hxxp://microsoftcrmportals[.]com hxxps://uct[.]microsoftcrmportals[.]com

Resubmissions

06-04-2024 10:42

240406-mrs5yagd7v 6

06-04-2024 10:32

240406-mkyrvagh42 8

Analysis

max time kernel
510s
max time network
508s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-04-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://microsoftcrmportals.com https://uct.microsoftcrmportals.com

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
1284	OperaGXSetup.exe
4476	OperaGXSetup.exe
4380	OperaGXSetup.exe
5992	OperaGXSetup.exe
5504	OperaGXSetup.exe
6140	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5596	assistant_installer.exe
4664	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
1284	OperaGXSetup.exe
4476	OperaGXSetup.exe
4380	OperaGXSetup.exe
5992	OperaGXSetup.exe
5504	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001ae97-2020.dat	upx
behavioral1/memory/1284-2034-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/4476-2038-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/4380-2046-0x0000000000B90000-0x0000000001150000-memory.dmp	upx
behavioral1/memory/4380-2049-0x0000000000B90000-0x0000000001150000-memory.dmp	upx
behavioral1/memory/5992-2088-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/1284-2095-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/4476-2096-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/5992-2117-0x0000000000110000-0x00000000006D0000-memory.dmp	upx
behavioral1/memory/5504-2119-0x0000000000110000-0x00000000006D0000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568731348845218"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4920	chrome.exe
4920	chrome.exe
1032	chrome.exe
1032	chrome.exe
5208	chrome.exe
5208	chrome.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1284	OperaGXSetup.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe
5644	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 1164	4144	chrome.exe	73
PID 4144 wrote to memory of 1164	4144	chrome.exe	73
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 4116	4144	chrome.exe	75
PID 4144 wrote to memory of 3688	4144	chrome.exe	76
PID 4144 wrote to memory of 3688	4144	chrome.exe	76
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77
PID 4144 wrote to memory of 4988	4144	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://microsoftcrmportals.com https://uct.microsoftcrmportals.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb6319758,0x7ffcb6319768,0x7ffcb6319778
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2648 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3776 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3872 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4516 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5432 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5496 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6024 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5936 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3684 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5764 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2748 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2712 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5364 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5692 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6224 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6288 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6424 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5816 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6336 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5732 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6492 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7060 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6988 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4936 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6980 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6880 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4480 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3256 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=1624 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6884 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6900 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7492 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7632 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7624 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7932 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8040 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8124 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7836 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7908 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7656 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=3504 --field-trial-handle=1828,i,6457348781734627872,2818010162629963457,131072 /prefetch:1
  2⤵
  PID:5844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\AddImport.shtml
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xc0,0xd8,0x7ffcb6319758,0x7ffcb6319768,0x7ffcb6319778
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3396 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3588
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff64c587688,0x7ff64c587698,0x7ff64c5876a8
    3⤵
    PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4008 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5332 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2972 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5412 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3132 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3244 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4988 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3084 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5520 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1740 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:8
  2⤵
  PID:5244
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:1284
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.86 --initial-client-data=0x2a0,0x2c4,0x2c8,0x298,0x2cc,0x7455626c,0x74556278,0x74556284
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4380
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1284 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240406103723" --session-guid=dea75f8e-0484-404f-9db5-d2a9779e1a9a --server-tracking-blob=OGRlYjUzZGFkZmZjODM0NDE4ZjRkNWNjM2U1NGNmYWEyYTIyMTA0YTEzNmY3MTdjZGRiYTFhNGQ3YzJmNzlkNTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMSZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9NVlJfMzczNiZlZGl0aW9uPXN0ZC0xJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1lN2U3ZTlmZmZiOTQ0MGJkYmI4YzE2MDdmMzNkZTIxYiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX01WUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRGU3ZTdlOWZmZmI5NDQwYmRiYjhjMTYwN2YzM2RlMjFiJTI2ZWRpdGlvbiUzRHN0ZC0xJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD1lN2U3ZTlmZmZiOTQ0MGJkYmI4YzE2MDdmMzNkZTIxYiZkbF90b2tlbj05OTI1MDgwMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxMjM5OTgzOC44NDM2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNi4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX01WUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiJlN2U3ZTlmZmZiOTQ0MGJkYmI4YzE2MDdmMzNkZTIxYiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJmMTU4NmViOC1lMzI3LTQxMWYtYTg4ZS1lOTYxMTM4Y2QxMTQifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=8408000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:5992
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.86 --initial-client-data=0x2cc,0x2d0,0x2d4,0x29c,0x2d8,0x7227626c,0x72276278,0x72276284
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:6140
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x534f48,0x534f58,0x534f64
      4⤵
      Executes dropped EXE
      PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5824 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5212 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3164 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5996 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6016 --field-trial-handle=1764,i,7595137912983720822,9734383925482566018,131072 /prefetch:1
  2⤵
  PID:1556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5148

