valleyrat_s2 | eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2025, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe
Size

12.0MB
MD5

c043e9f857ae66d89c9471e4a4e5a9c3
SHA1

599ca6af0fc22d7c6879063f511aa834d53a951c
SHA256

eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e
SHA512

5a3be61f0b5a75fc3fdf9eab66555975fb44d2586e7a971b9d8573e7a9e94abd887b091311f1efc52367f62c7af073211978b2ef9d345474a4d36676d233159a
SSDEEP

49152:TSz26GORt1xUI7KnEQsJGtCN5bIfx4f1JTtpZuRQJBQbDW61P067knpfeTkSO2KE:TSk

Score

10^/10

valleyrat_s2 backdoor defense_evasion discovery persistence privilege_escalation spyware stealer trojan

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

47.236.171.20:10000

47.236.171.20:20000

127.0.0.1:80

Attributes

campaign_date
2024.12.25

Signatures

ValleyRat
ValleyRat stage2 is a backdoor written in C++.
backdoor valleyrat_s2
Valleyrat_s2 family
valleyrat_s2

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\135.0.7049.41\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1"	setup.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	chrome.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 38 IoCs

pid	Process
1924	upd10.tmp
448	updater.exe
6024	updater.exe
5612	updater.exe
4556	updater.exe
4260	updater.exe
4952	updater.exe
5176	~Chrwos_luca-stealer.tmp
4324	135.0.7049.41_chrome_installer.exe
5696	setup.exe
4432	setup.exe
5980	setup.exe
5040	setup.exe
1832	chrome.exe
4156	chrome.exe
836	chrome.exe
4672	chrome.exe
3704	elevation_service.exe
3292	chrome.exe
5936	chrome.exe
2344	chrome.exe
1912	chrome.exe
3024	chrome.exe
5152	chrome.exe
4056	chrome.exe
4400	chrome.exe
3280	chrome.exe
3736	chrome.exe
5248	updater.exe
944	updater.exe
3124	chrome.exe
748	chrome.exe
4868	chrome.exe
5404	UpdaterSetup.exe
1924	updater.exe
976	updater.exe
4888	chrome.exe
4516	chrome.exe

Loads dropped DLL 43 IoCs

pid	Process
1832	chrome.exe
4156	chrome.exe
1832	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
4672	chrome.exe
4672	chrome.exe
836	chrome.exe
836	chrome.exe
836	chrome.exe
3292	chrome.exe
3292	chrome.exe
5936	chrome.exe
2344	chrome.exe
5936	chrome.exe
2344	chrome.exe
1912	chrome.exe
1912	chrome.exe
3024	chrome.exe
3024	chrome.exe
5152	chrome.exe
5152	chrome.exe
4056	chrome.exe
4056	chrome.exe
4400	chrome.exe
4400	chrome.exe
3280	chrome.exe
3280	chrome.exe
3736	chrome.exe
3736	chrome.exe
3124	chrome.exe
748	chrome.exe
4868	chrome.exe
748	chrome.exe
3124	chrome.exe
4868	chrome.exe
4888	chrome.exe
4888	chrome.exe
4516	chrome.exe
4516	chrome.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 5 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\W:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\E:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\H:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\M:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\Z:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\R:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\J:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\N:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\S:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\U:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\L:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\T:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\V:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\X:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\Y:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\Q:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\B:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\G:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\I:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\K:	~Chrwos_luca-stealer.tmp
File opened (read-only)	\??\O:	~Chrwos_luca-stealer.tmp

