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7260,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:8
        6⤵
        
        PID:1804
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7284,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=7304 /prefetch:8
        6⤵
        
        PID:1496
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7584,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:8
        6⤵
        
        PID:2980
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7004,i,6260774440011019093,11050804657834420808,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
        6⤵
        
        PID:1568
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\4790z" & exit
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 11
        6⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:4060

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Modify Authentication Process

T1556

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Window

T1564.003

Modify Authentication Process

T1556

Modify Registry

T1112

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\4790z\0hdtj5

Filesize
11KB

MD5
b71835422998abf3981ebaee3a70bd84

SHA1
5a9be6c97eb8cdcb529e2bd2a6e978393f2e29b5

SHA256
1f852a620cea4fbe4f396d0beda54c905d63ef843585c83ec55faf0fbdd1cea3

SHA512
697c515f1b7add0a1e53f78d5d26253e1d0694d8712b6d3015438be8fba3f21bf70a1c8fac29eb68b2431886b27529a39ea26196e76121940173b72301d25f28

Download Submit
C:\ProgramData\4790z\7gdjwt

Filesize
6KB

MD5
d27c3991af86c9a7c5ad8b8e38899c1f

SHA1
4ce6d88b26e88876b0559e0bdbd5582c7e16b8f5

SHA256
696555979f2909413479965c68d2024b29db29c65b1191103b535fe23cf262a8

SHA512
1552029466c435fee74edeb4c70bb8cd35a13925af6f7f022c1d868f4df1956d1479f62794943871f45e1c24b812525b9102e00cfb79c1340357eef2af30da4f

Download Submit
C:\ProgramData\4790z\h4wb1d

Filesize
11KB

MD5
9ed218e660fd6baa17484b8243e56951

SHA1
336fa91edc9e67ab976534a65c61d7dda3f5a67f

SHA256
250be65fa26c5f1804959e5633c416ed984a49ac2cb7516e4cbfa01a2a0acfaa

SHA512
c15a7966848d0a0e1eb4ad7634f9083cfe4dbf2e65b0ee43555436d375fca80de30a825dcc992322794ac0f71408afb064294fe92852bf700b21a56312d94811

Download Submit
C:\ProgramData\4790z\jeknyu

Filesize
288KB

MD5
2bd98f3727be078c89dbd4aecfc14341

SHA1
edf65128bc6f4aeb63f407f90ef801a93a79a165

SHA256
d65609a91b6a7333cc0aa282a1b4601f7e2b137f55325f9e8d959c24dc303b4a

SHA512
79b087ee24a39efd1a3d8b9995d7fb75b9251b7cc64e47d0727c47a280a05ec28ea85b43a92cf40d7a41b05024eecd5eb61c5cbdb8abfc11c84e19e34ea7f270

Download Submit
C:\ProgramData\4790z\lfkfus

Filesize
18KB

MD5
b049765445e7a6a59de1f92cbfd074ed

SHA1
8bb072759c29dad6de5577ccd1fa31ef936d5a57

SHA256
179fe35bf7a86b4d9e42818d12a444c69fe3b733ab8da1e6fd4529bd2b0f0b11

SHA512
d6870de47448dffc244726e627add8462fd6a8450b710461f21ac6afe00ff558be3c3c8f239c11333525d19002a2acea4eca07777944f5851e0c6bd0fe5c91cc

Download Submit
C:\ProgramData\4790z\p8glx4

Filesize
18KB

MD5
2efe2b9bc3137d9a68451c934fdc835c

SHA1
b762b0dfc3542caf9009ad17b91b7534fb43e69e

SHA256
cab9269cba8bf54eb0bc0493dc54e3a18fb5c5c0645fbc934e359780f73f4a63

SHA512
4baefe08ca32e2a20e8d9749c708e5ef66328b45dc2e8d0f307e01339fdc6be92445903df111bbacf1faa5256de50385a399b700a5fa2ccfd096e2682d33a959

Download Submit
C:\ProgramData\4790z\phvaas

Filesize
19KB

MD5
0603d825307c034ac7b71751f86185e5

SHA1
8b9a0acb54be06563f0badd5abf0b0b666f74333

SHA256
027f6b6cabcc275d6d70acdf371ce8e589667db6863faa44763b97a410efa9bf

SHA512
310abc6b7a61dcedd3868f5304ddd7c76d717b517170d23c27b19dd07b15de476cb704f54eee84fd12683d95df724dd99aa865e176aac49e34559aac441230fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
734B

MD5
e192462f281446b5d1500d474fbacc4b

SHA1
5ed0044ac937193b78f9878ad7bac5c9ff7534ff

SHA256
f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60

SHA512
cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4129DC8EEBADFD4645EB90062D7176AE_8EB15DA476A4FFCCBC194DB7844B4E7E