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5644
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5196
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=45BB20E837C9F6B1FFDDDF016AF6AB88 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=164EB5BB6A93F1D01D55D6F58C77B5AB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=164EB5BB6A93F1D01D55D6F58C77B5AB --renderer-client-id=2 --mojo-platform-channel-handle=1604 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=764494EE9C64DF51250CF457F0CE54C0 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3A8023CFF4658FC97D0FEB31D75A2847 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6120
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05F5B60F4602B5F5BCD5620AC97EF528 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C65AF6441D4B221576BD5A526790E01E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C65AF6441D4B221576BD5A526790E01E --renderer-client-id=8 --mojo-platform-channel-handle=2272 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5724
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=125EB657D4B7558B877726EDADE7875D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=125EB657D4B7558B877726EDADE7875D --renderer-client-id=10 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\46030e61-a267-4a34-95e0-e3205dca948b.tmp

Filesize
136KB

MD5
2280d5712d742c3bedbaba2a2b2d4a71

SHA1
115afea501a7c0ba50a1fdbb94b55fb4462557ff

SHA256
bf03356d66a8f573f9d38724d291c3e50683a3a00c24e5f49aef7e7b5b20c4de

SHA512
e83fc707854787494c760f03102398162cfab5ac5670f52352bad8c378946de6ad8962e6b34495d5497abeb760e50186948797675a83fe17cdeff16394d098e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
12a9b59c31f705220f44a362dd78ae95

SHA1
d1c267364c06c75d60ef922ba2607613caa77349

SHA256
be5241562b6019f96c909705fbdea12a283c5b45f626000c58963f85590bd58a

SHA512
0034585e051782cd18ec1f4f78e655c0785a44ebcc984b8000b3db54ad83d5c56f837c2dccd13637fc00942dacec19f557684211b7f934e88a3e9f4d4f7d8dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
39KB

MD5
e3b7c1f55a368984a5ba8cba843ed6b7

SHA1
3362755d9f77b6eb0801ea9b3301a24ee63fb22d

SHA256
7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5

SHA512
64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
67KB

MD5
520b71d5c5119b5f443a628ed0ef4a20

SHA1
d7a497675efb2a2322d8c74d81b368ecf9b803ae

SHA256
819b9183939febe99986e661207ea0d7c4f39bf0b33c6834ec374ac638ea2f76

SHA512
10e5b5ece9b4c306ddb578b76a827a011a51dc830bd03b8f0b80f9b86ba0ea396669b77dd52552f4eee5de7b7668ec85b2424cde11f1d040e9c940278db5ceae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
323KB

MD5
bea47c40eb3d37c59bca4cb4f60a989a

SHA1
c1adace3a4652536a8d4bb0e02ed048529758059

SHA256
621351cfc6ea866a40b20e7d42494278349bfa4912c37eebcd7d4b39f37081ef

SHA512
59c3a4a5d9d0087a1bdb3cdf3edbe9004ff6e08bec024a448cf066904d70e3cf87dc7e75f08db8a9949e9d97b0a2213b99e57df4f62b237e0bc47da64694d265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
135KB

MD5
1637975f8866f8f721e3af1a88b220d0

SHA1
6631c58ba7db1326cc1edc283e4465bb5ae33738

SHA256
dbf1e619fd7ca83621f4c6019f682295eb2dcbf9094cd0c103bce324ddc4dee6

SHA512
5bfe849165d2fba67b91f0602439d6da4a7f631356b71e1c6fefd4376a18396001fc722aae49d70b6844319233273873b85e903c587635417212b9030091a64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
33KB

MD5
cb68569c733a7572136e0c21ae59baa3

SHA1
e6a80afb49bb7d0673259747b3f3829badcaa18c

SHA256
dfc55541b0c31631571ccf8a16b71dd84d6743b01956a93718a46349a95e0f80

SHA512
bda24e319bbed03c1c40580731966b75facaae194ee2c789323c78a55234d8c501c112cbc8431b65527829cc8f49b19cb0932b655becc856645248eab5ec15a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
19KB

