hxxp://vegax[.]gg

Analysis

max time kernel
363s
max time network
367s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vegax.gg

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation	setup85472098.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation	Vega X_85472098.exe

Executes dropped EXE 12 IoCs

pid	Process
5760	Vega X_85472098.exe
5444	setup85472098.exe
5672	setup85472098.exe
4564	OfferInstaller.exe
4800	OperaGX.exe
888	OperaGX.exe
3648	OperaGX.exe
2628	OperaGX.exe
3800	OperaGX.exe
5580	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3856	assistant_installer.exe
5100	assistant_installer.exe

Loads dropped DLL 64 IoCs

pid	Process
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5444	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe
5672	setup85472098.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00060000000233cb-1363.dat	upx
behavioral1/memory/4800-1364-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx
behavioral1/memory/3648-1376-0x00000000003C0000-0x0000000000979000-memory.dmp	upx
behavioral1/memory/3648-1381-0x00000000003C0000-0x0000000000979000-memory.dmp	upx
behavioral1/memory/3800-1385-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx
behavioral1/memory/4800-1403-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx
behavioral1/memory/888-1404-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx
behavioral1/memory/2628-1407-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx
behavioral1/memory/3800-1408-0x0000000000DF0000-0x00000000013A9000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGX.exe
File opened (read-only)	\??\F:	OperaGX.exe
File opened (read-only)	\??\D:	OperaGX.exe
File opened (read-only)	\??\F:	OperaGX.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Delays execution with timeout.exe 4 IoCs

evasion

pid	Process
5364	timeout.exe
5544	timeout.exe
4316	timeout.exe
5360	timeout.exe

Enumerates processes with tasklist 1 TTPs 4 IoCs

Process Discovery

T1057

pid	Process
5864	tasklist.exe
5720	tasklist.exe
1768	tasklist.exe
4532	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413281130066188"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Opera GXStable	Vega X_85472098.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OperaGX Stable	Vega X_85472098.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	Vega X_85472098.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup85472098.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup85472098.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup85472098.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGX.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Vega X.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Vega X(1).zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Vega X_85472098.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5752	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
220	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe
220	taskmgr.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
5760	Vega X_85472098.exe
5760	Vega X_85472098.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
5760	Vega X_85472098.exe
5444	setup85472098.exe
4800	OperaGX.exe
888	OperaGX.exe
3648	OperaGX.exe
2628	OperaGX.exe
3800	OperaGX.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
5580	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3856	assistant_installer.exe
5100	assistant_installer.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 5092	1968	chrome.exe	66
PID 1968 wrote to memory of 5092	1968	chrome.exe	66
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 3192	1968	chrome.exe	88
PID 1968 wrote to memory of 996	1968	chrome.exe	89
PID 1968 wrote to memory of 996	1968	chrome.exe	89
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90
PID 1968 wrote to memory of 856	1968	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://vegax.gg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e9b9758,0x7ffa9e9b9768,0x7ffa9e9b9778
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4848 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5164 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3564 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3864 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6684 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5052 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5068 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6224 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1800 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7152 --field-trial-handle=1888,i,15808489521346000860,12370834635631650406,131072 /prefetch:2
  2⤵
  PID:4292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4624

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\42b8ae4424664cb3b950074ceae3c156 /t 4668 /p 1968
1⤵
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:332
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.0.1413978014\1598340884" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88a9181d-f3e6-47a8-bb33-4b411a5cb780} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 2012 1885a9f8d58 gpu
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.1.195154045\634897441" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {198e0275-c460-4cb9-8849-8c9a667f552d} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 2412 1884df72558 socket
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.2.2016619172\338242974" -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3272 -prefsLen 20934 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37d4f23a-32fc-4ee9-8f46-758e43b8a845} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 3428 1885eb0b258 tab
    3⤵
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.3.835716487\584102201" -childID 2 -isForBrowser -prefsHandle 1356 -prefMapHandle 1352 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c4daaec-7c68-49b4-80be-8281e9bf6b95} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 3308 1884df68a58 tab
    3⤵
    PID:560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.4.1791283837\1491599335" -childID 3 -isForBrowser -prefsHandle 4524 -prefMapHandle 4520 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0b60431-9bb6-4d7c-bf5f-d34fa6134054} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 4568 1886078d158 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.7.744172534\1668393565" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ff2cbf-2c2b-4af7-9422-cf60b9512693} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5440 188612a4258 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.6.801301216\347335292" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99688de3-9e87-44f1-b58e-d0732ab7f434} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5248 18860d8e258 tab
    3⤵
    PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.5.438615234\2058629634" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5080 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc62156-4768-4d81-ae02-ec7eea3cdc30} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5084 18860d8dc58 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\0be819d0-681a-41ed-a992-541f5cf6b6fd.dmp"
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.8.812143130\1315252763" -childID 7 -isForBrowser -prefsHandle 4672 -prefMapHandle 4972 -prefsLen 26577 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31eb070f-9065-4fbb-94ce-2c4559b175ca} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6012 1884df65f58 tab
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.9.704229656\1307970097" -parentBuildID 20221007134813 -prefsHandle 4948 -prefMapHandle 5676 -prefsLen 26656 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7b0e15-9581-4346-ac4a-55d03d2904f7} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 4972 188622d2c58 rdd
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.11.929526979\100564053" -childID 9 -isForBrowser -prefsHandle 6212 -prefMapHandle 6216 -prefsLen 26656 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bfcac91-7ea8-4c50-a3c5-62ef6ef2cd16} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6200 18862044558 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.12.880559529\678780088" -childID 10 -isForBrowser -prefsHandle 6412 -prefMapHandle 6416 -prefsLen 26656 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {910ca9bf-2bdb-420e-a284-8422e6c810c9} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6404 18861ec0858 tab
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.10.1191945808\923840838" -childID 8 -isForBrowser -prefsHandle 5128 -prefMapHandle 4792 -prefsLen 26656 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd67eeb1-2816-4969-94d5-7eed1bf9161f} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 4668 18862043958 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.13.276929037\1869816274" -childID 11 -isForBrowser -prefsHandle 10704 -prefMapHandle 6688 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ec2b82e-c178-4cef-ada7-03e4d2c631f5} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6696 1886078dd58 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.14.405956302\393825408" -childID 12 -isForBrowser -prefsHandle 10692 -prefMapHandle 10252 -prefsLen 27327 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e534642b-2eab-489d-b0ec-36c40a34c663} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6472 1886379c358 tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.15.690198559\1361453304" -childID 13 -isForBrowser -prefsHandle 10256 -prefMapHandle 5908 -prefsLen 27327 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb2f195-bc1d-42d0-bfc9-a9915652e4d6} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5824 188635e3858 tab
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.16.1856410973\1889286338" -childID 14 -isForBrowser -prefsHandle 9948 -prefMapHandle 9960 -prefsLen 27327 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0a3652c-f7f1-4628-a30e-94776f1f75a6} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 9940 18866e3be58 tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.17.1035962086\961928446" -childID 15 -isForBrowser -prefsHandle 5908 -prefMapHandle 5812 -prefsLen 27327 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {819d6659-f6de-4efb-a96e-9a54d0a02978} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 6696 18866e3c158 tab
    3⤵
    PID:5776
- - C:\Users\Admin\Downloads\Vega X_85472098.exe
    "C:\Users\Admin\Downloads\Vega X_85472098.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:5760
  - - C:\Users\Admin\AppData\Local\setup85472098.exe
      C:\Users\Admin\AppData\Local\setup85472098.exe hhwnd=394378 hreturntoinstaller hextras=id:3edef7f19b9beb4-US-5vIFZ
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious use of SetWindowsHookEx
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
        5⤵
        Executes dropped EXE
        