Filesize
345B

MD5
b4c2caf5c593a303fb93713dcd81d50b

SHA1
8c53a62936762d823859c65746b410d8ae8f5fbf

SHA256
287832a41564c41e66217da3a0d628b93ada97e97a20701e07de2241f60e040a

SHA512
0b3813edc43c8c4ca0944f0faa17b78d71462e36d1f1cdbb05975331f051dc57d00b10a1459f76ee240b3bbc73e0c446bc5335c0ef28fc5275e133d9df5b09c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
e146d99fc5c0d55e734ff231b3d535a6

SHA1
a494adcbc59e46287503c605a0f4b979052687eb

SHA256
d6b23f237c58d84673ac75d2df2e1f109a8d0629e02197242cd8e36bc80b884e

SHA512
8c3028098091331a1443d5c08f64f91e497795b9d193aae72954d78b0720b0148b5b2bb0550583d521b66a405cee5a9956994f0aa9cbf4c34542e767c87f8a1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4129DC8EEBADFD4645EB90062D7176AE_8EB15DA476A4FFCCBC194DB7844B4E7E

Filesize
548B

MD5
f42bc2d31dd9f805898a4a20004f4652

SHA1
179b45ef96b45e5730a94cff51d8bf6865aef6b2

SHA256
e56ea3fb4f2512cfa0b5cfb0a4351344ba05d54a7dbcb5a5fe4dbc01bf32a2eb

SHA512
4f695d14efa52512a2ba243def755b43a50600c8c0c1439e2304547807d9bbe3c3773bc3c7fc1f5c2df05fd5a083579ed22ba1a6c5dac4805da712e8c542c890

Download Submit
C:\Users\Admin\AppData\Local\75a5a056-8a71-4665-9f90-cc5fc9a1ab49\updater.exe

Filesize
1.7MB

MD5
175c9b6b2db3b3624f7df4c54dff3262

SHA1
a96c038467d2d6ff0b95275a828948997b6987a3

SHA256
5ce7687d00cc5cdc0b7575bc68940f7a092a1f559f987f3b6a9b0c837eaa6496

SHA512
3d728ce053930f16c8debc087807b3eaadef3c9b21a452b49f13ce767b35b221e71b15db8c849fe71c7d0077d2c0ab31506762626622f87347c596260cddff34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
eb11d0449e2f631e899c84ee76249f7f

SHA1
5560ba98a9b0a1bc85818853429a4b397fd8270f

SHA256
33cd082f616d214b36d42fe7af5aa121c12759258aa6df42ad440fcf7785ad3f

SHA512
8e6a5823b5b8a0292b2274fab64f855e678eb40feed9744be5ae2795f3d3132d3824e257fd045e3fe37555cfd2b579c637d05dddeeef59a3ddfd4bd001d53808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ff22cf6e9be2352cd3717dff6805cd48

SHA1
bf4d5ff95bbab3605ec9aa4d861d7981c306b885

SHA256
93c406f6b0e602ddbce4e9ca0228602bd6f9a6cfa0ba5e0132d8a7116973c7e3

SHA512
d05e70a4a0a236948ca55f9146587e5b4d8f8ccfa17f6d5e534f0e683f71ac812eebc6b0c3b4b9cf5e410ddcae922ec22789434115bdd460ce18222c9f53a81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
9c30d86353e1fa115f4d520d6ad89c39

SHA1
bc6fb05964e211ace7e083a4f37208650b18019a

SHA256
10d3d5ffbc018e42805e6a3a7df2481e6c620c657486c0b263f65a0534267446

SHA512
269d928f10a714201553325c780632712bd00da2bc6f7d508794e0f75591d7a0fc9ffbc9a42b8d38b506ff846410401e8a02fc9c9a05e6ce2ebee1dd122ccf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f98eea917c7d00195aa6e599d62252d7

SHA1
6da5975ad3f1daae7e0ba3445b5487dc7ca7c687

SHA256
8ea557869252a0c1553c4601da0dd31fe1b652c5a3822aae44612d01dce6ad3c

SHA512
dec110a9c194aa25d85989de12f73832ec5402b7957e94b7a9e5e9839b127cda2f3e613e7c84a85d21b0d2bbebd9dcd9756feae654c6feb9c422dae2b5a4e2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0605b75c5c345cc202a7885499cc09a7

SHA1
540568cdb245ba26bce8711347e456320012e83d

SHA256
8ed5d8964a977a79c5aacf34853c9e5e00a06de2f2f0964a56c4089805a2dda8

SHA512
dae16a98e4cf861b918d684f0d7660e1c6647897afeded6859253a51f8dd95c41f007e3f20fe43da0292b493c170cb94fb8370d7b17b4f23cf2950cec477f9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c23b4dfe1bab592e2f603d8f72093f36

SHA1
09efe53b63147d0cb1e5daefd1b7edf14090a2e6

SHA256
90bf965bea98ce4bf11a7349863472f5a22c67f6c99ca79acc43669ef9a28874

SHA512
1f25db676bce0be26b1697834e94221c3a50b64eb4cdf5434076e24cfa6584579019596ccb84c5d718e916f14c2bc78530b956f21170320e18bb034d39c9daca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
35KB