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json	updater.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe	135.0.7049.41_chrome_installer.exe
File opened for modification	C:\Program Files\chrome_installer.log	setup.exe
File created	C:\Program Files (x86)\Google1924_760042996\UPDATER.PACKED.7Z	upd10.tmp
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\notification_helper.exe	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\fi.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\ef7c538e-bd31-441f-a39d-1817076b37f5.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\af.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\is\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_metadata\verified_contents.json	chrome.exe
File opened for modification	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5248_1377047699\debug.log	UpdaterSetup.exe
File created	C:\Program Files\Google5404_1049853254\bin\updater.exe	UpdaterSetup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\bcc3fe84-28be-40e6-a8c4-09a66b597958.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\dxil.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\libGLESv2.dll	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\be\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1173974762\manifest.json	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\bg.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\sw.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1173974762\LICENSE.txt	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_516652808\crl-set	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\mr.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\ja\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\el\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\si\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\en_GB\messages.json	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\gu.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\kn.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\lt.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\my\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\Crashpad\settings.dat	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe596a88.TMP	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\IwaKeyDistribution\iwa-key-distribution.pb	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\vk_swiftshader.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\chrome.dll.sig	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\no\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\pl\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\en\messages.json	chrome.exe
File opened for modification	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\6f229e78-b531-4aa8-a6d3-4af3f0c29774.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Application\135.0.7049.41\Installer\chrmstp.exe	setup.exe
File opened for modification	C:\Program Files\chrome_installer.log	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\service_worker_bin_prod.js	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\135.0.7049.41.manifest	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\vulkan-1.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\chrome.exe.sig	setup.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\ro\messages.json	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\chrome_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\ef7c538e-bd31-441f-a39d-1817076b37f5.tmp	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\sr.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\Locales\vi.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source5696_306722585\Chrome-bin\135.0.7049.41\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\es_419\messages.json	chrome.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad\metadata	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\bcc3fe84-28be-40e6-a8c4-09a66b597958.tmp	updater.exe
File opened for modification	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe	135.0.7049.41_chrome_installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	upd10.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	~Chrwos_luca-stealer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4324	135.0.7049.41_chrome_installer.exe
5696	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880469050534168"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0"	setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}\ = "IUpdaterInternalSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0125FBD6-CB11-5A7E-828A-0845F90C7D4E}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalService = "GoogleUpdaterService130.0.6679.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\ = "{5F793925-C903-4E92-9AE3-77CA5EAB1716}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\ = "{D106AB5F-A70E-400E-A21B-96208C1D8DBB}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\130.0.6679.0\\updater.exe\\6"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\0\win32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ = "IUpdateStateSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib\ = "{F63F6F8B-ACD5-413C-A44B-0409136D26CB}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib\ = "{34527502-D3DB-4205-A69B-789B27EE0414}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0125FBD6-CB11-5A7E-828A-0845F90C7D4E}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ = "IAppWebSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{0125FBD6-CB11-5A7E-828A-0845F90C7D4E}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ = "IProcessLauncher2"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\1.0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\130.0.6679.0\\updater.exe\\6"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}	updater.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
448	updater.exe
448	updater.exe
448	updater.exe
448	updater.exe
448	updater.exe
448	updater.exe
5612	updater.exe
5612	updater.exe
5612	updater.exe
5612	updater.exe
5612	updater.exe
5612	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
4260	updater.exe
448	updater.exe
448	updater.exe
1832	chrome.exe
1832	chrome.exe
5248	updater.exe
5248	updater.exe
5248	updater.exe
5248	updater.exe
5248	updater.exe
5248	updater.exe
1832	chrome.exe
1832	chrome.exe
5248	updater.exe
5248	updater.exe
1924	updater.exe
1924	updater.exe
1924	updater.exe
1924	updater.exe
1924	updater.exe
1924	updater.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1924	upd10.tmp
Token: SeIncBasePriorityPrivilege	1924	upd10.tmp
Token: 33	4324	135.0.7049.41_chrome_installer.exe
Token: SeIncBasePriorityPrivilege	4324	135.0.7049.41_chrome_installer.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 1924	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	86
PID 3600 wrote to memory of 1924	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	86
PID 3600 wrote to memory of 1924	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	86
PID 1924 wrote to memory of 448	1924	upd10.tmp	89
PID 1924 wrote to memory of 448	1924	upd10.tmp	89
PID 1924 wrote to memory of 448	1924	upd10.tmp	89
PID 448 wrote to memory of 6024	448	updater.exe	90
PID 448 wrote to memory of 6024	448	updater.exe	90
PID 448 wrote to memory of 6024	448	updater.exe	90
PID 5612 wrote to memory of 4556	5612	updater.exe	93
PID 5612 wrote to memory of 4556	5612	updater.exe	93
PID 5612 wrote to memory of 4556	5612	updater.exe	93
PID 4260 wrote to memory of 4952	4260	updater.exe	95
PID 4260 wrote to memory of 4952	4260	updater.exe	95
PID 4260 wrote to memory of 4952	4260	updater.exe	95
PID 3600 wrote to memory of 5176	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	100
PID 3600 wrote to memory of 5176	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	100
PID 3600 wrote to memory of 5176	3600	2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe	100
PID 4260 wrote to memory of 4324	4260	updater.exe	104
PID 4260 wrote to memory of 4324	4260	updater.exe	104
PID 4324 wrote to memory of 5696	4324	135.0.7049.41_chrome_installer.exe	105
PID 4324 wrote to memory of 5696	4324	135.0.7049.41_chrome_installer.exe	105
PID 5696 wrote to memory of 4432	5696	setup.exe	106
PID 5696 wrote to memory of 4432	5696	setup.exe	106
PID 5696 wrote to memory of 5980	5696	setup.exe	107
PID 5696 wrote to memory of 5980	5696	setup.exe	107
PID 5980 wrote to memory of 5040	5980	setup.exe	108
PID 5980 wrote to memory of 5040	5980	setup.exe	108
PID 448 wrote to memory of 1832	448	updater.exe	119
PID 448 wrote to memory of 1832	448	updater.exe	119
PID 1832 wrote to memory of 4156	1832	chrome.exe	120
PID 1832 wrote to memory of 4156	1832	chrome.exe	120
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 836	1832	chrome.exe	121
PID 1832 wrote to memory of 4672	1832	chrome.exe	122
PID 1832 wrote to memory of 4672	1832	chrome.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-02_c043e9f857ae66d89c9471e4a4e5a9c3_amadey_black-basta_hijackloader_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Users\Admin\AppData\Local\Temp\upd10.tmp
  C:\Users\Admin\AppData\Local\Temp\upd10.tmp
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Program Files (x86)\Google1924_1250010313\bin\updater.exe
    "C:\Program Files (x86)\Google1924_1250010313\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={EE15F6ED-D77A-49BB-3AAD-3B54A00528C2}&lang=en-GB&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:448
  - - C:\Program Files (x86)\Google1924_1250010313\bin\updater.exe
      "C:\Program Files (x86)\Google1924_1250010313\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xcfa6cc,0xcfa6d8,0xcfa6e4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6024
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in Program Files directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1832
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=135.0.7049.41 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa7be01ca8,0x7ffa7be01cb4,0x7ffa7be01cc0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4156
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1888 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:836
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2184 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4672
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2488 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3292
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5936
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3452 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2344
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3956 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3024
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3972 /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1912
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4776 /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5152
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4528 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4056
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4400
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5820 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3280
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5936 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3736
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3948 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3124
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3968 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:748
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5884 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4868
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=724 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4888
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1892,i,2214601751334293459,14324483782474013297,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4736 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4516
- C:\ProgramData\~Chrwos_luca-stealer.tmp
  C:\ProgramData\~Chrwos_luca-stealer.tmp
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  PID:5176

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update-internal
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5612
- C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa9a6cc,0xa9a6d8,0xa9a6e4
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4556

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0xa9a6cc,0xa9a6d8,0xa9a6e4
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4952
- C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\135.0.7049.41_chrome_installer.exe
  "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\135.0.7049.41_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\4f34ed9a-d6a2-4fc5-95b4-4c20afd44099.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4324
- - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe
    "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\4f34ed9a-d6a2-4fc5-95b4-4c20afd44099.tmp"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Network Configuration Discovery: Internet Connection Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:5696
  - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=135.0.7049.41 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6580575b8,0x7ff6580575c4,0x7ff6580575d0
      4⤵
      Executes dropped EXE
      PID:4432
  - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Program Files directory
      Modifies data under HKEY_USERS
      Suspicious use of WriteProcessMemory
      PID:5980
    - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe
        