MD5
ac1e41e7105986d26bd22c7a3dea83e1

SHA1
c3ccf2bcca458f49a6d49033ec89c34ebcc03679

SHA256
ebb4e4f1a7912cc620a2c1c8151c27cfc7f43870d3a6eb82078147d79a9bede3

SHA512
a6cc080ac0b9e719662b975d4d644563c655fc896bfa85cc94456f2d3117d3eab54423a5f06d6b5e180a9ff792e879860afb7ab5f2e7f682407acccb6c21609f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
19KB

MD5
8c913c16fe5bf240c09c7480025e61e2

SHA1
578c55e11d122f4c27bf4ecaa31130c919e2c64b

SHA256
e00ebd03759eca93392ed5bcfe8863ad5048b4de9146687a4f8bbb87bcc52ecb

SHA512
8f49995b0f566bc6ac567757d04983c81fcae459ada02faf6cfd47385d880cab8d3505c0a91831672590147ac6a10bef4aff10a35fb359f945e785e9fc4b0e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
35KB

MD5
9d92adcbe0daf8a7088b959c6a0a0edb

SHA1
d5cb2c9f5f2ae42bd0132662b2fd3c7da75b63c3

SHA256
9e972592caa48dba61e73fac9b4534b7c6bda1b517ef644ecf2681f2837b4ee5

SHA512
adf67385f290f32db5c54036892dde56456c739d114771c3ca1f7674adc1afc19e6d18d830cb921a36d433011c4a682ddfec2b7c3a0f8f8a8c7d97e48bf26f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
37KB

MD5
ee7af9196ae8546ae64d3dbf66dff1b2

SHA1
90911804c6e20da3b5912289a0de6c3707b9f4e3

SHA256
ad3040a42640614306f0b7a3fbf10c20d432929cb0956aef9a37f410cbcc73c2

SHA512
43a3f174f85ec05cd9595fbd12a3179ab5e5cc1a7a6a0c4b02da86676f4a16905d6d6bcfc8e227e039acb7e018a63ef9414bd43ca8c681d9ecf8230afdc7eb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

Filesize
56KB

MD5
8989598001823eea5cf4467ef85188b9

SHA1
c12cf1385e30c5150658717f0a9cada08854ae37

SHA256
f09c0b9ebbf553ca1413994e1d75191256f8c0fa4662ea59ff60199808194637

SHA512
691934235ad87f6536dd7c065313496af9910d8f350ec926bb5baf854ea3e575644455de79858f146a226424c979746bbbf67c708363841ecdb7bb793b55896c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
270fa5317bd82a604d55e345dbd56aed

SHA1
b034398b8bf7d7b0e4843bd5e9b611de378275a1

SHA256
32543fff7f844afb15ffc5d6d5333f5421ca552231fde3caa20bc3d736a72677

SHA512
d97efb9be96d2eb8d98e84d404c9d14ae9f126f6bc7fac42e2eac795db258161899a5a4145541760d3a17146adbc4ba49d80c7bad42fb066c2f78e0392640b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6605ac709af2a2779e9b2d58717491eb

SHA1
ffdaca02d222e7f1011c0d6ebbd4a831d7d9e5a4

SHA256
6a1f6255b8478fca94bd7c62b1a02816052649d3b5fd5863ad00b633bebe2cc9

SHA512
f9d961919ffae5a8040e83b0a4a9328ed2f36502658ae21dedf903b23485440f5a5548c06faefe90ca902a19009764183b687f507dce0a01eb80605da326b585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e3f5bc2d3e6d682713afd94f61f1367a

SHA1
a2b0fc2493786e6ce7cdf66996543f6fe626140d

SHA256
7e0c0caa33c7078ea1cf6cdf9509bcb8de66120ed08d8c0da81e2e44ed5b6eaa

SHA512
2d3a70c3f5f2ab8c580a67e232ba9772c0a928ede8b8b5b3c770afb1eb252e7da73ba292beaacaaea931865998da3e782ee7536b1e4894dcb4b0b947503416db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4b679d7cac8a1bbad98a4a31590be4ee

SHA1
a87ae607c35d423cc83f9c6ee461abc50e1c1d11

SHA256
72bfd1cadfa7b24b801a82ac8f4ec6d220ba36d4a178e39de7c5060614cf71cc

SHA512
ce3695b356325987a8910766cca7d8382bdb967e52178a6867ad278490476dcdaf846102670a6560d3ad830ab0d271a68f2945a500af42b99a47ef6b27ca184c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc850d011d176159e1bb79791a564b66