MD5
9bf94d5cb0216c9329b119d96b1db1d2

SHA1
8a020e839cb15562d54c320c35207a0363746bcf

SHA256
85185b4ac9ae9b7c47357874f0a861d97cd0a892194a0b63d2240aebeab4fe72

SHA512
2e2da86cad8f2d46de2f4164dcf780953c1336b1584eb68df2cf58b0a16fe9c65f873506e17c1c582f88c3af1418f4e023099c57a9f589fe3a26384467b7cc73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
1901d2bcbbabee4bbb9804c30642ae2b

SHA1
f31774bc12614be681c0b0c7de3ac128f0e932db

SHA256
15eba349e5829f11363614b8f3dd9c3d04994586601d3c4c4d8069e0f5655310

SHA512
bdb94d7d8cf47b239c61559545b1dd26e05da909fec05d215471388545879cd8ec9e1fea51c04ed43927e2b07b5b80a74f09eb9038c8d9045e4161ea69df215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
b32730e97811653d6bce03762208dae0

SHA1
11a846a8e16d1a81334c4a75a9720e086a781bd1

SHA256
d8b9b944ca4943432f1c471c5e13dfd2e884e2c38682ef3c90929718f6dde45e

SHA512
a496382fea5cea780d3c932cef7e35150a9dc463a3fb566a730bd395b9a251908ff0b31a7054d8716574d0a4727390bb5697bf8c904a7596db85bb302eec6d44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
20540d92554a1af118c1677dd145663f

SHA1
c49393b17366060df8c4d50b7038815f12c6497c

SHA256
7f590c18b43b818e45511b8ab95977f0c35cbeceb9d177ac3d68cc28affb41cd

SHA512
41cc599d3eb178a77c2d50177dd1489d7c60f5d512820107e9afc3299866734b0679040744b078e4aa9ab14bdb78369275e008353d1d4332bd3bcee8639dadb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
128KB

MD5
ad5500392a3d6dab62cbbed72729419d

SHA1
74b1d039a44cc37e62dc573d0d14efe2ead9e391

SHA256
aac955452d846e19791a2c1f30dba6a9c1ebde5b20547d37c6e7ebb6c62154eb

SHA512
454433c661570990955c25eedb52ebdf5ae2317ac062cb23be3537b1cc8b5afc2a1d3d1e370951641a473cccb0f3ddee9db34dee2bb7f52db5bb4c9a609a1872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
343KB

MD5
5a59103dbde3e8137761097609bcf005

SHA1
fd55aca2ae3c317576aa6b9f50877a0241a18968

SHA256
315e9ce1dbacfe9740368bac58caac24fdbece24a1c712cb26eb4933723ffedb

SHA512
4ea3f262b2a16e653dd2ac84908c89823ee3dc9532ca0e368325d66f95912c45e01b33d9ffce34b2b01b821bdcc623f2fbb773d382c82a2edb394b1985c7ba46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
72b5f844226d541332e9b24d948a16d9

SHA1
f6947eb0bf2fa1ddd63679073f2e1723249fe481

SHA256
6c8fa9dfbf37ee5e8b502930ceccdd8d5475c070d29621c59a6b9800589bf8ac

SHA512
152379a772b69ea3e31159b742134412efcb6a9a494c454575ecee7d84d0007f44fc0ef2ead5ec6249465b96b87e427b08b2e9517f7a37e77e7a1c0168e7f731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
de515b608dc373850b5d4fa5a28b129c

SHA1
6730f3dfea147437e1cc70434c65ae5f1cb1f638

SHA256
300d389512959d3a6b5ad33dbdb47f2908671bc87b3b45071df27fe7bf8f3777

SHA512
b2ba62dba83687f05232f08b51f1ebb97ea5c237627cc1387fc64551c134b3cd655153c1689eea64b09b735d5e6e069995cce8dfd5aae0a48395736d096aea9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c3fdd5cc20cf76e9e6508b68d978d18e

SHA1
76667346a898a57c7e1e5ecf5b6bf2386249aab0

SHA256
a2978ae2809a281c9b1a157dcb9da93957b8c17e128e5f83fb87bcc7a5b3db0f

SHA512
5a6b6ef20e318c44cfb55f6d922bb256e4bc1a1ae75404906a39bb463aa8993bb29f0da16096d42226f480cd41c7310b4622d385a9badfa02de0cda2ff7dda55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
2477320d2b4b46070834ec2f04315c51

SHA1
420c18cfa4327266e7b3c419c0b7160cb9caa1d2

SHA256
8201afdc3d2d8afc893e65735bba516f22c470bc546c08deb999db19e50f98c8

SHA512
ab41b64852e85ea46e10e3f3d9f8c2bf6f8dd840248ebcd4c6cd84caf053c8df772c0e5f425f79423895ad253d780b8a13cb3c3b7f21f975426ab9a5a96ddc1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
12KB