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=135.0.7049.41 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6580575b8,0x7ff6580575c4,0x7ff6580575d0
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:5040

C:\Program Files\Google\Chrome\Application\135.0.7049.41\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\135.0.7049.41\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5852

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5248
- C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa9a6cc,0xa9a6d8,0xa9a6e4
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:944
- C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5248_1377047699\UpdaterSetup.exe
  "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5248_1377047699\UpdaterSetup.exe" --update --system --enable-logging --vmodule=*/chrome/updater/*=2
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5404
- - C:\Program Files\Google5404_1049853254\bin\updater.exe
    "C:\Program Files\Google5404_1049853254\bin\updater.exe" --update --system --enable-logging --vmodule=*/chrome/updater/*=2
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1924
  - - C:\Program Files\Google5404_1049853254\bin\updater.exe
      "C:\Program Files\Google5404_1049853254\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=136.0.7079.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff781024ef0,0x7ff781024efc,0x7ff781024f08
      4⤵
      Executes dropped EXE
      PID:976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google1924_1250010313\bin\updater.exe

Filesize
4.7MB

MD5
c583e91ddee7c0e8ac2a3d3aacad2f4c

SHA1
3d824f6aa75611478e56f4f56d0a6f6db8cb1c9b

SHA256
7f67129760223e5ddf31219f0b2e247555fbac85f4b6f933212ac091a21debf9

SHA512
0edbc9a7e3b6bf77d9a94242ee88b32af1b1f03c248290e750f355e921f49d62af13acfeed118ec624fb3e2c6131226ac17bb3d206316b056c1f7cf55642e069

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad\settings.dat

Filesize
40B

MD5
b7864c8c6f05d48689497301b0595d5b

SHA1
21e1e0a6a955a60deb70a71ebcd9d7ca618f1819

SHA256
8ccae161b598cf875b21b46f1b4d3a90dbb5e56dcc05015c0732c151e30598ab

SHA512
60ccf9459043a1fdd6e2894267219f0ad6d9ad5ca7d9cbd1b29f62675e4bc6fdd02ccfcc90b7f07748126faa91659966efc5bd5478c45e46bbfe0529675a774b

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
415B

MD5
4c6e859cd5e20be4efd15b2861a892c8

SHA1
23f74335903ccf5d3f81a9a0712cf615833b75d9

SHA256
62f19e7e681ec86fe6cc27a42382bdde8b45806763096ecd0245b5758ab153cb

SHA512
72b7b6bc3aad5a3202b72c80fbf650f49f3143707762babd396ce3246fa2f586012f69b2b16e872ccc8993d4f30fb723eb428e06e985b4a3915d72c188b2de51

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
911B

MD5
d6cd12ec8d35830e31c88817acef7b82

SHA1
6db378f792013485a1f792539913969e60915e24

SHA256
d3e06360eed653b695f2f23ca750e5213d93463b1dad16e014f188e2e663686c

SHA512
dc448c111d907c5839a3366cba4ac2988d4e03200274cb71bb30e1abc717873cb375910b204e3f2a64dbac052d0616e97c77a76e05a48a227713e918a6e265cc

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
653B

MD5
7c084f455d1f7d9ad802337bb7fa9800

SHA1
672339488d9d2ea7863e26087d32032b117cb64a

SHA256
b95e1283c5f4542b3272de979477a8970cf85bbaea41cede52bc68019770daf4

SHA512
1fbd6a36424468b47b1a1cd29620b17b1a5040caab2845ec883aee876f9aa607265e493f9fb03e7076cb9d821374c5d31fd259dc2afc5df31fa83830c2cb1cad

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
554B

MD5
41bd6bd96e852acf7392029231faeba9

SHA1
0b29608b8f65728a0b5732cd5319fa0e38edefea

SHA256
06a8de392a40d7e97c5bfb4a7f36be10398fe80b8b5c994419f2bdbf7ec39542

SHA512
cffa0ef3944650600f254d9f59bbc1254ba40d7b54c6ee2f47b742f059326e8ffd300df79e4f531f00f5eb5011ef972b3fb2824454a94431a9a86058b7edfbb3

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
1KB

MD5
7aae27d5515e2f5fc63b6a1643067717

SHA1
723e7f3f1d2982eb1d26145898171bff4ab4537c

SHA256
eb307f8c9609bd2f21e424533312f05fde253356369e859ff4f053ea8a3e3783

SHA512
00f8bdc09b60990ed95f804b8a9a46b966bb70c9a8f3f648a9e73e88a6b267787bd9017492e4fca1323873da5cd6de9446f20199001d891aa45c97f9101e3054

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
414B

MD5
88808d5aadfdcb729589ba84133c2d39

SHA1
891ea5131aad3c188ac52b8e25d356574b84a3cb

SHA256
dc275c58282778ef62f6811c3dbf1998bda47947c40bec1790aceae6a2fe7fbf

SHA512
03adec9b44a049565b208de7da25f3222d8ccf418c436f10af96e8687f810faac966abe7f4d3480ff15632388ba38f10dc919f00f956caa5b5e4812aa3c371ed

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
715B

MD5
965be4e48ca5de94aa28b7347dc24cf4

SHA1
a3d1898db724e4397e795b9539b3acc6d4235c18

SHA256
a291921ca53d8acaab80d0e9feaf5d53150de19cda464a791913909dee35f409

SHA512
9e4956098078e697b65374c5a118871bef79d1349019ae2310b0bbd4216a3842032e0f07d746f3ed4a01ab1789bea7cad2448357d409e2bbacc6a98055d11ca5

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
23KB

MD5
35f8499d2f5533966ccc259a55564af0

SHA1
f84fd9f2c30243803dac975dd7dc8094d33c6a1e

SHA256
f53dce5c1496b62b7cc1cace8ef242d9fe33916dd22af670fdd4112ffbd080d0

SHA512
164758f548403418b94d54b9e5bae8682475f864194fbdcce7e6708b72a69d5cb3676df86cd9c86a0a1a3c9ddf70f5795f132bbf966194d0692e1dca1254519a

