9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1

Analysis

max time kernel
432s
max time network
715s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31/03/2023, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

8167c12849ea1a38a97a0e5d2e131d22
SHA1

378fcf0e368925a97e0b97548103e62e78f668de
SHA256

9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1
SHA512

6a60ffd0ec1a8b6363ba72ad2c138d24298e44ffa8169824d153b326d43cc33d6dae927ba15799c017e4df80d8a665727bd4af7ae7c7c04ab367d8523b2b6b6c
SSDEEP

98304:qPxoH1bw2wniA9q7hbBLKeqV9PdDOAz9ulhDAtmLPUFOOY961QdOjcXSnoJm:qJcb+Zq7hbyVbPtmhOGOtp

Score

8^/10

persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
852	OperaGXSetup.exe
1540	_sfx.exe
680	assistant_installer.exe
1208	assistant_installer.exe

Loads dropped DLL 11 IoCs

pid	Process
904	OperaGXSetup.exe
1292	OperaGXSetup.exe
904	OperaGXSetup.exe
852	OperaGXSetup.exe
1664	OperaGXSetup.exe
936	OperaGXSetup.exe
904	OperaGXSetup.exe
904	OperaGXSetup.exe
904	OperaGXSetup.exe
904	OperaGXSetup.exe
680	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/904-57-0x0000000000F60000-0x0000000001548000-memory.dmp	upx
behavioral1/files/0x00070000000139dd-65.dat	upx
behavioral1/files/0x00070000000139dd-68.dat	upx
behavioral1/memory/852-72-0x00000000011C0000-0x00000000017A8000-memory.dmp	upx
behavioral1/memory/1292-73-0x0000000000F60000-0x0000000001548000-memory.dmp	upx
behavioral1/memory/1664-276-0x0000000000F60000-0x0000000001548000-memory.dmp	upx
behavioral1/memory/936-277-0x0000000000F60000-0x0000000001548000-memory.dmp	upx
behavioral1/memory/1664-960-0x0000000000F60000-0x0000000001548000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2580	chrome.exe
2580	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2940	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe
2940	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
904	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 1292	904	OperaGXSetup.exe	27
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 852	904	OperaGXSetup.exe	28
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 904 wrote to memory of 1664	904	OperaGXSetup.exe	31
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 1664 wrote to memory of 936	1664	OperaGXSetup.exe	32
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 1540	904	OperaGXSetup.exe	33
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 904 wrote to memory of 680	904	OperaGXSetup.exe	34
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 680 wrote to memory of 1208	680	assistant_installer.exe	35
PID 2012 wrote to memory of 1876	2012	chrome.exe	38
PID 2012 wrote to memory of 1876	2012	chrome.exe	38
PID 2012 wrote to memory of 1876	2012	chrome.exe	38
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40
PID 2012 wrote to memory of 1464	2012	chrome.exe	40