MD5
9423c703a8fc10ddc7e76072237a005a

SHA1
d11ba77cbc99d053e75897e345d79a3907473def

SHA256
c0150faed1ab2bf4ed9a7c808856ad6c4171bc5780b93a7bc6da220db8ed5f74

SHA512
badb720ece6c7f12335ccbede7f78d82bb8385d727085abb3c7dbd0e2f707eb415c3f5e03f6e446c53eb068017d9ff8bb1730a45e8521be81f827a8fa9b1e7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
fb1c37a44dc985d37f5f431868fa823e

SHA1
e1a50aedbb92c24d11b634f6626e1d52b7e08bbd

SHA256
458b5eb9a462db3147928fc76b92b47553af96c622dbd538a37b9e34a005ffed

SHA512
a6a377f00f78cd0974d908f24def7f801f344b3ce25f3ed7ce8444f9f79898a99d5fa63c34a1d72fa37ed644665a279b3be690250b8f3a256ff1530d1a2a4480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
1db9e719321caa6ec2299329fdc9b8a1

SHA1
de8960427f3b4e0f7b3051215ff43f88517a3769

SHA256
f0306eac360f5d3013c1a6caaa27305017214c96e0bfca947d69b06e2460cdf9

SHA512
f91f7825084eff6fabc267f64f994d3131bb7b989b44e341173e3e599a784403409d0b84dc6e0730b0bc682ab1a0a65b7be65b35c3e21618a2056e1d77da5f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
b8425218a7a8e19ec831135da8ae0236

SHA1
7632fb808ff95e3fb8021aefadf844cd6183d578

SHA256
a04cb84c0e1095d5dae347118511340315e944a764fd321b2e634300cdb192af

SHA512
0a91c8f25330cbe97e44c4c6314b4f3e3c698f0eda9a461a77fc1b928fa63ee50b4f951be357dfdd3b93fdf604d4857dfe6b924c3fa3669805b495564be1ef8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
223bd4ae02766ddc32e6145fd1a29301

SHA1
900cfd6526d7e33fb4039a1cc2790ea049bc2c5b

SHA256
1022ec2fed08ff473817fc53893e192a8e33e6a16f3d2c8cb6fd37f49c938e1e

SHA512
648cd3f8a89a18128d2b1bf960835e087a74cdbc783dbfcc712b3cb9e3a2e4f715e534ba2ef81d89af8f60d4882f6859373248c875ceb26ad0922e891f2e74cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
ecf3d3ce7a6234c2d34575b2c87fbbcc

SHA1
0b4d36e769bc0776811a85e98b115e2e37b048cb

SHA256
2752908c6b9e4cd7b4aaeeb704f19b04343096ed6981d6687a914aefdd6368ba

SHA512
d6793abe58526937b58bf7494f93c195730d1757c16b0c50fab53098fd56ad6d050f04b804d07c132041e4ea18a8aa1c1f302049691250ab9ea82c2a35e34a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8ab22d85fb3d91ef8e06badf4f3db6c4

SHA1
119d4a2397247587b9e15dde4ec075c67782fe9b

SHA256
d41a67512375ce149a526c2cc035b832054f8bdcd5f88b3a7fd3e515b10446cf

SHA512
124d73bab52446473b5d0d8a97fd67de394658e572344643e7fd1d173321d8c176d1c21b0b0f84de051f19dccd1c5a9ffe0adbc8e345e96dc2a970b66da9777c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
614737c9a3189fac7d73b426109ea750

SHA1
685145ec095e7ce90d338b4998ef25ca5a9ac007

SHA256
adb27e020e224ec43d28c7160ab70ecb1f0b49dc27a83b9692bc78cbed30472c

SHA512
b65bff71ddb7144068ce08963ad2278190aa73459fafa1bdb8b718e86f263b73dff51c59e8953c7c9903c81141d4b2d9ca47dd5c25210cadfd3bf65575d96986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f574818c284f6028e97303effc06036d

SHA1
2b477668d315132b8ce88ec0b97442e3e419acb9

SHA256
e9d4dc1a655f9d5482177618de7f5cb8760fe87a92f3587f24104086da8963cb

SHA512
8a5fbbdc36f89cedee7bafe15f8c9b8706c6b720c23d772a3721e8cabe8c6f5dfc56a9046b1152c9642c3c16276c0135584a255f6a259ea40865a1d5f70b7eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eec55fe349980566b1dbf1d409d28c3e

SHA1
654ce4b550defea0851f12e8ff81ae9298bb3f60

SHA256
2e81ea3d7ddfc0274f3955d5131143c481e63f2529514c5295873b393d508efe

SHA512
58e02658d08732b5f36e868331a483b5fde15475a6c5f704a19c97d920399c3f7d41a8fa163c66683bf403598f8f48f0cf9fa468f9783fcabd9136a55cec0059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5a7e1750438748bd333b79a94ca69b2a