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
25KB

MD5
15e357e9b0396893dcf14d3f58fd4883

SHA1
65ff4d2720e52f5f3c537847f69a34fb625f9672

SHA256
2adb6e3ccc43665fbf23b340a5f29b415cceaebb7733a11ff0f8cd3b3e1a5ff0

SHA512
4dbfc9b7dbe11f06be8a1a1315e23341377943408364e1880993a133befc595dd8a44bfe6aaf054f2c834f7b7353e2b59b2d52e429b810f08e108bf717b89272

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
26KB

MD5
2fba8d5dfd133459464ff9d16a4e847f

SHA1
2ab59c4d0af188b299c68aafe50f9b0b05fe0a7a

SHA256
ae3b65ae1aec0d8b070fd0f87aa28f77dc539e5a44ae0eb922bb17d71f4e47cf

SHA512
5956a3818f992c3a6230944197941543c346e9e1ce3eb21df9983f5b727c986bf913d79902c4782b8394a0382501535f57b1ed9dd2be44c696e0b3d9d31d819a

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
29KB

MD5
3622252ff31d6c84898256c477368c5c

SHA1
7b96d36b50f32984c71eb90e76de66d4c01c0013

SHA256
60347c3132dae56de12df430d85d875eaf5e0c09c1a5dbe0b7a6dbeaaa237621

SHA512
865d8df3911f73d627a7967f47f689facae4ac24a581fd29e758a072cfeab77d94b86306596eaca6c1b0d0b98bd82122e2d217e5bdf33320e28c615eaa6256d7

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
30KB

MD5
37d22aa57109f0fa186ce36ce02b4d30

SHA1
0a32441e0f241743d99acb772ea7e02c8532e9c0

SHA256
b14a0b1506b2b99214f4f88aba7de5529490c2ea034fb655ae58559b6231183d

SHA512
3d620f8e7c28ded87bc43cb8650ff6160e155180f2cc5784cf5be8d52dbe158a3ad6afb6862baaa7822cc723b21f1da79fd21afef6ca7d81d00604ee0be74fa7

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
22KB

MD5
6ab9910754cffd68cea618d30daff512

SHA1
7fcd2ff3dab1c072fb9d4020295391b780e38328

SHA256
c1d91aac806892e9aeffbf8d16e0ab5b1692d742f14469a3710533d10e080660

SHA512
d2ed764b86187f89506260685affe8cd5824e2c5bcf56a5eeb12d2fc1e10a8d73daff4320566062f2c4791b47d132e104f7f6320d556497656031241bea91be4

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\4f34ed9a-d6a2-4fc5-95b4-4c20afd44099.tmp

Filesize
692KB

MD5
4bf0000d4a517ef3082952ddae968454

SHA1
aa7a526805b37a953d1c838c7af335f5031c4ec0

SHA256
62522babde301b7408910f2942ae8018bfdfbb5c5ddcc6fd7ccced17aa93b284

SHA512
a5e3048a372a9da94cd731eddf0eb55457c4665ac9a52f0643914d1c1f47edd66164f920e0304a87b31c644aa446345312beb4d142e111acd88cadbbcaea1cba

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4260_31770098\CR_E7E61.tmp\setup.exe

Filesize
6.3MB

MD5
ae6dd665575fbcfd5e99243026a7d6c3

SHA1
68e6cb6af1848c20ddd0b57c6731862374e4b2fd

SHA256
efd6d5a367c5112aab3e642c08f45f8dddc72326406a63e93bd1695cd4b03ed0

SHA512
2952254b93febd4322a63c64e9c7388d2478b95d6e00f2dc753d05a5583ac8671f20e6fc37e7054a6b0e76b641d7fb78bfda737c84b344accb076a412479bb90

Download Submit
C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
b44be5f36dae5fca60c851b99854ff8c

SHA1
0635179441480b7744ee95d1c0820135c3dd9733

SHA256
3a75e186311295f110c7e2dacf8a18f45d53b7a0c0aeef73bb3f58a6fba0810f

SHA512
136f44082f9b31df77e1002418c410b635337e37d14ad208b6328ec324441d67f18c922e5c94fe98600e7040763df4d8df9464c50dd9fb8c1fab5cd7b59c086c

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\chrome_elf.dll

Filesize
1.6MB

MD5
f6d255bb9ca6473c72659acb586be170

SHA1
9091718e8e9ce6c963e4daf6c0c6650d8027d3d6

SHA256
ea4f3252d1300d44fffa26979030f8acb8c523ca76f181aece5c9ff4ff8e9040

SHA512
9a11368b254608b885302a3cd087e3e5fc32099b83cff4c4918ad748aca0a8ce7721697ee7b439cc0ac4038ca17957f83e982befbfd3a5ce275d523a297f2d03

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\dxcompiler.dll

Filesize
24.6MB

MD5
bfc976afaa162f16769d1fdb0790d7dd

SHA1
b8f0679312e56de3b3b46bf0964b451b75288adc

SHA256
c66cdb2841f4fcda5db65facc8981676613cc47c3e3d7c1884f6559d884113d3

SHA512
69c8dd377e7ce490c4e00bcd471ae3efdc22b5fb76d97eef0c6d4ab5f2cb6433e0ca055f61fd65956fd6141bbe4fafa6baa508f16fcd9757e0a1bbfe3c64333c

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\dxil.dll

Filesize
1.4MB

MD5
30da04b06e0abec33fecc55db1aa9b95

SHA1
de711585acfe49c510b500328803d3a411a4e515

SHA256
a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68

SHA512
67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\elevation_service.exe

Filesize
2.2MB

MD5
dc875d79464146940837cb57de9d529b

SHA1
f0685d478fe5c7558520c1ffd7aac5a2b79e7d46

SHA256
dafd50a96ae55e9685f753a27f60b390c72bf6d4d06c78d9784bf90b34c5eb1a

SHA512
313539884888a54ad93c82b46e7b3559e66f0cb9e990aabae3967742df7814de1e966afafb0725863040622c60ada5fc8219d41dbcb3999c3a1ec2efb048d15c