        PID:4564
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
        6⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 4564" /fo csv
        7⤵
        Enumerates processes with tasklist
        
        PID:5864
        
        C:\Windows\SysWOW64\find.exe
        
        find /I "4564"
        7⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        7⤵
        Delays execution with timeout.exe
        
        PID:5544
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 4564" /fo csv
        7⤵
        Enumerates processes with tasklist
        
        PID:5720
        
        C:\Windows\SysWOW64\find.exe
        
        find /I "4564"
        7⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        7⤵
        Delays execution with timeout.exe
        
        PID:4316
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 4564" /fo csv
        7⤵
        Enumerates processes with tasklist
        
        PID:1768
        
        C:\Windows\SysWOW64\find.exe
        
        find /I "4564"
        7⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        7⤵
        Delays execution with timeout.exe
        
        PID:5360
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
        5⤵
        
        PID:4368
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5444" /fo csv
        6⤵
        Enumerates processes with tasklist
        
        PID:4532
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5444"
        6⤵
        
        PID:2448
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        6⤵
        Delays execution with timeout.exe
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\setup85472098.exe
      C:\Users\Admin\AppData\Local\setup85472098.exe hready
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5672
  - - C:\Users\Admin\AppData\Local\OperaGX.exe
      C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Modifies system certificate store
      Suspicious use of SetWindowsHookEx
      PID:4800
    - - C:\Users\Admin\AppData\Local\OperaGX.exe
        
        C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=102.0.4880.90 --initial-client-data=0x310,0x314,0x318,0x2ec,0x31c,0x71f75608,0x71f75618,0x71f75624
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe" --version
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\OperaGX.exe
        
        "C:\Users\Admin\AppData\Local\OperaGX.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4800 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20231009123225" --session-guid=29edf0d2-ae49-412a-9c45-0b55b1256354 --server-tracking-blob=MjI2ZjhhOGU1ZWI3YWY0OWQ0OTE3MzhjMzQ3MTAxZjBiNGU3ZGYyNjYwODliM2M5ODEzNGI1ZDQ0MDZmNjdlYzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX05MX1BCNV8zNTc1JnV0bV9pZD05MWYyMGE4ZTgxZDc0YzhiOGY5Y2ExN2NmN2U2Yjc2NCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5Njg1NDc0My44ODY0IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX05MX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI5MWYyMGE4ZTgxZDc0YzhiOGY5Y2ExN2NmN2U2Yjc2NCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjIyZTJlYTVlLTZlNzQtNDcxZi05NmI1LTU2YzE2ODc4YWJjZSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7C05000000000000
        5⤵
        Executes dropped EXE
        Enumerates connected drives
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\OperaGX.exe
        
        C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=102.0.4880.90 --initial-client-data=0x31c,0x320,0x324,0x2f4,0x328,0x71345608,0x71345618,0x71345624
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xc74f48,0xc74f58,0xc74f64
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
      4⤵
      Opens file in notepad (likely ransom note)
      PID:5752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.18.1887078931\58519453" -childID 16 -isForBrowser -prefsHandle 9060 -prefMapHandle 4208 -prefsLen 27811 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fded256-daf9-4b57-81cd-51daee08f93b} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5456 18862c6de58 tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.19.1148993317\200392955" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5396 -prefMapHandle 5408 -prefsLen 27811 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e99995ca-2118-4c03-8c62-3eba7d753955} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5372 1886358cb58 utility
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.20.1503196079\1273651973" -childID 17 -isForBrowser -prefsHandle 8932 -prefMapHandle 8912 -prefsLen 27820 -prefMapSize 232645 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a74e6001-4836-4bd4-81f8-8bfebf5707ff} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 8916 188658c4b58 tab
    3⤵
    PID:4648

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5712

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Vega X\READ.txt
1⤵
PID:1120

C:\Users\Admin\Downloads\Vega X\Vega X.exe
"C:\Users\Admin\Downloads\Vega X\Vega X.exe"
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
223bd1bd5e00af42d2f2e22e9aae352c

SHA1
090196e9bf3a76617e40f7707be08a942d190051

SHA256
ca0b5de4a50c65e724327b5154c1af9d971a435e4a1b1b4063dfe9faf1b43cc3

SHA512
f16f984a5d97a94cc4d48b227595c88d43bb4b392b9d85664fe7edddc51ae9529fcf21236113eda82365e63e2b5d3b1ca0e610f7a531342c8e59cad2137264e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7f4b7a1ccd710d2af03b7bfa94976c7f