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=96.0.4693.127 --initial-client-data=0x194,0x198,0x19c,0x168,0x1a0,0x7494a4b0,0x7494a4c0,0x7494a4cc
  2⤵
  - Loads dropped DLL
  PID:1292
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:852
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=904 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20230331223703" --session-guid=277ead92-bd22-41de-85c1-76ce7c49d53a --server-tracking-blob=NmVjOTlkMzM4OGNjMGI5NzZjN2EzYzkwZjVlZTRlYTUxZjJkZTRjNThlYjVhYzJjZWY5MTE2NmEyYTRjNzFjNDp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3RyeWFnYWluPXllcyZ1dG1fc291cmNlPWdvb2dsZS1hZHMmdXRtX21lZGl1bT1iYV9vc2UmdXRtX2NhbXBhaWduPSUyNTIzMDElMjUyMC0lMjUyMFVTJTI1MjAtJTI1MjBTZWFyY2glMjUyMC0lMjUyMEVOJTI1MjAtJTI1MjBCcmFuZGVkJTI1MjAtJTI1MjAyMDE3JnV0bV9jb250ZW50PWdvb2dsZSUyMGNwYyZ1dG1faWQ9Z2NsaWRDajBLQ1Fqd2lacWhCaENKQVJJc0FDSEhFSF9DdTdDejFhV3JlenFuTjJKSEVqQ2ZMYmdsanlrbTcyeWN5MDVub1Bpdk1nVndyd0VqVWRnYUFzMlhFQUx3X3djQiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lmdvb2dsZS5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJiZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tLyZkbF90b2tlbj04MDQ2NTkxNCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjgwMjk0OTIxLjU0ODIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBDck9TIHg4Nl82NCAxNDgxNi4xMzEuNCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiJTIzMDElMjAtJTIwVVMlMjAtJTIwU2VhcmNoJTIwLSUyMEVOJTIwLSUyMEJyYW5kZWQlMjAtJTIwMjAxNyIsImNvbnRlbnQiOiJnb29nbGUgY3BjIiwiaWQiOiJnY2xpZENqMEtDUWp3aVpxaEJoQ0pBUklzQUNISEVIX0N1N0N6MWFXcmV6cW5OMkpIRWpDZkxiZ2xqeWttNzJ5Y3kwNW5vUGl2TWdWd3J3RWpVZGdhQXMyWEVBTHdfd2NCIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiYmFfb3NlIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZS1hZHMiLCJ0cnlhZ2FpbiI6InllcyJ9LCJ1dWlkIjoiZWJlZmI3MDItZmQyNy00NmI4LTkyOTMtNjQxODFlNGY2MjMwIn0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=4406000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
    C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=96.0.4693.127 --initial-client-data=0x1a4,0x1a8,0x1ac,0x16c,0x1b0,0x732ba4b0,0x732ba4c0,0x732ba4cc
    3⤵
    - Loads dropped DLL
    PID:936
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x1464f48,0x1464f58,0x1464f64
    3⤵
    - Executes dropped EXE
    PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7119758,0x7fef7119768,0x7fef7119778
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2044 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3624 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3980 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1064 --field-trial-handle=1296,i,9518849935767679169,5023031853345895861,131072 /prefetch:1
  2⤵
  PID:2956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2304

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7119758,0x7fef7119768,0x7fef7119778
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3236 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2636 --field-trial-handle=1284,i,1034514067400675260,4133690148460796650,131072 /prefetch:1
  2⤵
  PID:752

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
5c3fca191ecdf2682d54b2b500947607

SHA1
61dede4dc0807e2d21fd1ab1b73340442b8d12f4

SHA256
a4bed846a940c16625413ec13e9abfdab8f38f703599381cec7271b21c495360

SHA512
6665d71274e2a6be56976d4d4e95a2a7174fdce600918a483d5d794a60e58c6e63cfc19bbd001b2bf369fed400202aeff34fec8c6a2f4c666813d306e2d402c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
84b1f477c90dbeb15a36b2ccac368a13

SHA1
98258bc6548a59dbdbf2baedc3a8ba94140c7d57

SHA256
00af63b52d5ab007911925c905af313aefb5f6b61e8dfd17bed35abf8b0786ef

SHA512
ab277579fb932eb95fb2b84ec4e8c12aecc196113e24d6cea3a7d182af20266a8997dd55ccf878c8e65332ae081635e8420da84fe13b2908087e8c46054ccc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
cf261e5c3334c7bf9de60390d0d50b0d

SHA1
e2a2314dcdcd6205b6c3b4b3341dab93ad2ed99d

SHA256
0141f5d47f8f24a9b6a2791706db36dc0d61877cfbb55f15b11aab02d4b61fdc

SHA512
6a042078c38c7382c452df9fd9d1c5b3f3c2e866c1da768153e46ae6a563468cceeb9823734237ccdc83d415ab1a9db5169b0706d8aefc73aea7e24405282b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a4d3fda08904f3e4d5e6b761c213f0d