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\libEGL.dll

Filesize
494KB

MD5
a21614abccb52572dbdcfeb930faf7b0

SHA1
5bcc032e9ab248fe7ed7f0e98b2d03b5d00e6196

SHA256
afc7b0a962344816d025ac4f95cd5f0a26ecd25367b19dc638536b81b225c0d4

SHA512
ac6a8b418f9b38baf69de6db885c727d4020c15012285023a76065c0ca0c0503714a2f02086e12628258684047d21cc6ab2bd8abc0829190755b2d0a2871e3aa

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\libGLESv2.dll

Filesize
7.5MB

MD5
1aec110beb3191e3074bdd1f0dfe1d3e

SHA1
004ba839d7d1fac3bca24b38d917398a99708ff7

SHA256
9dbd43c6224cda95e5b921636611762297bfeefc5c384162963ee6ff9aa6fed6

SHA512
b7437086e085071b794411d13221f81d2aa84bfde01860dddf41ca246f608bc3d04b28ff5b9e2fea5f5228b67f0d4df2a01ee073f87132f95bf7237be40fd1c1

Download Submit
C:\Program Files\Google\Chrome\Application\135.0.7049.41\vk_swiftshader.dll

Filesize
5.2MB

MD5
0e35bd6b7ced275b4b32092589c44c5f

SHA1
7767c0a5dee8097af024a64d5c9f0859d12da4fb

SHA256
132ed54ec0ed3de0ecb5cab888923db4d60c27389cdfc5a5f9cd35bc05369d89

SHA512
2428344bc942dee1f9cac104a362af2fa1862823704dab5f3ee0a15a5a34377a2bc099193aee135561d5f14aaa858be8ed95a37653f7d2d65c62dafd32761c4e

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
3.4MB

MD5
aaf289a7fa7d857afb6a82946a73678a

SHA1
860883a55b0514d3a0c4679ecdf0cb0cfb1e9487

SHA256
8ffc2995d2c0e938f7a85a1243c013f35743b5156fcc50ba2b39966487a1762f

SHA512
3f7ecbca95fa994743ff7f3cc4fff018e3c3fb912913948ae1d83a83d76142955ed16b7411e5f959645e7083217d13f4d5806626fe31ecf073a1863d4b5a98a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1173974762\manifest.json

Filesize
114B

MD5
9585cb6cae92df90f9fce1091c6da40a

SHA1
fca8bded549311578c4623680159ffed831fc38b

SHA256
337415af627a5c520de87843330d5b49d8041e4bcd3154b5bec1d2a1f5eb997e

SHA512
99192b2f98c559ce61cfe5796733a9da01cf9b4ca966500abdd71e35e18a3bf9b75ce5815e73f19d07f299e4be2b8fc6b9f289d6bbbbf357b9c0d24622db8207

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\128.png

Filesize
4KB

MD5
d056cec3b05d6a863ddfa7ee4c1c9f0c

SHA1
dcd15b46dea9d234f13d7f04c739a2c516c973f1

SHA256
ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9

SHA512
751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1832_1397968588\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1832_516652808\manifest.json

Filesize
95B

MD5
a870cec3c225db50f7ae4d724526ac55

SHA1
84437a117d387127baa70ff66b3b0a6383050842

SHA256
67c70959ea8cdf00fe1963df2e1c44822afb586af6032a776d8ffce0e4d1f5d7

SHA512
33908716819515391c26860aaab5717d23c8a9f242d89dc07ad38d0d18dd0e16f905ccacee2f6dc21033e71c1b1443566a8394676680707e8fa48edf5d647756

Download Submit
C:\Program Files\chrome_installer.log

Filesize
27KB

MD5
60914346fb02a6183c30fd8e8078c696

SHA1
ed891072e1121e2aade8b9b0a843db5abc2e2ca0

SHA256
08e8b9f294b7029273078bed937584f57282da22df017afb8d6e7657b9e2e324

SHA512
a77fc8fa6e981f4d6b028f958658320afc0ce6ed52bb2cd77f46930db0f6067c12fa584d96fa9bf4b77071350e6bc4605f5b66b8ed90712205b6fdb03404cc56

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
2KB

MD5
e30bfc596b2d44855584af5822a6da0a

SHA1
7201723baa7e53ccc919ebd9d15839e23a74fd4a

SHA256
234aa8bd28146a199a553a6f8633436e5f846d815db49638d2904be5a5ff2b25

SHA512
0c6e6fab89d17dd5caef55e34754f6ebf7e57c421c86aad7bdcb8547fafc8e13dd53066531354eb149dabba87f171e1b9873697be1c8ad783b2f172e4e5bdb60

Download Submit
C:\ProgramData\~Chrwos_luca-stealer.tmp

Filesize
12.0MB

MD5
c043e9f857ae66d89c9471e4a4e5a9c3

SHA1
599ca6af0fc22d7c6879063f511aa834d53a951c

SHA256
eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e

SHA512
5a3be61f0b5a75fc3fdf9eab66555975fb44d2586e7a971b9d8573e7a9e94abd887b091311f1efc52367f62c7af073211978b2ef9d345474a4d36676d233159a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\9668\crl-set

Filesize
686KB

MD5
d2983bce7a008c0c5b2259a9145578a0

SHA1
77f936972ecd60c3e30f145108286f2c5efbcb62

SHA256
72f6d13326d34a84d0b14a463b2ef43c69a32232c2b8b427af93f8671f2cdd09

SHA512
075b22880788c47461db03eede46961dea5eda7bad383b5ef4e05a28c63eed9a8ba8e8c5286f729b3e616c72f865e36ea2b47e5fe6981c07f87955129e6defe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6e77fafe-62c5-48e1-acd3-6cf63580a225.tmp

Filesize
11KB

MD5
78c068215054d7216b62201aafe62ca1

SHA1
95bb1214b62851dc6f1636f300b254a8a949803a

SHA256
54dc84d39c539dd21a9a75d8bec083a91f3d225d4beab9aaa26c3a9f1d214ec2

SHA512
3e1d969f2908cc9185a644fa06128443bf355e200da55ae53ed207fe4a1660df945bebb13b57cce20beabe4803dafc3677ca29b5148ff9f908ecb764bd6bcb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
710e4f6694a931d02cdfc261890c1440