SHA1
fa0713ee7723cd106b4de8401dd46cf413d3a06d

SHA256
8cb13c476d28f648a3a3821486917ca573a5562f27106410627a00a2d4d281cb

SHA512
ae0fce831ac1d06fcf534a2a4d28b07b2d787314f047df3e8085a60202635c91650b2b8693b6cbe42c697ea3f0e146d7dbdb6f04b7062b3e6668df62142effb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
75a76a8445ea0ee0adf95e8b916c00af

SHA1
04407ed8dd031227e2d3edd51a28de0d19f80bc9

SHA256
0632453b6450a52ef33cb798e3e46a30b0af7b866111ab1cababda3e58f53324

SHA512
cf4165a4f3dc35d5dbe642f25bd548088d97a259a70ef4353042ba4159e3bfdb32787c940d826e749fea076c4ed25a209f7eec311adf4eaafaa5522356043d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4ada2bf6aa002213a4ee88db2e8bc548

SHA1
48c7187bd1eeacc591e6c0801c9a805db1a0ae4d

SHA256
e1d39acfaea9a3a5b48e51f42c31ef143e6a22f4d708d2c1e31d39c39b892a02

SHA512
e8253ab4f884c3497e66574dc2e3973505b031e1b72942d6438a5ed9e35afd0b49f806b23474f514faad911331c38d482d159826105e6dddf9e30b7d0f15c518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
13ebda2c8c03dfbd4bde550f071f0f25

SHA1
5a83efff4621d6cbe065dc48ca4200703feb09e8

SHA256
0176574bcadc90ad4fb13c415599ae2fc87e11ec6303a6f5385e16da3d7c1f82

SHA512
85469c8f061d667a8ef2ef66bc98d7c8b77217142aabb58cdcf54f652fb7f6f4bc56d84dbdf6958afc1f4cb54efc25a937b3a0cfbb0db1acaca85577a8297481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
997142e9d43e25f987bac1a3d05c9ea1

SHA1
a4e876bdeaf1764680c68692f353678bd979bff0

SHA256
7fef90540b13dd286399136ca508d17a8321ea7b099f8d0dd8e4a5743b0b67cc

SHA512
98caee9ee8723cf9230740262f311dce2117fb88aece8d2882a7cadeba2574b74611722800c4217dd68eb49b733f8c52094841ae2f326ef9cd745cbad590eeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
eb71661c9e97515243724019e68b6071

SHA1
882223d136892aeb0f7c96ea480223cc5f3b4f16

SHA256
a3861d792aa98b05a2f6ac63a939b5b09ec5469186ff470c438923011ae2d5d0

SHA512
a77f2d9ff397ba589e310d7b8055c38b5d16054b73beab0d8847eba7500b19e03d385a2b2a63a99102102502ab35bbfb1460e7f8e45ae1f8e022232262d84a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
da7f80e5a1a8478f5cc2ecbb382b21d2

SHA1
3e5ab4fa04f7783eb9b9284eddab421b4ceca35c

SHA256
bfce682b4a0edfc48a8c193039bf5ec29788f855fc424ef4aa028af31fafbb0c

SHA512
23e0f3002ec19ec24404430e6cc3cd6410e76f20aa76858cd378e0499ed7c1a6b95da1a283ddfdf164031a333cb63aa4449833d474dd363aa512e57e6e79dcd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fbd3fdcfdb355a7a70810df56597ef30

SHA1
176a8db5f4e46caf64484850c2e8d2b10d28f792

SHA256
6634b329681c53c78fd7fa09723dc1244e5eda5405c383327b74cec1017e3143

SHA512
99c13d592d01a16e13bd415d4e8d8cfcc120c5ae9c7b2d074bf5a0014faa297dc676b2b82b8a79b82fe2427a840f6bf765d74958e5aee48e8113719480640165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0a756491e831a9a6a152a4e8f6678f2e

SHA1
595e1784476fccad3ef74c939344ca00f88b8617

SHA256
a8dc50e18df0151d03f3a6baa1a2067599a28313641d866cf793bd508b62b742

SHA512
1b07bba0e474bbac38bc67ad46ba14080fc17e1cea3167ee988777a5653e03d08dd34f789830c6353db853865e6468b337a6d10f72470b93a9cd959f64ed211f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b5a1666191e8885897bb32c6b3b422f

SHA1
92f72c769c800b051e3a830a40a5f2479b2e7344

SHA256
d1a44b65a46abfede9b2fbe0bb9f91ff95c2f4b68cd60e77f8c283767f6e2f29

SHA512
52aeeee4b32a0e2fb901ef5f76c7959292036f25ac4bd42d8b450b90b2001050c11ecee5c1dd574bf6d98eda039a6917d8b061cdbd35b2fa38f0244ec8bb225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
aec73c2aa65f9c18152f842b86c54fb5