SHA1
c97b7b18b7c123fc077929752e4167c04105d4fa

SHA256
d5796ddc5f0ed8e56afc0621197c560646252a766058a4d918f6ccf6553812fc

SHA512
beead07dd3878b8f0915942865aae39838487df75a73b5ffb1cffe3bf7a15e26a335031aee7c0956b1544e5d0d7c4f51ed9954829243f8f15235f309decb5573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ffdfe11d1fac0457b799e5327feac9f6

SHA1
2e5bd4fde1f76e932d6e026ea50ed5f7801e64e5

SHA256
029179d94e029403f1676b54f83d809a597ecd1f0a06edcadcd47a122e8faf0f

SHA512
a119fdf686c33b78dcd282f8409edaae8bb403632daaa1ea58146c4d9bf5bce241dc85bac00b4c2ce65014a4a66de16e1c0c460be84512cf259d5e9f7ad60bbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d051c6db7df99038871fe53b15337647

SHA1
e69725785ebfd0f0416c5b269748dcdea565671d

SHA256
e682ef806a68940b3a47405dd6a62ceee5860c0a6bbb61b2152a0467b1f6ef19

SHA512
517ebd123c2f87396991c68750ec050adb225533c690990b839f4e676eefce620da179bbfc36712af1f8cedbaecc7a7b7b39902939a2668fe28c9237c8868ab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0c1836e4f9cd77870c83f0599d08fba6

SHA1
c524f072e6bb2a2b8017a5de1f7c5629b58a2271

SHA256
82d3b95807d1d21fc6e9718fd892f576a784709760f880df36e46ea75bc4a412

SHA512
9b37cae0be795faa1d3696626162b5fa4a9366b71d58248a35bb8d3092372a653422724ce33534e87325c550c6d729db7b13ddd77f282be86eede2c3821901a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
e6f54caa19f91cad220b490ecc739115

SHA1
5f31201a7a2821e98733a8775980263f2ab434d1

SHA256
2244bc2c3aa37612d7e0d5de5989dbf0fa978281e2229752d15abc7092caa465

SHA512
bd7980fd53b4aa964e769b6dcc9a3aa42c44b9674745a1c7d2ce87d766f7e0f95ebf0777a4e7dd2fd67461a763d86e5ef0ece34e55b96dbcd857b119cbc59808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
369601f24b80114eb02fa1fb5ec1641a

SHA1
e441bca5e12746169efc39724444b471be43058a

SHA256
6a6d8684a59ae9a8939c84d6ad2475f41234b107ab048fcb726d8a896e759942

SHA512
57caa1cc83178d75891bc7579de239cad3c6e397093d24616884b98dc7b664b51b6d2d510cca432a48601e65410ad48d6a755eb6314b22fb3fe36fe4bea4f99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\31642386-37b4-4675-870e-8ae931d8e94b.tmp

Filesize
173KB

MD5
efc81d785a1ad6727ac74b60e535ea3e

SHA1
d71c1bbbf57d50d1f9f4a14473ff18e2ae8aa9fe

SHA256
83313372b22ae0852122362efa27110900c63eef0ede5ccf96df7da22741a1d2

SHA512
2f5fa761d097b077d77dbe6e73d094725ba4d2f59e07f4af911afc07b451f82972ce7975ffa48901f923fcaa6f140e87d1f0a0a597873cddd141deee7322e4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ce02c3a1c2e2258c20b1dd34b4a59138

SHA1
90b58959a14186809ae02b948820e46c5725bc13

SHA256
9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

SHA512
f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ce02c3a1c2e2258c20b1dd34b4a59138

SHA1
90b58959a14186809ae02b948820e46c5725bc13

SHA256
9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

SHA512
f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
635c611c15705b1f421013a17a2f5dc2

SHA1
c819bf3e5e5903929861be4d92e5a9ca387d954a

SHA256
4faac978c57cbee8bcd0df36b4b61170fdbc30a43be7d6546dc95557084feea6

SHA512
0a95cdd0849029cd0053ab92935ac4deb2ea61058c8e750b288c68cef476e39feb0ebc32eccc34b7b753b6d2650b00bba4e41ca3ff22afb712e2738b90ca532c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
7badd42f267e75b5cd8ba5724e3ee478