SHA1
94fd1be56969e269ce195ba29c3d464d356d6556

SHA256
6d7a64a318c25c643323d5cf1c0c80ccf2f2433e7d74b722fca90468f8f9b914

SHA512
842509c0f495ee24d152ab3f7867183d7cd64b01b5a9305405682abbbff3aa18a8ad7d97ee039393fdd1766fc17ad2df1caf711dc4db8dc7b9df608ffc0fdc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6a160cd4-4972-433a-be2f-b42c7bc8e32a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index

Filesize
1KB

MD5
92844bee65899f98903feaaf0880894b

SHA1
10d15ace9e74c013706d8db6226ab6c45a801d78

SHA256
cf1c86c1cb855fd023cbf585acaa16d39c379e28f46d0efb4b1d6a1fc8205e5a

SHA512
8677adbede8ea1e4583edbcea55983c28875e557fd714db1ba6d93dd30618f8a1663e31a00f385ba17508238422c3d5148c0219ae40487d44463edc0b940f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index

Filesize
2KB

MD5
f82084225ec6bd891f3c097c4f9108ae

SHA1
874d9d7f9916d7995faad032396f3a00c5618c1b

SHA256
3816283b6b789bc49ff6935879c365cc80088528e760bbe5e85f9f498ddc0021

SHA512
1d42a4bb769b99782faa44e756fc902e7d7ff6797d46596b8fa77efa081dce9993b6325f7604a6f60ee835ae50974fa4eba654af3615934e8db68725f2992010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index~RFe57ee86.TMP

Filesize
1KB

MD5
45073460f2fe54df91d8b0eb2307c34b

SHA1
7190a0078d3e9c3f0c2c35b303d602ee2f2698cb

SHA256
4aac9073e66d19eb88b75d495a2fd572112494445e4a62423da907aaac36a77d

SHA512
437e8abeef21cb058e99d5fc394b233ebb484d4c2ce50d0adbbfdcd41dd2f6ad93b1ec816bd27562ff046cac3aa200629175816f48d9722b8257b92274d14e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index~RFe58aca6.TMP

Filesize
2KB

MD5
1e0b6867ff33ba16f85ff6d47381a332

SHA1
9fa894f70d63be098942c438d6677c4f5730cac5

SHA256
db8ca6eae9968b9bb66df8e2274a301674ecd42d3acb8dad3261a7f0b44a3055

SHA512
b466f0be69f8f35115ec88c1b3e29d2e19aa1384087254c9328f9f55bb9dd47cb88a723b8f0e933c58ae8df42c3025264147679d082411ea5dff5ae4d6361a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
9d331ab0c48bf2a77494a0097ac3962f

SHA1
986440137982f438f9f511b388b6d87138fa34e2

SHA256
732dd24f0f36240ff5ac730a9bb4f13d3300e403c993049aa2c23a26d50a1a2c

SHA512
44507c68197e8672792d8ca455764e2fd79d260a9f1924f650f6f77f12533806592990ea7ef46b9f39b4c9f5ec82330970e2af8671db9a1f0b09aea5d3ce0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
844481fd9f11a1267fcd75e6dce934ec

SHA1
ad63de7485fc66337948fd265b52dda3b11e2e26

SHA256
c8d7004e5a59614de35cdd87ac7bf97ff47287afd974b68977a874d0a0f4f23b

SHA512
9d3150181000f492e4eddc8841d0300f4e53d14458601c7c8cfd84862fc068c9f71a815e712d0be50eb54759c9a425a3dfcbb2797f4b7d20bdfa77bf28b44ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7c49ea596d7a24cc746bc34f92c99be0

SHA1
3e0ec64c8aa3b0f496b4baab255cd2393a850f1a

SHA256
3ed56bf545db491e029d6df58af3dd61f27dee5fe1d3273309f40fe06e4f4db8

SHA512
c4a0a8cec85454ec2f0271b9d71282d7a9937a0a061e145855ffd43f773183a6bd2683dd5c041d13fc68fa07428cd1d472395451467d2519e84d9b5a6b616f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
ff6b81629e6b6f6a99487d6fe0b5765f

SHA1
43e04779ff63b8c6e194453cd4b4f73e22b8e864

SHA256
64425fa9bfd28bae6f38dd8a1a5f6456051c8fc0c09f0640d37ed6bf202f4910

SHA512
d0d99db89155d3b0805999fa5b7c2c1c26e65e6dffc1fc35ae56970d77949eeef649d3106631a5daf4d46d0be27fb1685d1c26f87ee8f71340246dabb1f65a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
c85884d2015a43efdc53ab540fe4a219

SHA1
6e676683383dcfd34f5c7fe9828fb60d7482dd6e

SHA256
c4edc388f651d7a7fb921128607ce2135e51838e56407977861177dc7ff3dfa0

SHA512
1e614fae05d7b05a2bd94c18afcc19f359d7872ae9de29a857c6802ee141504fa8540a5c871f423909ee4fff6ecd0838448a1212c6fbc16da9a804795644e5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d85a08d00804f0946ed0a5b3fa923569