SHA1
49d760e440dbdda3451bd2d269feb3ae656bda75

SHA256
ebb8efda8785ea1c0d79f6d84a04a7b61e07bd59e4dbe43cd6e56e643b175121

SHA512
c4319b24105924f095203efe4a71ade1939c975854d1e5a77f469fb6520494d2c5d2ee26cbaa400d60ba377aad2a2b35442104bef1c41b785e5d4e0ff1892aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
2fe99778b434c6c4b7efa7c33e94c71b

SHA1
e88d4d6ac867e22ab91cda0c0e89c744b7d3b2ea

SHA256
2ea0d87d805d8fa667c667df36409c62af349c20acf33e8c5e48af377f919944

SHA512
9d7fabc29577149a039683d24e1f2deaadd4fe49f617d0aafa4db716b18a261449dee4f18f159be0dddf3ab286da3eb903b4d79dcf31f153e292397794548312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
d48e6548a63076483795388612cfeb15

SHA1
87f8fe7d8863c4cde49911cc7dd39062c3909bb3

SHA256
73307384f3119d82aa3655bec1469d4648b2e23e8654661c6bc9846e1d139c29

SHA512
a10fa1b9a9888dcaf5f7e4282efdcb44f40a0f651037e4a69202c953d8bb8a10ae1c4d7318926976ff268848b40025f79a4e6166d3f5e389da8a3bb3f63eccf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c35eca9687712c583f4f906c67685766

SHA1
702eeb91dce53edd1a0cb69be9e90130968a66bc

SHA256
17c4fb176fef5cf1ee114f31b942c3fd3219f2eab3bfa772901851a68fc81da3

SHA512
d059a0bafebeaa10d9c85d87c127dd6d0c3d3e9376d9b2008af0e908efc27ce5a7a469b7711a7b3a37e4885fe9f3e4730a1348f5462116b765638ed61838748f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9e5ac83b5c3df8fdbea9b470daa102fa

SHA1
7cd0f0fdaf6f8b860dceada5fe9dba874ab3c846

SHA256
294dfebfe3fbe167e93cf8e749f9e93b88f5b6def46657e064a01713a12f36f5

SHA512
c98e6c7116d63647303c237756e59124b3418772b2dd2f9f711f48df8b02bd7c034029eac961bfb0b5ea46ee9ed73ca298ccb3d23046519adf4c06f9a5e97c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
9f2e05cd30f4de01cedc0b7e9d056a4c

SHA1
2b57aeebd5ba3e0051e613ebdab189e1ae566ede

SHA256
e832021d8506628a6559f742a252d377fe8382348afee1f8b82f355250f8f76c

SHA512
0a45fdbb1e576dd6bdf5998f9ee2ae98c7f94707a6fc252fdce28a3dbc0e912ee725bf9a252a9a44ab8a0a4f08eb183b26bd39d400fee294a5c06e7e764daced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
27caeee9fc0071963bca9a4728d3c1df

SHA1
c96c2167720a03bfb0d8e97db0d2ea626e442830

SHA256
3d6d4f2526cf21e53298097963959d3fe87e3f79d2f9433a4ae35278ec0f3954

SHA512
5233097769f7197716cbdde32f09811c452a923ed547f432091165a0a9ba2432a139ed79a9f2034c04f79e74cf397d447e9ea8b3e87334519ee205337593ecc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e8ac2c747bc1efe3555e06e86fb6b3f9

SHA1
04355fc79313a3614a5fa102f2d1d51545fd05ad

SHA256
84a5b74fd924a14ace47e526751f2096f7290cd2bc22704d62f11775f5470035

SHA512
ab3b25287590931c41fe2697f2edc11272d613dfefd03ac06eed46cf4363025a33bf9e7733f8ac7fbbada0ca7b1c0c75b64de8b1395d94cd2b3b9f36c2872228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
57126792aa720fbc24663930942282e0

SHA1
19f585e665ff5d3b41b55ddd0e85caf42f39a749

SHA256
777e97bb83271fe1f6b8683b4a1d83bc1accf9849e447f68196fc84a8c8d11da

SHA512
ce35031865e69aafa978bb77c745622e7de1081aab20a4994c341f85cfa6d13109d9f0c157a58e48511470070b926252595fc9a4aef4217cd27c8382bafc8acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acc9ef2bfed7315c571a1a2b41fbebc7

SHA1
6e4f32a449e55b292612c876001adeb293babb28

SHA256
419430733d4634444eb4952d208dfdf1877a7fbc3ad6015e8ccd06930ac0629d

SHA512
52b72296b025222b5b4fd4ab86129903e8daa0992a2ef1866300a4c48e1e8274586be0454b0dd7325a1d677aaedd87730757b6bdb5bf24a6caa86f1c5a0f14e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
377f2038a4a1b483ae6224c9c040e608

SHA1
463b05dd6306d0880424dac84e6e6a9e38fc5418

SHA256
30900cb04bd24bc358fcee2150c6ca334a56585b0559ab988f61784a8430c9f8

SHA512
57d1c4b0aeaa35cc8ee0b99bcb31bd37fd79f7ee9aa43bff7df8e52a5189bb85cd871a6519660f6c54e82e3270b6d33ba288327d91d5cd920ff50dd082ae1d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
51b0521dffc471abf43e5e2a214a2e05

SHA1
40b25b8b6aa2b5086c388dae3936f3df5ebb1e1f

SHA256
44ef4db1b81319a2eb104ccdad1aa5a738cdd6a7a9d62c6cb31c5964ac29d651

SHA512
81d038fe08bc92feb848a7d973c5d354b117286d11cfdc910bcabfcd60095900e7f25d0688606c025a655fb223586c961b42ec43def00ce445fe9bfed9e7f286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
60d8c2991167ec9d2ca344eebb07ea1e

SHA1
395393431acc994a190b4d4ea6a66224e6036ba1

SHA256
bca516191f3ecdb3335791d42750cf55641c5017d23ca24288f5127586183e04

SHA512
664d079ac718bb3173d1c04cd8568a952d7af8622fc412ebe6ff6ba5ab2a37587db782ee0e9d682614ded60b3e21387171fb8fc4d178ee6925792b0f14b0ff78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e62a.TMP