SHA1
450f6e67de4213a1fb35d67466f9c11579ef05a8

SHA256
47ca31b92bb8e5f5aee18ed8d6b5c1826f85e16e8a558f6534a1d97e4fbc1ab6

SHA512
e7c53edfdfc8f2e43299b3636b531161e96cf306b749443830b2e3377dcf1eaa00d4d6466ef956d217749889608b25d88b3be7f27e149e63b4bcae42be2f7081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
4e37e62fdefe4fa095f6b177e50f84c8

SHA1
a7c2a2e3c94735f38d2e35bafb071cc64f7e772d

SHA256
c4b7a6e287b4f40a3c9c8dd2df6941fe9c735783d508302d05a637346cf16a0a

SHA512
d6852129b754ad7d52ba9441282795cf2cf57130ca94e7bf4e263c9924b163261be06af34714464926d2fed7b1531d394e4b53a8e66cddb83ae5449b6cbf4da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF70ae2b.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7badd42f267e75b5cd8ba5724e3ee478

SHA1
450f6e67de4213a1fb35d67466f9c11579ef05a8

SHA256
47ca31b92bb8e5f5aee18ed8d6b5c1826f85e16e8a558f6534a1d97e4fbc1ab6

SHA512
e7c53edfdfc8f2e43299b3636b531161e96cf306b749443830b2e3377dcf1eaa00d4d6466ef956d217749889608b25d88b3be7f27e149e63b4bcae42be2f7081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
cb65f75ebb3fc603e456b04ad08fbc73

SHA1
96f8ea2b127b3e78af9f01baffa30d6f7a0da3b0

SHA256
324b18035f7e9036267b60190c8d4f713740cdac5a1452bc6fddf3a7f42b84c7

SHA512
be3d969da4e6648481c968f63c6422e9ab6a2dce0056a397baca13c4d6563d543321a39342b336c5896c1dcb195c4b8480b144569e1592c4f0df0ff0ce8c6527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5fd2f1bf6af82980181c428f0a12eac0

SHA1
8bcf8b2f71a401e5f931d9622698fea07c31263f

SHA256
82b2ccacc67cc9918482cfe6ce5ec612220258a07e635f32493b19f381fa7c3f

SHA512
da5ea7cf74d204e64eebf3482d4b08f71cb5b224682678c1be521322e07014d21580e63e6416f6893e778e0341eabca1778fe7f56821e41f893f1c149a7440c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a88b1cac21b1d989924d54df189fafbc

SHA1
05fb656ab79e95182d723d838378405ff3e286df

SHA256
3a5ffa5bc273efd109a3e7b8648ecf67a5d135f795abdde0467db2785b3a4d1b

SHA512
d938a2c4c485f4cd1e34967e56dcfba7d3ea1466359a36365f0490500dea0ce97684cb47886f979b8f09e261b0f2a40c8d7725643594adfe45202d8e4a743fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
592aca00c93a97c94fe744fd05a6e324

SHA1
32647b640ce6967b76f354200e4f8b8fac66f6f2

SHA256
74406a2eaecbf556b4405bfaf825bb95f2faf4e7160993678ca9532836095bea

SHA512
02fbb4182a1a9dbeae75026d235f6db118d0aadb0552bbdb5affa6187a0583e3f2b617653c6023d6e01f7cdf5730492c4aed38b23e744a4200cf7face62757b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cefb08c5f00a3888c7ecfb412ccfe1b0

SHA1
39b92594d74ec3d0fe7cf1268b4785881c9c5b23

SHA256
5319e4a884d2496ad7d766621793af9a4a67bcaa1ce60735a08fd57cb899282f

SHA512
2aae86bd1e878e010ce356435387a190466be84560d72c05f8b7e1397fa3e1f0b602a27ec65e24c4aa8e0f4aba26650808ef870efdb10c129ec6423cc8ddfb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b60131021f941569373f33a2f5dde41e