SHA1
54659a7205caf213d4b83cbb4c6afb97e1721686

SHA256
07ab442f3ad0aecaa4f08999f7f9a3f884041c6fd249216cee516a43071bf9d1

SHA512
71518c17fd6a0d597800ca6d64a2fb43927faae2087d3e8a2ac8e51ee1cce69e19c46f09bdbcc979af4421422806b9fff462012838f09f57c38c4ed06c2d9b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6fe746bd35bccf13c2f6bb25cc8b1596

SHA1
7089fb81e544f54d1d9d4e0df9b1477a492e1d68

SHA256
3fbdc1a89eceee23a8149eeeebcf55f3a6db572bda00b6819c80a7d5bb7e35cf

SHA512
97420b5212f4cd6ebd1999a490f6debacb79513593349e265b304fdae72a68d2315396d1fac8af0a5da5289c4a6afb9dde85ed9bdb6ea4ed86012dbf4a89a2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
233e53a521693c70ecc59b140b0ba80c

SHA1
6c426bdfc88410629fa24499cf6f529d6a694118

SHA256
45c32bc683c424a3954926800770f8cbe5b201ea7596fbb71197708789346bef

SHA512
5eba86045e443fd1a8fd718756193ff5ef1f35d5011f9f18a265a5f7e9cdd78e585182212e76edab3b12d589b8551acf4b3ac0d9b4a39fca14538774d42c654d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bcbaeac3b8442733b0894c229ec11873

SHA1
27c401307531061a885aa3537790461547726738

SHA256
65e50062a00debc785ee286a2990b659a9e9d524f247140f1cbed1d6c854b7e5

SHA512
2fa1fe88c8f5705b09ec82cc612e874940c4891868a450c66947223fe149c52fc4a8c3c4d57c2b3d8bbaf5b2c760d7ef40778a213debfabc25f0fea00b492d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587f4d.TMP

Filesize
48B

MD5
7ca8764080a3f8ed4b6ac0b3a5a8e119

SHA1
c22f2d372dedf1f3371832f2349dd9ba0c4f46f1

SHA256
ded84ecc64807afb735a252a9a073b32b9ae3825211019f03221934030936b76

SHA512
bef0bd249ce7ed53cad3dda2c2c4a0d8377584a71c981d6199f8adf39fb3d861299a1a14998e4ea989d05af3d9e5d9c7e1c1e1bc5b0746b2055a62b53b9be8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ede2aeea-7431-4a81-988b-abb4faeac3fe.tmp

Filesize
11KB

MD5
faac6961988439029bf8233fa74777d0

SHA1
d5eb715b6969d161487e5c6e509cac69dad552b5

SHA256
47f002837d91f1404fdf21db86ea310fcc86af5a2e341fc49eeb77f5b8306366

SHA512
9c453e1f0ee7c7dcd29e64095e00bcb1a46398e0c0d570ec821d674d2bbb4e1a9aba7f03de1482ebeb8b6cf94c5d1f5724d09d2af35d6e1ddbb253f5f4852610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
09f2d51411a52320dbe4019164ebfdc2

SHA1
07e4a6b166583f0dcde95edb732467f35271d2bc

SHA256
b46d68d9a1ac0723e28fa0cf12d890829198fc17e27f91faf9adc0186f4e2efb

SHA512
a5d250ed7c93dadb2429e62a388b1f1f94d77319c3d43f64f45ea87087edef6cd159a21322ba04a7ecc565078a191a87e51b202636cef509bcfe87eba52f718d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
baf9d742e5027c0447867e87ae32a83a

SHA1
65c90202edb26d217169e848cd83c82b5cf4e071

SHA256
27bfdefa0cc7060605e3baa4e7deb2891a85a3272666d354f15fca007a5df70d

SHA512
370dc94cccbbc7b7ed5739d44f660f2a8fae3d7bef808bafb5d98aab74bb24ccc3122c458f3e3099245b1a04120074d9a2086ac120062b01593ab77861bfdfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
67d62a3d7d8297240d877ea47e215da8

SHA1
12c3ca7d985292ffa41fa287107b9e820be06780

SHA256
b02536f0ea789c9ff891ab81a9f9d69f7c10498ab26ca474584f25c6fd08156c

SHA512
fd1e637379d56c723848356319eca9ae4c7d1983d20303f9fc0037fe8ff70c1bfef3bb798146a7ba8b86b2b60fe46811e895137860accc6c7d0887499903613a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.55.0\Filtering Rules

Filesize
75KB

MD5
5f2e8bc6fd4937fbb0939c6773064f3e

SHA1
524faece2a5491ef2739c2424f962c9adf74e891

SHA256
4723c6e42380c6a90a601c9bf6e4dd72136958516de05623dc8d342b6e05f00c

SHA512
d5b3cf6ab579b71f68bb02739b70de1d403ce59c45442015e09b502e723e9d9ffcced8429c228f467995cd01a13cae9d2172994ff0d8677dfe501898922e00b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\af\messages.json

Filesize
772B

MD5
7bc8fed14870159b4770d2b43b95776b

SHA1
4393c3a14661f655849f4de93b40e28d72b39830

SHA256
aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847

SHA512
7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
83e0e58d0752ff7c3f888e6406413b84