Filesize
48B

MD5
82f41c1535606d88aedeef5533794ead

SHA1
a9b40dd7aca904c73cad6cfaef169c5cbff2a4d8

SHA256
c809cc0ba8ca6115528e4c3464a8f58b98201a8a7a6b802c24b8061894f2a870

SHA512
0ea76aeb57740abce0554999acceddc51781fb97c8009c177e06a9e89baba94389467591b3eb9738f782eb7eb49d6a2f7811c0a5870ed13a3edffb015020b2f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
16c4ec4bb1a8e815467f864cc9ecaab6

SHA1
156f971c7d1963d5c9c96ec8f3b3905b12175ffb

SHA256
460ffeab4e1054673d5e4554b690866af9d532574eaa191d3959d80c4e22eb3e

SHA512
35c0f9c51884e67e9edad83284103e8d1b0d7fbb5c2389c7f233b34c650d85979affe1ed7efd3cc135be4a6930e5f73d326c7ee3bafa9c09c7a05bd14ff4a8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f7ba04d67c27c5a30b5cec82a91756df

SHA1
5116a47aea93ec8c930889cdf12b574172326715

SHA256
97d737899c0ac718db36a3146762a3cd0d606b668ec76963652cf9aea5aa2c21

SHA512
c90f0b6b817a7ffdbcc6d3b23e1a42fbc25c2ee1b67a1d24267849f5784852749b42492cb6fa77f7dc0f5f3e5421084a356589345ca060eb007f5c16afd543b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f7ba04d67c27c5a30b5cec82a91756df

SHA1
5116a47aea93ec8c930889cdf12b574172326715

SHA256
97d737899c0ac718db36a3146762a3cd0d606b668ec76963652cf9aea5aa2c21

SHA512
c90f0b6b817a7ffdbcc6d3b23e1a42fbc25c2ee1b67a1d24267849f5784852749b42492cb6fa77f7dc0f5f3e5421084a356589345ca060eb007f5c16afd543b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a2b5cafef348a4b46343344de07fbb2f

SHA1
dc3a6e7ecd43323633a95dd66d3d7293471ac971

SHA256
91e78a51085b64160872303e60bcb5bd80b9936f4c9e7301f3695b75f92a45c6

SHA512
84bd978d36d141b1e0851f0ac0344af2ee9c02506d5feeec698790b53a6817103f9d33f022677d3c09e71b50a76c1fa35e4393fb84abe3c7083fbea260a18b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
3d83c1733c60cff66a566c4727aaf9ce

SHA1
0a25ed62d695acd23f796f1c8bd336420987bf31

SHA256
f1f4bf672adc2ec74f030151aafa8cde71f245b7bfa8612de40cf5a3c2db9927

SHA512
1f73011256f03267941a30198daad4ade98b527b49fd3c064b64d46f9614b4c20ea4c91500f1dd0e9acb132f09818810d3538fd4d5832e6b1b74e891c740d4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0c5eb35f2b54e6b135e8b3a2bde4ae8b

SHA1
ca028792b93e32cad3d2cf027e17b206fa6bc945

SHA256
3fdf6decf6c1cfdefeb930b85c7b9bcf0697514774fc43cabee21dad3dfcdf5d

SHA512
23c5c1d576c22f9cc16ddc85af635bbaba9f8854d5c5ea78b855b9a9864f35fe564e195ccee0364706bf224ffd242c7609c9d11b40df7c9204248d5da2dfdfee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ea42ed55-f56a-4252-b0ba-3efff4acadc2.tmp

Filesize
101KB

MD5
6ba10d85eb6bbde53107bd074b766ac8

SHA1
2bcc07b4c8275a922d80ba6de9be61758fd177af

SHA256
c620e2702add14feae6d225fd3409806598d9b947c3134f46c3ec1d637144985

SHA512
7e90bbbeef8c8297a114a106815da5121f8f4ab9bd2bd6dba6f55d00f72b2e780908e3f9d03d46347d7cf23920245b7157a3fa6f3427ef2557d7edc723f43564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
669bcebadde35799b2e53c13e5584d70

SHA1
327b5248169d17325acdd00f265c68c905baabca

SHA256
d5dfb3acbfe6589c3ebee805a7b66c33366dbcf9e399af5b2fe066f5988899a0

SHA512
8473922e378aaa306ec1923f9dcdfac66074f50540c34f6fa8195eeca9dd753b0e9d58092f31b55b3f13b52270bd923e90502c49e81ebe69e0f486da10cd149f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\1839EDA061CCCED6D530746A2D71E4FBAF1861C0

Filesize
106KB

MD5
00a6be46a04209c100dfccdc39c4bee2

SHA1
26b7345d78ab64c2b658a8b6e5a2cf23304581c2

SHA256
90e1b76fed71616257a674bdd482866b688a00f9a7ac2f282fa5124a7534dad5

SHA512
0293ecb782cda032effcaaa2d06aa90139dacd9207ce867c709e3a2032492537dfc0420b1d9dc1f7bf53382b57acb09a3a55981444f5c4157a0fb24e84cd0a7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\61A0FC01C88726944CFB56EBB18D13663092C73C

Filesize
59KB

MD5
1b2a90e68aa3baab67f5c6dde22fa6a1

SHA1
d8b579127cb532f870c96068fc4f256e37250c16

SHA256
0727c4c8b52693d41963df299290bfd77619de8e422ae2ddde23f90158e1139e

SHA512
5147cdbf5e82381765d331e1a5701fa05023ab581608cdaa27ccc78c33ce2c12f2a976588d2568fa2671f4e902e5afc1ac65ffc5e8a40a0f9d3fc9f3bd45eb5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\61CF2E064F14E050FE386D5FF9BA59804EB03CEB

Filesize
19KB

MD5
4409471d6e999db35787520c50e3cc90

SHA1
e0ffcc14c798b61743d4fce98d80662c3c80fc7f

SHA256
fec18ed2a6e16aad95c6410b4c670deebf80ddb86bc5a061ebc3387563358284

SHA512
62c53ae59a245e89412798ea9a50afdf31853a5eb1b61ef222aa7c7eb9f9d10f5bfba5950c431d82e9a911b5493cb65759182829b55bfad6f103c5edef0884b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\6CAFE36D6564E0DE57ED46FA8F58CB044921B7A1