SHA1
612f783cce78eb517c539e06469d835c4ad45067

SHA256
ff17be884098d29edff5e04ae9aaf980a6db5f45432b0d3d9aae2aa30da015c6

SHA512
e54d6fb903e5e381fb4f69c43cf9f66e6da0dfc520fe51b110f7ed024438a9ea0a344d2ebfba6db77e7362d5a3dd7c8418df36150434afea96fa1b9361932612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f28afb6e44d4da53ce46296e879ef56

SHA1
dc2204fb6416001acbc025333f90d208022c486a

SHA256
86606c3bc02d86c8243a14ba70c2505d359d90f8bddc2924c28389fd0e764643

SHA512
38c8f84c90bd18d279bff61ab00e0a29c13da45d70b79d49cdc257f6631b1061f72159f04ef09b3d0a13bac645555b6dbd154886ed1cec47c3f40e97d4621dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac9e0fc85584768a3f4709dbb261bdaa

SHA1
9be5f447bc3adc6060dd0799b44212ff2c14fa34

SHA256
a4652611451eac704aa1d17a872b4e771e70b67a46cd6f113da743e790cd46a2

SHA512
7be8d3a0482c5c3d3a4ad75990273819434f118b21e815d20e96e23fff4ec764b66430bf34225de89184e9f7de50c333ff178d422a827a742b7c0c706807f623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13324776104879800

Filesize
3KB

MD5
4d4f043c50ae31e864ec026f135678fe

SHA1
21356a27b4d5ea93541517b01d4864e1276e2b7b

SHA256
59a035329038de78e8260cfb42e8ed9d6b7b3b5fb49d69d7eb9488dc0acdbbd3

SHA512
78a7fc9cdf237975ff1fe3f1fadf94db4c69465332e47993e24c32db0f1218280a6bdc4afdf13e0424f2498130512427283323d04f0834583124dbf97fee39e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb

Filesize
130B

MD5
0d30bb8b60f3c477b7f5bee76de87a5e

SHA1
754db054cc38503c0a7b261489b25208749dce50

SHA256
7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695

SHA512
fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000006.log

Filesize
72B

MD5
d1a1bd591b7a9ea530ac1d83acc3c35f

SHA1
2e084d593b9af19788e0d9a67d4d42cb85e97874

SHA256
504ce968307565cdb6f19ee5d466c4ddc0adbad541e85d97c11c2a0429a06362

SHA512
9a79d1ee042754a2799c00a1a9ab919ffe8ea4bd406d6f4c497e3a0bb551eebac3900db98cf578b9339e799136f3dcabe2603d185b2e1f047a0b9f2b0df18ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
3fe3e35532ccd2a0e87af7a00e0ddc9d

SHA1
943a31d89724aeff7af5515dc1c929bd6622b271

SHA256
6d3434955fe4005fa527c914003679a1655ffbc35daf5b51c1001ffe0c83e150

SHA512
6f4e4e653f8994c8a60d0e0c04c86ee09f8588ef097671cfe30f10fdfc9c289478232671cf013b42e87613fa8897aedd82bec25fef41b75181eaed1af1958bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
66f4476a957a49334c4370fd7ad2586e

SHA1
82695d1f938c7e87b51d4e8a2a133ea64c9590df

SHA256
f0e0ae5aab2434c3ac857ef563599da643195c2ae0cde748761347dfb2467eef

SHA512
599ac23efa920bf9e3597f5ec40be8eb8daf19b9999e68a1868d4dd0b25310ba55a85bfe69bbf447f227bff0a418688a2c4ac728b587c7e3f3b4ab96911c4de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
117B

MD5
63d832bd47d6e550eaef754596d8fdaa

SHA1
3b11fd4048f84fe5143057e7e90a42c4220e1807

SHA256
4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd

SHA512
586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
cd7e806552039c2ca4eae039b5086bdc