SHA1
49824b0572e293b8434301ed81e1c2a68530b4ea

SHA256
a147cad38e0deea391a151bdedc8eb77730449353d68a53c50e1b4a8195ec0b5

SHA512
7aa755c3a37d54083684ead54e2ca93fb3df0224c821edcbf930657a050ccd1ef90f8f12077ffbf3dd59c16826140ae4189b2fdc8e13d566284ed782a8d6d40a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fal4qyoe.hyx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\e6adec43-d619-4152-b933-863c79490048.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\128.png

Filesize
4KB

MD5
d056cec3b05d6a863ddfa7ee4c1c9f0c

SHA1
dcd15b46dea9d234f13d7f04c739a2c516c973f1

SHA256
ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9

SHA512
751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\af\messages.json

Filesize
772B

MD5
7bc8fed14870159b4770d2b43b95776b

SHA1
4393c3a14661f655849f4de93b40e28d72b39830

SHA256
aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847

SHA512
7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
83e0e58d0752ff7c3f888e6406413b84

SHA1
14a8981e4355301bb3073db6d7ffb337ef8482e3

SHA256
64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef

SHA512
fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ar\messages.json

Filesize
2KB

MD5
c825621044e4d5c504404dae9752285c

SHA1
68c1e29daf042487cb76629abcdc03f16fccc92a

SHA256
47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802

SHA512
4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\az\messages.json

Filesize
1KB

MD5
c603747b8578c1324dd262565f643e06

SHA1
5cd18bb971af007d9a589377a662688daafe7519

SHA256
614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64

SHA512
59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\bg\messages.json

Filesize
3KB

MD5
361b516edf253851044dae6bad6d9d6f

SHA1
d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b

SHA256
22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae

SHA512
b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\bn\messages.json

Filesize
2KB

MD5
b1101fac65ce2faa3702e70fd88957d2

SHA1
06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724

SHA256
3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8

SHA512
398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ca\messages.json

Filesize
843B

MD5
fbb841a2982166239d68907361f41f61

SHA1
4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540

SHA256
de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1

SHA512
8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\cs\messages.json

Filesize
953B

MD5
48663a88dcf0ef6c9fade9bee4935b91

SHA1
af7cad1498bb4b0f05c1468abe3563d0182a97b4

SHA256
5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7

SHA512
3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\da\messages.json

Filesize
764B

MD5
0e451c9c8453577e513aabf630c275f2

SHA1
5912cc58aa82bc75691540c8aeaca7c68641539e

SHA256
94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2

SHA512
a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\de\messages.json

Filesize
927B

MD5
5daf77ae7d2b7dbef44c5cf7e19805ee

SHA1
48c06099aee249dd05b268749836e3021e27cfb5

SHA256
22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528

SHA512
b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\el\messages.json

Filesize
3KB

MD5
32886978ef4b5231f921eb54e683eb10

SHA1
9e2626e158cbd26a2a24a50e4e8cfd98a49984e9

SHA256
728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f

SHA512
416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
708B

MD5
c4e77421f3361277f7e3aa3472b5eb10

SHA1
f8ddd7cd0cce742e68443d173196471e8a23bd83

SHA256
c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7

SHA512
6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\es\messages.json

Filesize
878B

MD5
59cb3a9999dfbd19c3e3098f3b067634

SHA1
bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4

SHA256
02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533

SHA512
9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\es_419\messages.json

Filesize
880B

MD5
94bc2d5609f6d670e181e1ff0d041869

SHA1
58d2c17878e7b6e73daa544b8ca7774e5d902a17

SHA256
e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7

SHA512
04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\et\messages.json

Filesize
914B

MD5
b18007bfc2b55d2f5839a8912110b98d

SHA1
842ecac418424b2fff4db81e4385d59e098b65de

SHA256
7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f

SHA512
166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\fa\messages.json

Filesize
2KB

MD5
e578e08ee604158d674982ba060396fd

SHA1
fd601092203317fe9f576fbfd675e274001efa80

SHA256
e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e

SHA512
131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\fi\messages.json

Filesize
840B

MD5
1d4778e02337674d7d0664b5e7dfcbbe

SHA1
fe1763ac0a903a47446a5896a2d12cce5d343522

SHA256
a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213

SHA512
771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\fil\messages.json