SHA1
554a3f533dc69fc032a7e649568477ef9ac2f809

SHA256
ac6f92ff2c1e753200eab627506e689b6cd9c0d44f8b0cdae607f49689493648

SHA512
c59adc32fbf05727466e2e566c66d0e95b496ddeabde65fe506829aed564bcca77f1486b03bdb016a2a9d9fe2ad037fd5c37ab22410f511ff9acf8739e255665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b81ce19a1c4cbbe151a12e7edf6e3092

SHA1
1af1e092d834b5e78a4c7f10193ca2866e7ac830

SHA256
9f81b4eeb5671b5a473f6998381e17261aa1af35f189da04bce60cb8070a2591

SHA512
a9c815d8c8f9af3bc68031c2abf71e849ee74bcc203eed340303b64a81c6f8a8776c8d3ffc36c38d62ccd65d166e2fdca5e4882f49836bf114763dba22bd0617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa3faecdbe7b94764b6ee79bd1bd044f

SHA1
390d93ccef320fc564c671275d50ae718eb9a9eb

SHA256
5c35712a24cffc00399d91cc9e8224414418d115f33899817a1a36d5d0569623

SHA512
639adeaf54d7377b61054fbadeb790c6ebcebf3b35a79fe068af3d3182f6debe8c2cd7bec617ea0a27c5c837988133b52ccf25a07ea1314f165e08cdbf7b75ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f1cc6000f201f514c970924f81c81291

SHA1
2aa88a86b98e92bbb289cd0b1fbef1f98e240250

SHA256
c176943629d293dcf01efa5498683ff0a45bf3c0ba01d983267ede98b7ee801e

SHA512
0665fbd6fb3c86f5433b8f3bb7c0b9459c464d16a68dfe54b46516981db0c5a99b0bd68c955ea1df38576f041749c5edaf5bc6d9a4003b1a2fd35da9a008efd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6179f631855d2d91e04fa780f58b1f02

SHA1
198662e02c38b6c1432c082a9a5d7315ce79c3f6

SHA256
8e247a90319909b27882541a044e4748c24725f1dfd78c01c93b9c5ee0ce2f9a

SHA512
21a568a0b9e72e1d33f9e279b072f71c12fa37a3e5b636f87b106201475763db5f533ac6a0e0c5657d5f266b03fb484873d34f517f90470074d28e030add18a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f651bfe1e05823e31561e8e8aa4447b7

SHA1
6ff597841c92f998569b908aa9100ca145b3bfc1

SHA256
b453c3c74f5683d83a8aa6b79d255253b2d978656cd8531cda3b307cba5b3cd4

SHA512
b98d474ab65a8f905fa46ec018cc8c82f736574bc2c8616dc868904b713daa5bfd1ab993bf8e1d4e0e6800a5dcd8d90bd0ff3ece13953c51f141313d4e8dac92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1962f332598fadc3203dfb806c8f67b5

SHA1
4fbd3f921fbf2e6bfef7f37ba7ac3bd302d355b4

SHA256
fd1d77a77b5fbeff56a6aabcc1da93afb4bd35d801b16d5f91f1afa591adee75

SHA512
25fe3d05f702b5486e0ec5715aee04deb4fbf783d30e1bfb8f4c53ec426c8aae57ce604471ab33285fa1497a983de88c4a0b94f9327ccc00ec9d90991a5c5ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
553b87f72722d21cb7296d4592aa8304

SHA1
8a202ceec6a965b93f378cb8e651bbf7ed2f81e6

SHA256
ea5887666f09afbe3deadade8ac79fea03586f2e5eaabd65f615d5cac1d590c9

SHA512
ea0ec2b58ae5644ed6040cb69b6a683426185662c1fe947544a9eef30370fc35c573f546b79e818663f402e35d75530451b3edd5b7f4308fba05a9d9bc2bc8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1021814815d6ef5973e21aede37f5518

SHA1
85637812f79a1d63a8ce5cacc7205ef771655005

SHA256
d94d15f4767a98558b3a991bd66d6c2fc9cab8e363c132d022e99b3b9390ad15

SHA512
8da6009a42b2ee6d2d11f292297a78df05221b28a5a76e1db032d97cf128c99a27959e0498a14516da22cd6c3c60f5b9037b57ff6a20a386a8d50b48c2665df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
65c9ddbc6504e6e6431ee829f1c20912