SHA1
14a8981e4355301bb3073db6d7ffb337ef8482e3

SHA256
64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef

SHA512
fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ar\messages.json

Filesize
2KB

MD5
c825621044e4d5c504404dae9752285c

SHA1
68c1e29daf042487cb76629abcdc03f16fccc92a

SHA256
47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802

SHA512
4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\az\messages.json

Filesize
1KB

MD5
c603747b8578c1324dd262565f643e06

SHA1
5cd18bb971af007d9a589377a662688daafe7519

SHA256
614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64

SHA512
59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\bg\messages.json

Filesize
3KB

MD5
361b516edf253851044dae6bad6d9d6f

SHA1
d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b

SHA256
22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae

SHA512
b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\bn\messages.json

Filesize
2KB

MD5
b1101fac65ce2faa3702e70fd88957d2

SHA1
06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724

SHA256
3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8

SHA512
398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ca\messages.json

Filesize
843B

MD5
fbb841a2982166239d68907361f41f61

SHA1
4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540

SHA256
de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1

SHA512
8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\cs\messages.json

Filesize
953B

MD5
48663a88dcf0ef6c9fade9bee4935b91

SHA1
af7cad1498bb4b0f05c1468abe3563d0182a97b4

SHA256
5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7

SHA512
3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\da\messages.json

Filesize
764B

MD5
0e451c9c8453577e513aabf630c275f2

SHA1
5912cc58aa82bc75691540c8aeaca7c68641539e

SHA256
94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2

SHA512
a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\de\messages.json

Filesize
927B

MD5
5daf77ae7d2b7dbef44c5cf7e19805ee

SHA1
48c06099aee249dd05b268749836e3021e27cfb5

SHA256
22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528

SHA512
b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\el\messages.json

Filesize
3KB

MD5
32886978ef4b5231f921eb54e683eb10

SHA1
9e2626e158cbd26a2a24a50e4e8cfd98a49984e9

SHA256
728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f

SHA512
416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
708B

MD5
c4e77421f3361277f7e3aa3472b5eb10

SHA1
f8ddd7cd0cce742e68443d173196471e8a23bd83

SHA256
c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7

SHA512
6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\es\messages.json

Filesize
878B

MD5
59cb3a9999dfbd19c3e3098f3b067634

SHA1
bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4

SHA256
02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533

SHA512
9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\es_419\messages.json

Filesize
880B

MD5
94bc2d5609f6d670e181e1ff0d041869

SHA1
58d2c17878e7b6e73daa544b8ca7774e5d902a17

SHA256
e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7

SHA512
04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\et\messages.json

Filesize
914B

MD5
b18007bfc2b55d2f5839a8912110b98d

SHA1
842ecac418424b2fff4db81e4385d59e098b65de

SHA256
7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f

SHA512
166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\fa\messages.json

Filesize
2KB

MD5
e578e08ee604158d674982ba060396fd

SHA1
fd601092203317fe9f576fbfd675e274001efa80

SHA256
e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e

SHA512
131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\fi\messages.json

Filesize
840B

MD5
1d4778e02337674d7d0664b5e7dfcbbe

SHA1
fe1763ac0a903a47446a5896a2d12cce5d343522

SHA256
a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213

SHA512
771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\fil\messages.json

Filesize
799B

MD5
f954b2e970dc96e5889499db7392fd59

SHA1
39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf

SHA256
41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a

SHA512
23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\fr\messages.json

Filesize
902B

MD5
85718fe4820c674c5305d33dfb5cbddc

SHA1
d4170743349f3e037718fde17bc63a369c2e218a

SHA256
6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c

SHA512
678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
901B

MD5
681422e3fcf8711af8eefbb75a607c8e

SHA1
3d3576a989c8010a397888429476f2800052e79a

SHA256
af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317

SHA512
2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\gu\messages.json

Filesize
2KB

MD5
86de754c2d6b550048c9d914e55b5ff0

SHA1
5b6654101b3596742be06b18ef2a5d81da569ee5

SHA256
cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61

SHA512
3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\hi\messages.json

Filesize
2KB

MD5
4a9c9f947b479e5d89c38752af3c70ea

SHA1
799c5c0ba3e11ad535fa465ab87007c36b466c6a

SHA256
14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e

SHA512
293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\hr\messages.json

Filesize
863B

MD5
eb6c5133c1fe7f9e8e4449a917d185d9

SHA1
9be42ac75487a77dfbbf01ea2098886e69956356

SHA256
985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1

SHA512
1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
fb8d08676aa88683f27a2759c5837529

SHA1
80badd0de6a8d87a8e14232f71fbcbe231eee443

SHA256
cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7

SHA512
5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\id\messages.json

Filesize
718B

MD5
3fefe403f5f537d9a2d28ab36b2c1a94

SHA1
dd674520092f333aff63138f660987fbd8fa51e0

SHA256
35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb

SHA512
45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\it\messages.json

Filesize
756B

MD5
88a9acd41521d1d00b870e2da3044a88

SHA1
36716937ce047463dbfa5cf1f5ef4277fe354d9e

SHA256
3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345

SHA512
a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
113a674f2e4c66cc4d2a9c66ed77adea

SHA1
f5d38b743efa022d6f886bacd3afa850557e2762

SHA256
c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35

SHA512
e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\kn\messages.json

Filesize
3KB

MD5
f55ce2e64a06806b43816ab17d8ee623

SHA1
27affcf13c15913761d0811b7ae1143e39f9eea4

SHA256
5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed

SHA512
a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
e71a91fe65dd32cac3925ce639441675

SHA1
91c981f572497a540c0c2c1d5fb28156d7e49416

SHA256
57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec

SHA512
2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\lt\messages.json

Filesize
1002B

MD5
8047409dcc27bfcc97b3abce6dab20ef

SHA1
d85f7a7a3d16c441560d95ce094428973cbad725

SHA256
b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c

SHA512
4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\lv\messages.json

Filesize
959B

MD5
20fa89ba92628f56d36ae5bd0909cb15

SHA1
52d19152e2d5848ebaf0103d164de028efecdbb7

SHA256
80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267

SHA512
5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ml\messages.json

Filesize
3KB

MD5
ce70315e2aaeda0999da38cc9fe65281

SHA1
d47fc92d30ec36dcc102d5957bb47a6c5b1cd121

SHA256
907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663

SHA512
af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\mr\messages.json

Filesize
2KB

MD5
34ce3fa84e699bce78e026d0f0a0c705

SHA1
5c56d09af53d521fe4224a77aa66e61a3b0165ca

SHA256
275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3

SHA512
3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ms\messages.json

Filesize
796B

MD5
db4d49231c88c11e8d8c3d71a9b7d3d4

SHA1
4829115ace32c4e769255cf10807f3bdb1766f44

SHA256
9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81

SHA512
c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\nl\messages.json

Filesize
771B

MD5
d448e11801349ab5704df8446fe3fa4c

SHA1
6e299363c264fa84710d6dbeaedc3b41b7fe0e42

SHA256
e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198

SHA512
49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\no\messages.json

Filesize
758B

MD5
66439ba3ed5ba0c702ef94793e15de83

SHA1
2b3ca2c2be15207deae55e1d667c9dcdc9241c74

SHA256
b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518

SHA512
8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
10ba7fe4cab38642419be8fef9e78178