Filesize
88KB

MD5
0b7b00b5c16261c77f7a4b02bf0f9ffd

SHA1
cbe138c14ff059080ff35097e7f0f718168f6eff

SHA256
4a9d7882d77fe1ac24a923ff34272d996bab41ec82d9995bd3d14ec1f4f6f981

SHA512
1bac2f6885663b59202b0758b5d4c9699cf125154d52c97ebf1c471e9984ae7523dbb8503a63a69a094182b7c7297469e749a7027f53cfa0d929174e47d6208a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\B07355C3FFC154BE6068FBEF19AD179736276D29

Filesize
61KB

MD5
8d10013558aa317ab3182627d41c4896

SHA1
ba3fea3d9e43d6d2bf77281309207bd5a26d4cac

SHA256
7abd41140ced01253001040585a3681cecae4e16847a1f26a156b637859517dc

SHA512
9aa5ed5c814637200bb2eb22160d1441b1f7fc3b9769a6fdbbaf2ea815116bf770fe01bcc81f481a75734f4ec7c8a4b7d012d8813a2db9db079400304ed1c2c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\F5828B22DF377C24D7918E1DEC7E8EAAEF303DA9

Filesize
141KB

MD5
2a3487502c2a7c586db4964774bb28b7

SHA1
a3288781f22de785bc252572d226cd6de60e23ef

SHA256
15ec15288ff335a761332ac9ef6bb0951775248a8f4615b177207df15288cc11

SHA512
5dfb323dc96b573154b143a0692f3a739221173df8b97cb10f54f8c696d5732c51a9194033a3edbf182326f15f4da9c0b9bfc2de2f3fb3dc59c419d65df08523

Download Submit
C:\Users\Admin\AppData\Local\OperaGX.exe

Filesize
3.4MB

MD5
d53a9f95633c0cfaea1b7ba21fa86861

SHA1
ec69bca010273243131779131ec6df2b9dbb3727

SHA256
0a0499c2b0f5056454d05e1878a7d503e0fcd7c66e7037605474c2c0b1396ac2

SHA512
08d18ec1ca4de4da376e7f4a1aa6572be7990c0f26a019f6be0faf90dbf1289134a69ad2ab82f776245177f75aa4ca407a417e6765401c595461ae86c0d2d83d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202310091232251\opera_package

Filesize
122.8MB

MD5
e5559d0808008452d40334c80f201191

SHA1
244700b180807ac95ffddb62bc31a7e90109bfa1

SHA256
94d20bf9432406552d050b35447acd59f776b46cda3929ee4cc1f9472bb07772

SHA512
a963a168afcd4542e7be5b5c608341aa42a4be3817fe4f4a9aa004583d1ce28be42cee3660deafad232a29d32ae051a34941e5cf9b4f054775163516c152ecc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_231009123225023888.dll

Filesize
5.2MB

MD5
3c0cf26aeabc56e791f84ba44a3d0164

SHA1
f8e134a034a0b3d92d3fb2ca3909b60a762153e3

SHA256
2975dee6b169901e413fbc2597d6563231adc1e45dd9b24c452ca6f43eea04f9

SHA512
eb649c56cc7cf35b48d4f41b698b2d7b224edcfb0a8f07980ce9c7d6033d4ab58d9de1725c9e32784e3607d1d827fc395ec6adb67e6039deac9f45d03f71621e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

Filesize
26KB

MD5
cef027c3341afbcdb83c72080df7f002

SHA1
e538f1dd4aee8544d888a616a6ebe4aeecaf1661

SHA256
e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

SHA512
71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\setup85472098.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Local\setup85472098.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Local\setup85472098.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\0be819d0-681a-41ed-a992-541f5cf6b6fd.dmp

Filesize
168KB

MD5
d2da1c86ab2be60b0da3a8b5d0f3cbd2

SHA1
2bd6a01c2818d88617985bf1446a86bc037ec3a1

SHA256
583a67549b22ee96d141e52e4748c8f275d101af4bbf85df2e97fb5cd57193e5

SHA512
ecfd74cfb192254ea73cf2bf98b4a932c19ba7da712cf26cd9a70c5035ee6081a801408b1bd4fd19fa3d783b75c33985dac9d59ab172578d01e29f9a76329e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\0be819d0-681a-41ed-a992-541f5cf6b6fd.extra

Filesize
14KB

MD5
944508cf4197e45854c71fd140bca17f

SHA1
bfb87fbefc5eefd38627738a18178d5bb6d3de03

SHA256
5cfa074d458a07e9a1376397f70109966a1d00dadecebe4d97b00d07cbb3cc6f

SHA512
073259a12b11af560c37540843790e6e6d6c8ada6490836c0bdf8a8ad245ae0b655cd5d5b76096cb4a1679a14d1e40e6679b1f5c1871d2253ae951e0b5be9575

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\crashes\store.json.mozlz4.tmp

Filesize
6KB

MD5
2939e5812135d9d16f2e3bbd78e1d401

SHA1
a8fd9c6d41a0e124f8c5b2601dfc69fdf32ddd82

SHA256
dc59e763fb3bd0ddfcb4e1c8106dc32af228a8c7b941621cfd06096ba5ed4117

SHA512
cf1184b5cb202ba5ca399ee7b4ce136587df43934ee316d285137f323c6d60a98b8ad5a71f00d3c630da647b6937b52a0f27766c31f88a728ed65d4470b2fb81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
7KB

MD5
ece2b4f895119f891694131b640539a8

SHA1
e21f626db26b18ce59d58453c3b62ed52fb125c9

SHA256
835b3a7ba3b64816d088a849976e0478ad29700a79c6026ee608744dc5db199c

SHA512
31980d68668055e24fc00bb8502ad63fb22e7ce85c8f0996bbba25537798a0b353c8dbeeee69e9fa2c4fdfbbcaeb8d426a3898f317e796c65d7e9bb3cd71eae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
f65f8abbd7de408e03e8c66f923bcb4f

SHA1
844fcc36daff935967c7e0c084a3cbf618cc1d5b

SHA256
ff34e31a0cbab6ad406ab67e4e555d33ebf3b0cb62c9158366f3f8fd92494269

SHA512
be7621fd5b9c16430b024e1292d7568203826c945c6bdb8944f89088a2630156dc08dc708bbb18dc0e5b52e125259deed8f9bf38ebf425d140e47d178db219ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
7KB