SHA1
dbf8cd8a4667882a065554b2d8fd7e6cc1ef902c

SHA256
859443764661b7037ea8c4b37186b4d037f5918ba40fd9fcecfa5de4aef98425

SHA512
72cfa6c361ab816414d9c4863aa45c3f233f40a920870b1ea8691d4c65004a31ba268a038102112d0a2adf517bbfe860251d65196a719cb4e10a3b4781a610c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
371c72bb33dad383b7a33d555db1fc53

SHA1
f3241304abe5422c9b57ed5f417a877f927098b5

SHA256
47b6f79a1d10b201c2ddb453b5c5497fd239c7b904e435af7430cade9a93a298

SHA512
d9f453df87b98ea7f1a094a0cc88ca8afd11808c6421a509d9e6a4bc681a89f235427c8b7bc758905935522333c868d5c0442ed20d78543eb01080624583b72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
86ea8b2c026efb53c41e1a8e3e76ed82

SHA1
9ac4e6ce5ce022b1ae3806b6efc0266e86fa56df

SHA256
595e7ec126711640039351f11cef932a792d79fb67a515c8fcd82bae30027ca1

SHA512
37e44f31b38585d67f73ecf7d22905ce63611b2c9491694c16b526771b3b2dfb48bb1a4cf5829a1f8140a3584e168d20f4faaefbc5232127f617a9916aad613f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
fdb88c9a18ac83dc31148601c8815a67

SHA1
52a9927a9d3cc5b636cc712c1e972efc1e9723c3

SHA256
c40a47d52089a070c5332d7c217f628f2da2ef51451200094591df4c6a01d459

SHA512
9c6f1841f340d16ff1326c702ac9477e1650bcbd3e68af776bc6ce81cc1dac90feef47c6c70b6faf6e6b10adffcdbc073bc84ce672b6a8ad5ff41083382aa7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
913f08f2d84ff0f398517e4db673adf3

SHA1
fcdd821f349a1578356a28e0e031ab988c051e4d

SHA256
e224d6c1594661e63bf697f3fadd0d6457e39dedd6f8e06b9c05bbf4d2d5fc74

SHA512
9f30b5f17d2ca85ea3ef51accbcef02fc4eaff7c9e3da0a7f3f5dcacbc981a2b6013da4192f6ca02105d63c67909ce0be773b669e3b9867229a5432f1f4d9503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8de117739ca6b828000406d225d583b7

SHA1
2267c9630b4822ce933eb36fab81f9d06c3e391f

SHA256
e04715545674454952a7e65688f461c7ff625fc5776cdb640c390b7b5b02a9b0

SHA512
21de2363d60b400182adc42c7f294004e7a5a46a748ca2141dba6731d5528feec11395a37a2fbf676e261736980d605c2d9db539b97714f7350391b116838c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf0de46fe44521c106eb6c7d2747d74f

SHA1
16701a9f90820b14b3b0d10c945fec8ae94c52cd

SHA256
967923f55c7f7810abc920ad0860779fcfc28d643978cf6b3b17e9a0009b4d47

SHA512
de2b929476309c7608b539ce8a8dec33176bb95ebf9ccb2d138584f913f7aed82f6d0eb677b843eb3ab3cc935e30f022842fb746218cf91f5ad479a969f2af61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9766b099198240a74724470cfbd14f1

SHA1
08a73f7a9716e0c9afcc3d41d4c92d2e517b59cd

SHA256
ce18172638dd4bdfc301c3bf87b3f3770235f361b5af3d2dae309103a4484894

SHA512
dec8a2f49b7438fde8f4476e7fe297e45b5f3e87887031293ea3857cd19fdcaa7a914e2438756cd0943275a1563197de71d9030b0af5170c5f56fd4f7056c55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8fc3e042e6e5ca0f5bc2564c333b899

SHA1
91272e85152f92b3b0317a80ab71e7e0947a8d98

SHA256
792d300919859c9905bf5897c6c695e0db5c42354e448027f7158d1925d0f463

SHA512
efa8ee6fcf74f383cc7cfa3cbabe5459f43d90549526ddb294991ce6c21db0dce6f1fe88ede404ca9135d3307e7eca71b0beea6de8314120ba109d0a6ebfed6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dfe6222431c1b9b0ee4a113514858d0d

SHA1
60f4d969c75064e32399d26781ab3e326b32f157

SHA256
f3fa278876ea09ea131125d668196b89f8ebe4df880ad9df2e7b919c5fba41e2

SHA512
1937692d8deaf2a9c327f3bf82692622c657ca9415b2338c9ab2070fd3e05c63f46b1ac7a4e59adae25155da5e9ed71b206de00b3a78ffe5132c6905c3b4dfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9f621fe5dc4535b85e2d8d205c13d44b