SHA1
fddd00441dccff459f8abca12ba1856b9b1e299b

SHA256
6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d

SHA512
07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
832B

MD5
8e24ec937237f48ac98b27f47b688c90

SHA1
bf47d23436a890b31799fff14a1d251720eced00

SHA256
a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68

SHA512
060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
855B

MD5
aa431ec252b4339a49d172c6b9292ba3

SHA1
26fd7003368d5342620464a53af547ddea7c7328

SHA256
156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357

SHA512
c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ro\messages.json

Filesize
930B

MD5
ee122cf26ebe1ad0cc733b117a89ff3b

SHA1
a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e

SHA256
4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c

SHA512
4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ru\messages.json

Filesize
2KB

MD5
f70662272a8fc9141a295a54002f644f

SHA1
23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0

SHA256
df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7

SHA512
b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\sk\messages.json

Filesize
947B

MD5
a46e08b45be0532e461e007e894b94f4

SHA1
387b703c55af0cf77874a1b340969ece79c2705e

SHA256
5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3

SHA512
388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\sl\messages.json

Filesize
855B

MD5
9cdfa5371f28427f129d200338c47494

SHA1
19653347e92967564bd8df14fde2eea2dc87bceb

SHA256
75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581

SHA512
e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\sr\messages.json

Filesize
2KB

MD5
c2026342237e7686b1932af5b54f8110

SHA1
5af235b29947c7f770070f0a693979d9191fadb5

SHA256
a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73

SHA512
2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\sv\messages.json

Filesize
800B

MD5
f008f729147f028a91e700008130da52

SHA1
643fff3dc0694fd28749768314150b30572caa54

SHA256
5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba

SHA512
f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\sw\messages.json

Filesize
840B

MD5
84eb1d6e827e40c578469eaab778e368

SHA1
3f53de16ab05f7e03ae6c8605c2339043c1a385f

SHA256
2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f

SHA512
7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ta\messages.json

Filesize
3KB

MD5
24626ad7b8058866033738380776f59b

SHA1
a6abd9ab8ba022ea6619252df8422bf5f73b6a24

SHA256
3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957

SHA512
4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\te\messages.json

Filesize
3KB

MD5
50ab4deabad394d13c265b8b80d9f9c3

SHA1
ce9c786cc92359ca34483bd57ce121f699920ddb

SHA256
90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599

SHA512
3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\th\messages.json

Filesize
2KB

MD5
0875b0bad81161ccf2c16e13ee49af9d

SHA1
686663983a022689dedf5ba22c0f169e1a654e64

SHA256
d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810

SHA512
d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
3104bcd0d4ad6b47fe36f36c1b5aa333

SHA1
36ec46c7230487c0d26e185aa82f340d8312a265

SHA256
ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35

SHA512
873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\uk\messages.json

Filesize
2KB

MD5
ae938164f7ac0e7c7f120742de2beb1e

SHA1
fc49041249eaef40632f27faa8561582d510d4e3

SHA256
08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174

SHA512
b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\ur\messages.json

Filesize
2KB

MD5
f6e8fca4fd1a7af320d4d30d6055fa6d

SHA1
1c4aae49c08a0e4ee3544063c10fe86e7fdab05e

SHA256
504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a

SHA512
241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
1e54afbacca335be3a050920ddfbe863

SHA1
fabd5e9d6bda46c9708a0ee26302156ca413a1dc

SHA256
f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327

SHA512
dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
1KB

MD5
e910d3f03f0349f5c8a6a541107375d5

SHA1
2f3482194c98ecbd58a42bd29bb853267c49a39a

SHA256
3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc

SHA512
387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
1KB

MD5
b571e4cefd96a2651ffb6621c4d3d1b4

SHA1
9fce97192139d1ec0885fd62a059fa81e473f9c5

SHA256
16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146

SHA512
6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\manifest.fingerprint

Filesize
66B

MD5
015da6c5ba421643a8b70f607769bdcb

SHA1
3b0803a9c69a41be2a07d1c85fd0daa77b3e6fb8

SHA256
fcbe092bb1f107fdd3fcd5b611994c65db5818f11c76a63fd79a67db09c5cb72

SHA512
c57d19088f0b46a483b86246ad2090905308327ae86ec9815588291b0baf0e0af94f3aace885be4b94d0189fd672a4c8e512a188cb0e2bbb6d0dea46805c2f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1832_937113119\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Local\Temp\upd10.tmp

Filesize
8.5MB

MD5
62c0b4f49b7bcbeb759fb4f227072129

SHA1
f6f7cffbddbb4cc50f5647d81e95722f1f4d9cb6

SHA256
8f4151291000b80a3f6150c1cc3939f5ee80b022e0fab58d21b5dbeaf179162f

SHA512
44cd1698d51aca6337850c5fd02dcacdf528268748178539320f216440daf46b435c4ce82c69befba314011fa45a34b3964438bf0264eb2a59bda869b55d4f4d

Download Submit
memory/3600-0-0x00000000779B1000-0x0000000077AD1000-memory.dmp

Filesize
1.1MB

Download
memory/5176-891-0x00000000040E0000-0x0000000004114000-memory.dmp

Filesize
208KB

Download
memory/5176-890-0x00000000040E0000-0x0000000004114000-memory.dmp

Filesize
208KB

Download
memory/5176-889-0x00000000040E0000-0x0000000004114000-memory.dmp

Filesize
208KB

Download
memory/5176-115-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/5176-886-0x00000000040E0000-0x0000000004114000-memory.dmp

Filesize
208KB

Download