MD5
041f7b4d7a2cf02384e2d3709f45a02f

SHA1
59aadc4613127a1109368f94a85b7162867d8d36

SHA256
9092069c28ed8da8f75e8d916764a4e226c6f1e8bdfd3f85bb918e79aa3c7a7d

SHA512
1cf58662154cdee5ce62993e812a088eb9f6005190007bdead188e762a7f33a2e1cb4da30046f32c01498e0eaa804fc6e46eee2860ee95fe8f2fbbfd04b015ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs.js

Filesize
7KB

MD5
dc27f036ca0f73890a37531efe121066

SHA1
280112a765c4f73dea5cbad39cc9fcb78f56be0d

SHA256
dbf5eaa8c682aaaac64578177c1c42d41ddeac83f6fc824e9c6807c1fd6e007a

SHA512
c6e480bd889d7db2c7b30c9427d152842f1d611bdf67d71f9871f0eb55a013eacb0ac898b6740a1736dce3825406b7e2bceb3f37a751672a47b9677d8f0207b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs.js

Filesize
7KB

MD5
5658e9be94493746b682da18550dd4c1

SHA1
ee41ad652d26bbae2458282175db2e9874e89844

SHA256
cc417909afe8dabd3b30856686137c91fc17ce31b33ca32e12236d9e43b145d6

SHA512
b300a42dcb8ad47e727702f68da2456ba09d92a835fd2e5576758eaf9614b5d1f2a7ac28f9ce1e08862df8fb3c778ac7e79d72a24c6ba78cc0a1960d169cd1c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
391de0434f02b9e7c56baa24d488b4e3

SHA1
8efabfe8fde51f9f05faad5ce4fb1a655ec97860

SHA256
f648ae0f4c7b78a1afa4b14e2e43da4b688dd8b6e2e8843c1e622bddd6841658

SHA512
4db05883580adef274d935d3a1ffd752706bf549158abb3d071f87dae20a7a0f8664b79ad8ca3546a10e82f0f374be1d05b44742a85deb0f0493863113426290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
75eb84884c0183dc8301f4b6d5f537c7

SHA1
65aaf859e3fce2f03cf3c08df65fd5d8893187f5

SHA256
ef2e9110e45bd9fb207053ffcfdd0f39c9e6c090e2ff19628cf041e5be73cecc

SHA512
2dbf2651fa45ca5e8107079689f835a50d603b3c2439848bd08569eb0e578e496d5231d314349473a78bbbd9a5441f407c53934bb4dbe31fe1ecf354e820f922

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1224a2417afc71c5e8772b80b7ac623f

SHA1
8a17ce4d38da80a4a23bd8eee984583173a5b7b0

SHA256
1a719ea17d8dfde9add297f14957ab35c68058472cdedbb9a1fab531cce0ff07

SHA512
d744c6cb4f0d0862eb558afc8e9cc0558a0346c3780bba0b2b1c0f7614122d0e84eea215b0f1744c289361b67339eeb74d2383ca7e83a598b719dc3f3811bfa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
119KB

MD5
32304a2d41fa6b37db74a48e639b51a4

SHA1
faff2f521423d1f442aef0ed81e19f6491a2bb2c

SHA256
56ecaecd8b7e3eeab14dfad86c9a915217e367fb72b67319ed65dd2c78787f93

SHA512
62f79e5b68d4a25862c68da8787fbe6736fbb8a015135c0e13cb248b3335a3450b78ac1de0bc9b0f42c92cd7b7cfb42c8da72e1a2cb4b39acb4bf4323aa8d3f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
119KB

MD5
af582419e25b99f3cc8bba7417a0ee41

SHA1
6d88ba7b6d28de4c6960d3e234a6507488f88129

SHA256
b5b59ad15c687270d599296403fd804be4778c3a0155c7e8dea3afcdb825f81e

SHA512
a812e7a7d7c70f8f21187bfc3104487c7aaaca709ce6193438e4591719acf1140c4a9fa59ef1d082af0e58aaaff2913c1d9dac6c8f6aee54389c0246f4ddf0b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
118KB

MD5
d10d2e61bcb61850bffed1c88670e630

SHA1
37dec3a2de4e758c53df487f68cd66b64f72ab9f

SHA256
16989a25098abd1c0da2f25d93754d60cdc3237a9bb525537422c718f751a45e

SHA512
1238b2b1cae6fa0418a2dfa01a09f145744baec2d0697a5f018ebcb0a39c37b2807f3e288cec8fdfaae1752b2bdf02e15003dbda9a5af9c9646bbcb4ef5a50da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
118KB

MD5
80cdb618e678c74e87e437db22d4d1d4

SHA1
858b57a88998af436f3ab1a448de7ee79e77d897

SHA256
6fd683fd5ff5b22466eb2f084bc6fcd0248b0a0a9395fdc5aead5e4a0a8703ce

SHA512
b263d0d624ffe89938f6e06095b47502f362b5359867aa162f51a6ca53102c7b81eb8a37ad72815f23f581554d34a39993dffda28cf4355deacb81c8568dbd75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
119KB

MD5
39f3ecfd80c79754d75bbdf1ffa7927e

SHA1
db910d38d45f46df71e10b1df1449526213dc07d

SHA256
177e1d50adc3a366bbbf737bbf0c706ea4d69ddfc8854874cde984eb830acffb

SHA512
567e375136faaf624cf6126704c533474c56914fe3c7f0a3ed25b3b6efb309ed01b004afee0133d6954155f000617401a7a67d71ffb9a792f0a924da76316aed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
118KB

MD5
2a0dd32a2b1d3be2d4bdb7f21d7914a5

SHA1
08276554674c5a6492d7079463877fa798381745

SHA256
44217b2811fd78d8bcfcac7b390ae2d0e1e91956e561365df97342b992f476cb

SHA512
6643d5070439f0c719b095c8d336cd618ae8c97dae428f1dab40e41e73bd029a35b98439c168d82ab7b698ffd526c4936c2d51637e9d5740fda1c08d58f8470b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
119KB