SHA1
503889afa842bf4305fc4d2ee1d7b62b464a4f1b

SHA256
6e69d7d5f5d2d996697ebedd6498d193d44b3726c732d9461a7059705a6fd162

SHA512
16fbc3120b4528cdad1fd92c7e90d30d98912e4541db2cad4ff4fb8f5dddb11ef8605ddc794ebded56cc725040f583ebb8d7660b860b73c93ac759d361e689ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bf9cd16634e9df2fdbd6745fc82c9b92

SHA1
d78f66e6a4c454d6dc9cda84c1d95d2fcdb8ba21

SHA256
f7c95b5f40fa1d24668d580ce850df9de6cf1e1a41388580227a76d5aafa30bf

SHA512
9d4918c1b19d05835478c0826654bff89d82330f21d89fcfcea9192872e8db96a6c66e6dba19656f0b2a9d577882e43092a465de1f76d569bed1a28e7a23e731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2211846850dae5a7df3778d0cdd77cf

SHA1
9135c09b30958cab710d2f68be244fdf1cf61bab

SHA256
57f1c73b84ddb8f57b74b802da9862e250f2cfeb655d8e9815f4dac51db8d5bf

SHA512
df446a7ac5fac1295a3ea6a19f3d69b6ffbd3cf79bdece457c48f12d4e953b093a289d92606022090d6722dc62ddb2c92ee42278ec731b40ad3cd74b81861380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c891a6241b9d39ce4ca1746262bc3a23

SHA1
e9ffa8ba2ac89ddaa9072abcdefeaf5453dc7881

SHA256
d4f379dcc6723e6b30feae3992109b4562e3fea065488af119cc335558418add

SHA512
98116ec3fc3ee0f120f2b59b1064cea9a120a9182b32c69dfa02b53fff0baac767ddd48ad3250e9ebdb8dc5d1d9a6901c7d22efdf06f4b1d45e78450954529c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea780e63e47047a343f165195b03b686

SHA1
5dec9e53ed75ac3b6e41ec64c52b380c75a9dedc

SHA256
82b05265b2fb402a6cbc9fa4c6aed4bc19d1456e32a28a2cba8d548f7efb816a

SHA512
ba75ea868e39ace23bfe97f764955269df05dc117c2bbcf5aca063bb6f2e47c68917ecd172abee2c9f6395a76a7042a2b85d4874ff61d5e49a481ce538778c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a9b7321e3fab0e7da568e2302c053838

SHA1
5efdd848979c9356db83937adf9e56b5236b8df9

SHA256
025d79c7bcf0b7baafcd2da88bc907b2ff63b19f6b00a1079d7bc0ec5f31791a

SHA512
b838fbe74c5e9a2a0de5c679854bfa671980dd493efaa9056267425e7c2df4d9ede4597812e1fb68139c395afddbeb3c638cf85c7f05d901e50b16fdd07eeac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
329432ef56befe634b6d9ed014dee79f

SHA1
5340e530d3e691b5229ea4e2e39dc2673514435f

SHA256
6519cd0abf26c2d4cfa49bcad65b4be880a81ab982813fb6eb1bad639d6e9d93

SHA512
b4049fe6f03a24de48b2674df6a06eb503e4b8a84847a9f9d40d7318bdcd637783465599976e0d806ea102767185de31c6b945752da5f5e557b9ecf10c4911f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b4343ae4066fd77a57e3794a15818ad3

SHA1
d7c9206569afecede39bfef3b0ad3226018475c3

SHA256
b50d7657526efc20c4a74f8149beb328246608f2268b0c8c84bb30a3797c47aa

SHA512
b9eb5f8d3eb09e100ab40a2f4dbe2a6dff231459d6a094e52f32732aebe8200a3c33926dbfb77ce47d1bf563e740f82245b2adf8186b2d228567f06eee2c479a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d55815c72351e00714bfabb9641cc01

SHA1
319508377a96bd68a01ae780b16eea0ddd55bf7b

SHA256
cd74f2306e8f3661088037f9d128c8044c9f01b4b3b61d70ec8376eef1eb263e

SHA512
bc7d8054e7aa9fbd03373f5cf33c1811a0c3746890bdec2c0a535f515e31ae4bd6b67f6516d513ee0584472b45bef5a3110d905e6b6ec455672a35ab315c220f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bea173399a6e7c86606a1f9df8f854f