SHA1
a61f2fce563b1425486089beefa98116c6396f8a

SHA256
bd2b6f0e77679fc7c1829a1c19c43a6f84b6bb17dccfa40d3ce847efd6e64382

SHA512
17b6b620973e4d53348660dfb74d04118b46d36752ba4379b6a0500a8b1926ee6062b69550fbac7a47f47a71463693bcd9e90359809488c590f3e6daed6917ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b58c3f83-b0e0-4fa4-83bb-e7c14d40aba3.tmp

Filesize
4KB

MD5
072b741033b9d1ee3e359249d946b84d

SHA1
b64d698ceb3f59573c69fdc74dae8ccc09278f1a

SHA256
9058ae33b6dd2383dcbfaddef5b6fd3b2fcd0c06a46671fc0edff5ba634b2323

SHA512
2c6b15e49b628592a35c5c667dfd2c192f2e039721a35311a814fa7ecaa21c6e31d85167e106f4091641ba90eefbda5f894ef49ae8c4700276c142b74da1844e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f52e031a-9016-4e83-bc9b-ae75681f770a.tmp

Filesize
5KB

MD5
44e95b19ccaae29f81bcbe3f5f154da2

SHA1
ff894dbb914cbddfb1608d669e2a48651adfe39b

SHA256
8933bd057b117235208f15d7103c0b18df55d61e4c900aeb126132836118cf44

SHA512
7ab74cc749cc28bc22364e951f5c75d4dde71cd9b77239f591cb6f9b6ab269b336f0395c54438ff9de490a07bd114573703867ffef590d730ed4d04500b6dfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
afbde444908f32efc8a8710a9fb35590

SHA1
532c4e3ad7a628c922e084bb296033918a0bedd1

SHA256
905442758e4898e4819c68c5df722da01259d68cbe01832deb90808c60275554

SHA512
e2a24f93fb69618f1d4c0bf04d183980c2945de00fd968a6133a121afd24b2cd3a530e886398b52c188f1a7ca821aa0173ac76720283775f4d18fc1a3141f4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

Filesize
84B

MD5
be2a12b06745bb5de6254b2592d8ab20

SHA1
19a3dc035140689628e54095af6c4b4dae44b55d

SHA256
29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944

SHA512
fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
efc81d785a1ad6727ac74b60e535ea3e

SHA1
d71c1bbbf57d50d1f9f4a14473ff18e2ae8aa9fe

SHA256
83313372b22ae0852122362efa27110900c63eef0ede5ccf96df7da22741a1d2

SHA512
2f5fa761d097b077d77dbe6e73d094725ba4d2f59e07f4af911afc07b451f82972ce7975ffa48901f923fcaa6f140e87d1f0a0a597873cddd141deee7322e4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
a408d1d0782ab16a8b4c1aa8032c5614

SHA1
46bf72adfb2012c612b711a0f64104f354781f44

SHA256
f7190c702dff916739470dd041fd63978b8c19566da3582a5ce785dec24118fe

SHA512
06e1aec747dfba1bb0350f089fe8029423d81ed3025206098e83b9532a5ad2acdbb2989f8bdee24e2a91dc3f371e6106eaf321230e48fb2232d111a1742cd811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b40dea947bd51fa252e92b31a6a7ee75

SHA1
ac29bcc5a898c892cdb37196515ca0f74b676cce

SHA256
192170a342fb9b8fcc4740bd2d5af6d6636857704514ee415a33a079a28ddbf9

SHA512
c8371936d121d05e1a87d32d4bfeda1fd0fc2519e32f4d8b00fc95e51b2a28d0c151c6f6bf04405bcdd010de38ff24a3d6517d33538ef3ca279fce2464a81fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fa540043-375a-48e8-8186-c334b0cc3882.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.4MB

MD5
8167c12849ea1a38a97a0e5d2e131d22

SHA1
378fcf0e368925a97e0b97548103e62e78f668de

SHA256
9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1

SHA512
6a60ffd0ec1a8b6363ba72ad2c138d24298e44ffa8169824d153b326d43cc33d6dae927ba15799c017e4df80d8a665727bd4af7ae7c7c04ab367d8523b2b6b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\opera_package

Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE1D.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230331223703124852.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEAD.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4EC.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
0a847d17957a080c7adaf0a8c1ed698e

SHA1
4e382814fd6c09580e5c54d15b52e1a159b286fc

SHA256
2f0a19a3fdfe0399c525fa180fd06d2130a398581af4b8f8dacea3f686ddad99

SHA512
4c4cea23daf0a0b3bbe7305c7348536e45415651c1b153a57c97e6f5e9e663eb8eef361d5f710ef0acbf1a1c5628d7d67a0032b186bdc32fb9da1929cd2bab4a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
0a847d17957a080c7adaf0a8c1ed698e

SHA1
4e382814fd6c09580e5c54d15b52e1a159b286fc

SHA256
2f0a19a3fdfe0399c525fa180fd06d2130a398581af4b8f8dacea3f686ddad99

SHA512
4c4cea23daf0a0b3bbe7305c7348536e45415651c1b153a57c97e6f5e9e663eb8eef361d5f710ef0acbf1a1c5628d7d67a0032b186bdc32fb9da1929cd2bab4a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
0a847d17957a080c7adaf0a8c1ed698e

SHA1
4e382814fd6c09580e5c54d15b52e1a159b286fc

SHA256
2f0a19a3fdfe0399c525fa180fd06d2130a398581af4b8f8dacea3f686ddad99

SHA512
4c4cea23daf0a0b3bbe7305c7348536e45415651c1b153a57c97e6f5e9e663eb8eef361d5f710ef0acbf1a1c5628d7d67a0032b186bdc32fb9da1929cd2bab4a

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.4MB

MD5
8167c12849ea1a38a97a0e5d2e131d22

SHA1
378fcf0e368925a97e0b97548103e62e78f668de

SHA256
9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1

SHA512
6a60ffd0ec1a8b6363ba72ad2c138d24298e44ffa8169824d153b326d43cc33d6dae927ba15799c017e4df80d8a665727bd4af7ae7c7c04ab367d8523b2b6b6c

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\opera_package

Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303312237031\opera_package

Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230331223701472904.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303312237025161292.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230331223703124852.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303312237316251664.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230331223732046936.dll

Filesize
5.3MB

MD5
1cf4908922ff2de82dfcc53695db91ce

SHA1
593c480c5d14560fc68622233a9465359f48e12f

SHA256
d4504f4874884779cc23606a9b219e442ab38e49e9f8f7c7ffe8b51d45d76592

SHA512
a2dda90f7358eb63d91debd4c7b53606cd8da212f6c2854125fe6b5e38ad267868e1aca1292dad7e2211acbded5d1ac17c54724d640effbd6086c9e7a8795bc1

Download Submit
memory/852-72-0x00000000011C0000-0x00000000017A8000-memory.dmp

Filesize
5.9MB

Download
memory/904-97-0x0000000002C30000-0x0000000003218000-memory.dmp

Filesize
5.9MB

Download
memory/904-74-0x00000000035E0000-0x0000000003BC8000-memory.dmp

Filesize
5.9MB

Download
memory/904-98-0x00000000035E0000-0x0000000003BC8000-memory.dmp

Filesize
5.9MB

Download
memory/904-275-0x0000000006860000-0x0000000006E48000-memory.dmp

Filesize
5.9MB

Download
memory/904-347-0x0000000006860000-0x0000000006E48000-memory.dmp

Filesize
5.9MB

Download
memory/904-57-0x0000000000F60000-0x0000000001548000-memory.dmp

Filesize
5.9MB

Download
memory/936-277-0x0000000000F60000-0x0000000001548000-memory.dmp

Filesize
5.9MB

Download
memory/1292-73-0x0000000000F60000-0x0000000001548000-memory.dmp

Filesize
5.9MB

Download
memory/1664-960-0x0000000000F60000-0x0000000001548000-memory.dmp

Filesize
5.9MB

Download
memory/1664-276-0x0000000000F60000-0x0000000001548000-memory.dmp

Filesize
5.9MB

Download
memory/2940-946-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2940-945-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download