MD5
79729204eafb4c7c6389edc4ae9e79ec

SHA1
2c27fbbe3a640ab21359cc74ee6a2cdb46a17e27

SHA256
a723ba6aa09a5e3bd30d9d0fe81246acba91a7e25ba23735c6c46445c007b62a

SHA512
7ef20712d86396eb98d7df572acef2adf35f5acbc904b17446a44906419b397421fff4630bae9058207efffdf725237fc8b81c0dbd3f19a750cc0fd900d9d451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\default\https+++www.youtube.com\cache\morgue\130\{2de51756-d6c4-4b4c-9aa1-7fd09fd54782}.final

Filesize
4KB

MD5
89115bebc3f1ca5bcd3aa94ba78e48cf

SHA1
20a5cd2b5f44feb7efbd10ea61169e9e080be2c5

SHA256
095f2bb6529389cfe9e429222b8ef57798c6245d281d5ad935674690246adf95

SHA512
06867317bc904ff5f543e35a0e47beddd019b7bd226af99422251efcc767489a37cb5855b291e95eb137cdf190f60e3b509e39903c5bec9103edebcecb0dedcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\default\https+++www.youtube.com\cache\morgue\84\{9f98c366-b8c2-4fe1-8e4d-2a2ee662b354}.final

Filesize
75KB

MD5
07ed9b708f465f2a7ce0c29c6ef22c6f

SHA1
8ab5db4e321f1351f5b84865d3556df9f4775d66

SHA256
8e89da87a598f12ded663426d64b4f268f3e4f8b3a7b6746b074a2251402de88

SHA512
818632981066a9cdec4f1428d5a190b1c2fc2de848cc21e4d5a5e93ce3d0bbb4ab6fb7cd2a1c0a7baeb08363dafe1dae748cf29ba4db75dab8dbc2ee98d4d79e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
1f4416c5a568b171e229eb5e2f8ee33a

SHA1
7b0bb4c9fee90cd648af493681acae387417aaa8

SHA256
d08ba4c7a0dc19bf2adf39e506dc16d817ee82aa15c822c47a80b49274befd46

SHA512
ce4468b99993e79ecfd4c0285c27e15002342231cb43738cde9d55f4920dd05d578fe1c2c66e4d88cd3762908fcc5e13403c80fe4c294d3b2a2c9fbc6c168487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite

Filesize
48KB

MD5
3b12efcfc821117c844f8c0d60495ca9

SHA1
57ddd27a97b464bda42c9e5a8fe620b86fbfda2b

SHA256
3953e0e005ff19a2354912961000dfa8f10671dad66020c9bdf3453e758c01fc

SHA512
7b2333bcc8364288e16d222b3491db514b17bc4e2a2a8377317174cd1437fe7de86aa41257c5a527be1efa9f6fcc42e8e237c30d53324c61308d6abb0b9eb896

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite-wal

Filesize
8KB

MD5
e8ac191f04aeba750c59527c64dbecdd

SHA1
aeb62abf14514070c0631faa8deb45c4d37bc7fe

SHA256
feed4f68cc74af636e2de9c357a40975e46c9ea4ef25b950788c2c685e9e75a3

SHA512
02d5057b75815c10f319c901ad440ab7067f4063d3ce31e74faef207f123cebf5cbe53ed6c0519df296c3eeca00f8012b352fb121dcc79adf288cfce27dd3a55

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
a072549bd7758507ce29c4813ef24162

SHA1
2f5ab30ef647f3934a410f7d82c174a6fb7774db

SHA256
a50d11c86136f60a9bb1100f201937c57ba121e3ad03220c0dde59440f6f961d

SHA512
a7f6bee512334de4dc0e1a41bb87fbf5f1d42c6904a0e976ee3367cec59438d5ad479faea42315d56a6a9c76792e2441147aea6f2c68532adcd4ea523135056c

Download Submit
C:\Users\Admin\Downloads\79a52537-9362-486a-81f9-a7e97756953b.tmp

Filesize
10KB

MD5
efc8d85207f6ba2808e745b66551905d

SHA1
86d8f1fd507e96483aa534de0f0dba5b99018777

SHA256
1159e912416f3272b4043b0b7a88153a050230e79cd730d79868146f6fd4bb31

SHA512
3683a258f6bacba2c282daa67fc5f803f4244553c7f8a613cb4ce3596c8ecd6364db1ef30dc237bc0b8fbbd457326bbdfe326d88fbaef2f804a0f63f5a284ed2

Download Submit
C:\Users\Admin\Downloads\Vega X.ksYzFveW.zip.part

Filesize
8.5MB

MD5
1837c536d409b914e8ae8870b73dbdc3

SHA1
9d4739630c5b0f1486a0bb5a70008a507909a509

SHA256
8e97c78fd206eec6616b5ea4d8d78f0218f7a75a8dab1dd0f9f4304357f44bf4

SHA512
aa4a7b9c9e32a671f00ae281ed6adaa5a40eeea5b95d9b71b1e560e7ce6d0b4cbd8bad62733389d02cca4eb83c51398379172e58f6dd11c72d890ee6a8a68b98

Download Submit
C:\Users\Admin\Downloads\Vega X_85472098.exe

Filesize
9.4MB

MD5
add9d682db94cbb7917e49fe0a654115

SHA1
0efb3270effcf3d776935e6f76ac040eaf529bc0

SHA256
0db6c42dce6e6d5df074ff2ea90a99036cb06ee886270370b39f6e6283ce2b9b

SHA512
a55769f6bdb8985a1d8a44658b28cb1a960beb527fa39b1c5d365fc8bf204da99f2ab08f598f4d469e15e3cbeba3eefd4fa12afaef9fc987c0c1b19d98c816a7

Download Submit
C:\Users\Admin\Downloads\Vega X_85472098.exe

Filesize
9.4MB

MD5
add9d682db94cbb7917e49fe0a654115

SHA1
0efb3270effcf3d776935e6f76ac040eaf529bc0

SHA256
0db6c42dce6e6d5df074ff2ea90a99036cb06ee886270370b39f6e6283ce2b9b

SHA512
a55769f6bdb8985a1d8a44658b28cb1a960beb527fa39b1c5d365fc8bf204da99f2ab08f598f4d469e15e3cbeba3eefd4fa12afaef9fc987c0c1b19d98c816a7