Filesize
799B

MD5
f954b2e970dc96e5889499db7392fd59

SHA1
39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf

SHA256
41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a

SHA512
23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\fr\messages.json

Filesize
902B

MD5
85718fe4820c674c5305d33dfb5cbddc

SHA1
d4170743349f3e037718fde17bc63a369c2e218a

SHA256
6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c

SHA512
678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
901B

MD5
681422e3fcf8711af8eefbb75a607c8e

SHA1
3d3576a989c8010a397888429476f2800052e79a

SHA256
af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317

SHA512
2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\gu\messages.json

Filesize
2KB

MD5
86de754c2d6b550048c9d914e55b5ff0

SHA1
5b6654101b3596742be06b18ef2a5d81da569ee5

SHA256
cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61

SHA512
3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\hi\messages.json

Filesize
2KB

MD5
4a9c9f947b479e5d89c38752af3c70ea

SHA1
799c5c0ba3e11ad535fa465ab87007c36b466c6a

SHA256
14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e

SHA512
293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\hr\messages.json

Filesize
863B

MD5
eb6c5133c1fe7f9e8e4449a917d185d9

SHA1
9be42ac75487a77dfbbf01ea2098886e69956356

SHA256
985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1

SHA512
1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
fb8d08676aa88683f27a2759c5837529

SHA1
80badd0de6a8d87a8e14232f71fbcbe231eee443

SHA256
cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7

SHA512
5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\id\messages.json

Filesize
718B

MD5
3fefe403f5f537d9a2d28ab36b2c1a94

SHA1
dd674520092f333aff63138f660987fbd8fa51e0

SHA256
35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb

SHA512
45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\it\messages.json

Filesize
756B

MD5
88a9acd41521d1d00b870e2da3044a88

SHA1
36716937ce047463dbfa5cf1f5ef4277fe354d9e

SHA256
3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345

SHA512
a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
113a674f2e4c66cc4d2a9c66ed77adea

SHA1
f5d38b743efa022d6f886bacd3afa850557e2762

SHA256
c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35

SHA512
e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\kn\messages.json

Filesize
3KB

MD5
f55ce2e64a06806b43816ab17d8ee623

SHA1
27affcf13c15913761d0811b7ae1143e39f9eea4

SHA256
5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed

SHA512
a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
e71a91fe65dd32cac3925ce639441675

SHA1
91c981f572497a540c0c2c1d5fb28156d7e49416

SHA256
57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec

SHA512
2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\lt\messages.json

Filesize
1002B

MD5
8047409dcc27bfcc97b3abce6dab20ef

SHA1
d85f7a7a3d16c441560d95ce094428973cbad725

SHA256
b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c

SHA512
4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\lv\messages.json

Filesize
959B

MD5
20fa89ba92628f56d36ae5bd0909cb15

SHA1
52d19152e2d5848ebaf0103d164de028efecdbb7

SHA256
80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267

SHA512
5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ml\messages.json

Filesize
3KB

MD5
ce70315e2aaeda0999da38cc9fe65281

SHA1
d47fc92d30ec36dcc102d5957bb47a6c5b1cd121

SHA256
907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663

SHA512
af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\mr\messages.json

Filesize
2KB

MD5
34ce3fa84e699bce78e026d0f0a0c705

SHA1
5c56d09af53d521fe4224a77aa66e61a3b0165ca

SHA256
275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3

SHA512
3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ms\messages.json

Filesize
796B

MD5
db4d49231c88c11e8d8c3d71a9b7d3d4

SHA1
4829115ace32c4e769255cf10807f3bdb1766f44

SHA256
9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81

SHA512
c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\nl\messages.json

Filesize
771B

MD5
d448e11801349ab5704df8446fe3fa4c

SHA1
6e299363c264fa84710d6dbeaedc3b41b7fe0e42

SHA256
e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198

SHA512
49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\no\messages.json

Filesize
758B

MD5
66439ba3ed5ba0c702ef94793e15de83

SHA1
2b3ca2c2be15207deae55e1d667c9dcdc9241c74

SHA256
b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518

SHA512
8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
10ba7fe4cab38642419be8fef9e78178