Download Submit
memory/220-541-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-539-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-538-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-537-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-543-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-532-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-540-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-542-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-533-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/220-531-0x0000024530890000-0x0000024530891000-memory.dmp

Filesize
4KB

Download
memory/888-1404-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/2440-2114-0x000000000A280000-0x000000000A28E000-memory.dmp

Filesize
56KB

Download
memory/2440-2113-0x000000000A2C0000-0x000000000A2F8000-memory.dmp

Filesize
224KB

Download
memory/2440-2127-0x0000000069020000-0x00000000699A8000-memory.dmp

Filesize
9.5MB

Download
memory/2440-2128-0x0000000069020000-0x00000000699A8000-memory.dmp

Filesize
9.5MB

Download
memory/2440-2126-0x0000000006070000-0x0000000006071000-memory.dmp

Filesize
4KB

Download
memory/2440-2123-0x0000000006010000-0x000000000602E000-memory.dmp

Filesize
120KB

Download
memory/2440-2122-0x000000000E0A0000-0x000000000E226000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2120-0x0000000006150000-0x0000000006160000-memory.dmp

Filesize
64KB

Download
memory/2440-2121-0x00000000060A0000-0x0000000006152000-memory.dmp

Filesize
712KB

Download
memory/2440-2119-0x0000000005E20000-0x0000000005E96000-memory.dmp

Filesize
472KB

Download
memory/2440-2115-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2104-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/2440-2133-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2106-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2112-0x000000000A270000-0x000000000A278000-memory.dmp

Filesize
32KB

Download
memory/2440-2111-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2105-0x00000000008D0000-0x0000000001010000-memory.dmp

Filesize
7.2MB

Download
memory/2440-2138-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2136-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2110-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2134-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2109-0x0000000009A30000-0x0000000009ACE000-memory.dmp

Filesize
632KB

Download
memory/2440-2108-0x0000000008EE0000-0x0000000008F9A000-memory.dmp

Filesize
744KB

Download
memory/2440-2107-0x0000000007E70000-0x000000000879C000-memory.dmp

Filesize
9.2MB

Download
memory/2440-2135-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2440-2129-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/2628-1407-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/3648-1381-0x00000000003C0000-0x0000000000979000-memory.dmp

Filesize
5.7MB

Download
memory/3648-1376-0x00000000003C0000-0x0000000000979000-memory.dmp

Filesize
5.7MB

Download
memory/3800-1385-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/3800-1408-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/4564-1352-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/4564-1343-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/4564-1342-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/4564-1341-0x0000000000760000-0x000000000076C000-memory.dmp

Filesize
48KB

Download
memory/4800-1403-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/4800-1364-0x0000000000DF0000-0x00000000013A9000-memory.dmp

Filesize
5.7MB

Download
memory/5444-1316-0x00000000055E0000-0x00000000055F0000-memory.dmp

Filesize
64KB

Download
memory/5444-1247-0x0000000007220000-0x00000000077C4000-memory.dmp

Filesize
5.6MB

Download
memory/5444-1244-0x0000000006C40000-0x0000000006C4C000-memory.dmp

Filesize
48KB

Download
memory/5444-1075-0x00000000055B0000-0x00000000055D4000-memory.dmp

Filesize
144KB

Download
memory/5444-1123-0x0000000005760000-0x0000000005784000-memory.dmp

Filesize
144KB

Download
memory/5444-1147-0x0000000005800000-0x000000000582C000-memory.dmp

Filesize
176KB

Download
memory/5444-1178-0x0000000005E70000-0x0000000005E82000-memory.dmp

Filesize
72KB

Download
memory/5444-1197-0x0000000006550000-0x00000000065DC000-memory.dmp

Filesize
560KB

Download
memory/5444-1202-0x00000000064D0000-0x00000000064DA000-memory.dmp

Filesize
40KB

Download
memory/5444-1045-0x00000000055E0000-0x00000000055F0000-memory.dmp

Filesize
64KB

Download
memory/5444-1203-0x0000000006750000-0x0000000006772000-memory.dmp

Filesize
136KB

Download
memory/5444-1346-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/5444-1222-0x0000000006780000-0x0000000006AD4000-memory.dmp

Filesize
3.3MB

Download
memory/5444-1091-0x0000000005620000-0x000000000564E000-memory.dmp

Filesize
184KB

Download
memory/5444-1041-0x00000000007E0000-0x0000000000BB8000-memory.dmp

Filesize
3.8MB

Download
memory/5444-1315-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/5444-1042-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/5444-1161-0x0000000005790000-0x00000000057AD000-memory.dmp

Filesize
116KB

Download
memory/5444-1253-0x0000000007D90000-0x0000000008344000-memory.dmp

Filesize
5.7MB

Download
memory/5444-1083-0x00000000055F0000-0x0000000005618000-memory.dmp

Filesize
160KB

Download
memory/5444-1067-0x0000000005560000-0x0000000005574000-memory.dmp

Filesize
80KB

Download
memory/5444-1107-0x00000000056F0000-0x0000000005722000-memory.dmp

Filesize
200KB

Download
memory/5444-1115-0x00000000056B0000-0x00000000056CA000-memory.dmp

Filesize
104KB

Download
memory/5444-1270-0x0000000006EA0000-0x0000000006F32000-memory.dmp

Filesize
584KB

Download
memory/5444-1131-0x00000000056E0000-0x00000000056EA000-memory.dmp

Filesize
40KB

Download
memory/5444-1099-0x0000000005680000-0x00000000056A8000-memory.dmp

Filesize
160KB

Download
memory/5444-1282-0x0000000005B90000-0x0000000005BBE000-memory.dmp

Filesize
184KB

Download
memory/5444-1139-0x00000000057B0000-0x00000000057B8000-memory.dmp

Filesize
32KB

Download
memory/5672-1302-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

Filesize
64KB

Download
memory/5672-1296-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download
memory/5672-1305-0x0000000071B50000-0x0000000072300000-memory.dmp

Filesize
7.7MB

Download