SHA1
fddd00441dccff459f8abca12ba1856b9b1e299b

SHA256
6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d

SHA512
07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
832B

MD5
8e24ec937237f48ac98b27f47b688c90

SHA1
bf47d23436a890b31799fff14a1d251720eced00

SHA256
a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68

SHA512
060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
855B

MD5
aa431ec252b4339a49d172c6b9292ba3

SHA1
26fd7003368d5342620464a53af547ddea7c7328

SHA256
156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357

SHA512
c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ro\messages.json

Filesize
930B

MD5
ee122cf26ebe1ad0cc733b117a89ff3b

SHA1
a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e

SHA256
4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c

SHA512
4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ru\messages.json

Filesize
2KB

MD5
f70662272a8fc9141a295a54002f644f

SHA1
23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0

SHA256
df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7

SHA512
b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\sk\messages.json

Filesize
947B

MD5
a46e08b45be0532e461e007e894b94f4

SHA1
387b703c55af0cf77874a1b340969ece79c2705e

SHA256
5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3

SHA512
388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\sl\messages.json

Filesize
855B

MD5
9cdfa5371f28427f129d200338c47494

SHA1
19653347e92967564bd8df14fde2eea2dc87bceb

SHA256
75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581

SHA512
e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\sr\messages.json

Filesize
2KB

MD5
c2026342237e7686b1932af5b54f8110

SHA1
5af235b29947c7f770070f0a693979d9191fadb5

SHA256
a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73

SHA512
2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\sv\messages.json

Filesize
800B

MD5
f008f729147f028a91e700008130da52

SHA1
643fff3dc0694fd28749768314150b30572caa54

SHA256
5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba

SHA512
f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\sw\messages.json

Filesize
840B

MD5
84eb1d6e827e40c578469eaab778e368

SHA1
3f53de16ab05f7e03ae6c8605c2339043c1a385f

SHA256
2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f

SHA512
7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ta\messages.json

Filesize
3KB

MD5
24626ad7b8058866033738380776f59b

SHA1
a6abd9ab8ba022ea6619252df8422bf5f73b6a24

SHA256
3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957

SHA512
4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\te\messages.json

Filesize
3KB

MD5
50ab4deabad394d13c265b8b80d9f9c3

SHA1
ce9c786cc92359ca34483bd57ce121f699920ddb

SHA256
90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599

SHA512
3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\th\messages.json

Filesize
2KB

MD5
0875b0bad81161ccf2c16e13ee49af9d

SHA1
686663983a022689dedf5ba22c0f169e1a654e64

SHA256
d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810

SHA512
d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
3104bcd0d4ad6b47fe36f36c1b5aa333

SHA1
36ec46c7230487c0d26e185aa82f340d8312a265

SHA256
ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35

SHA512
873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\uk\messages.json

Filesize
2KB

MD5
ae938164f7ac0e7c7f120742de2beb1e

SHA1
fc49041249eaef40632f27faa8561582d510d4e3

SHA256
08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174

SHA512
b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\ur\messages.json

Filesize
2KB

MD5
f6e8fca4fd1a7af320d4d30d6055fa6d

SHA1
1c4aae49c08a0e4ee3544063c10fe86e7fdab05e

SHA256
504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a

SHA512
241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
1e54afbacca335be3a050920ddfbe863

SHA1
fabd5e9d6bda46c9708a0ee26302156ca413a1dc

SHA256
f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327

SHA512
dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
1KB

MD5
e910d3f03f0349f5c8a6a541107375d5

SHA1
2f3482194c98ecbd58a42bd29bb853267c49a39a

SHA256
3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc

SHA512
387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
1KB

MD5
b571e4cefd96a2651ffb6621c4d3d1b4

SHA1
9fce97192139d1ec0885fd62a059fa81e473f9c5

SHA256
16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146

SHA512
6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2116_1295795513\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2784_796224747\7e09baa3-6a10-4070-a020-bc41bf2cad24.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4856_1125236931\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4856_1125236931\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4856_1125236931\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4856_1125236931\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Roaming\UpdateCache\WindowsUpdate.ps1

Filesize
3KB

MD5
2e8daaf07da3c39928538718e5937132

SHA1
15d4ba3e55b54e94327cbc8dfe336054fc7a1cd3

SHA256
6020f3129c3143da8ca889f2aef81ba6eee791f396658b5e43147d7ed47a29e3

SHA512
c832635a67b32a4042c8679249eb8f681e968425e02237b3c2620f9506c22405011cc4fdc5c0d863d899963cda75085b46278ea0595f5408c148474f6121a88c

Download Submit
memory/1380-46-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-978-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-67-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-56-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-960-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-71-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-72-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-73-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-77-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-78-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-965-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-120-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-417-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-418-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-419-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-420-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-423-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-427-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-428-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-429-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-433-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-435-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-968-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-47-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-64-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-63-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-1001-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-969-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-821-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-58-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-970-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-1013-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-1005-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-1003-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-1002-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-971-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-997-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-996-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-992-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-48-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-991-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-984-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-983-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1380-979-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1800-12-0x00007FFB997A0000-0x00007FFB9A261000-memory.dmp

Filesize
10.8MB

Download
memory/1800-11-0x00007FFB997A0000-0x00007FFB9A261000-memory.dmp

Filesize
10.8MB

Download
memory/1800-1018-0x00007FFB997A0000-0x00007FFB9A261000-memory.dmp

Filesize
10.8MB

Download
memory/1800-6-0x0000023087430000-0x0000023087452000-memory.dmp

Filesize
136KB

Download
memory/1800-0-0x00007FFB997A3000-0x00007FFB997A5000-memory.dmp

Filesize
8KB

Download
memory/1800-57-0x00007FFB997A0000-0x00007FFB9A261000-memory.dmp

Filesize
10.8MB

Download
memory/1800-55-0x00007FFB997A3000-0x00007FFB997A5000-memory.dmp

Filesize
8KB

Download
memory/4716-1085-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1464-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1460-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1459-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1458-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1454-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1451-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1450-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1449-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1448-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1092-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1091-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1086-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1084-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1080-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1077-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1076-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1071-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1070-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4716-1065-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download