SHA1
7d74ef40d7420ad0f28923a27ec3eabe2c5451d2

SHA256
512ca06443a7b60f6d64516dca12f06facfbe78ff14c955ddf14e286fa1d5da8

SHA512
707005ccb75f40e0a2c76aefa760daba1a53c3bdd7f75403c6e861ee8b0f57b2f734f2c18ed19b53f3022fe2c67fbb6513f1b2323abd0e9a6ba845d328adaa7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f3fc5ed42becb0abb6b8b12204ed305

SHA1
146136482390d8321b12e499bba189e3b1d88a65

SHA256
3c720349789469ec27f901ab8d90f744471e53e5d29d1cf5b5d78d04c2d72520

SHA512
e74c4ba2e06997be1af6699555e90499f8c557d239ea81aa31c5973e7b0c0a1b0c69e8575b2ea18167f103ff51acae7dfa3f620c7df599b7f29677fda7652dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
44798fdd119481aa1bbd67a31d923bbd

SHA1
18c1a99ff7d9e7c29d08b7fe59819e7af140689b

SHA256
505897c85d2e447f3e9dd69d9d16ed7bc056938d489f124db1fc94b7bd54e891

SHA512
23297530208b7ad866c07eda2d8a208dce8fcf5ed9c5032ca4112ca31bf9616cb81fe3179748c51a1cfe96f788faa94ad8bc46d5c177101e959954f99055db87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
36d0151aa0d733922d52c1dcbc742879

SHA1
7eaba076cb3ad0e51172240d74bad247607e0a4d

SHA256
0ec0b8b425268bf8910465b12b11bda6b8223fe41e4992a19fa0a9fe848f72a7

SHA512
c2334b4f132b64cb77886d6a79e7ce67f47bc8593c1f81156d7a7166ba488f29b54dcb1e56732bb48ec978af3f78875f9278dba6f659a03a65a31217681036f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8cd96b76-8f55-4c9e-a7af-4ff2733bce63\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
ddde202fad7edf1e25c01b0bfcb3356f

SHA1
01c4b30f48414d565c859c3f6ecd7cc9a31364ee

SHA256
64d2d4995edd3a20d60d7545c07666091c4d88aeb191612ef623e2bc6d38ca22

SHA512
e13d33b908ca8e77a6214153db304b06490cb74a429ebdaa3eec60bc4fb1ec26c5603d75d31a9262bbc5961c49b4a6e3c77c4141b06497e1bc96d3973a099e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
261e9000650c40481b0d07513c9e101d

SHA1
f080f13a39b9fb5b56b3cb500a6a2482dfb83376

SHA256
711f37251e87283665965b39c364ed21037895113c5bd7dee369bfb80b0decee

SHA512
c000c513923aea0b4f0819b8c8f82bf8dac3058dc0665015ac034c6f12cd9935bc004fb86c37c7e028e0b56cdbff25528976e5eac3ff98eb1751a139159a9817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58baa0.TMP

Filesize
120B

MD5
ab81ce3b1f3a84bb07df94435d95f5c3

SHA1
d78eba8425d18576d6715e902cdf50db94254433

SHA256
8e801e7e8563c23330b5e8a789794d964098b403681bb3f83c23af1556ae81be

SHA512
d2ad9df9da42fd82f353bb667dc47c35c145596f11cd11d5075f489df8066a445fd8a3231e08d62588b627fd6935b0295497de396bb8873e0e0df00fa45bcefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\89fcdb113232bcf10286c6459aba9d01da5d655e\index.txt

Filesize
111B

MD5
0087db4279b58a67d968a07ebafeb3a0

SHA1
ce9cd5d081763fd1dc966ccdc34d6850988739a0

SHA256
5d99954cc27394bbd0d878ed2ba071cd36e470435a72de093a28d54cd88fa96c

SHA512
d7f9343292e81baf7ea2183c362f64e3489df0ce1bf571abb145b6a016f3796a2d4feba906e48af0995b818e9914846a6839d9571c9b92ef4faf4f6326139841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\89fcdb113232bcf10286c6459aba9d01da5d655e\index.txt~RFe5b0e35.TMP

Filesize
118B

MD5
e9c5afc54c0b2d7302dd1d5f43dc362b

SHA1
9efbb2afde7e91d6cd317af05b04851b29d14115

SHA256
ca240ca1734a8e12d57996143a94ea909367c95b3b3e2d03a156c3c006cb4063

SHA512
029b2c8337e2d147165dabc288a4afb14df7fa48f8a241e7a23fc628783873b9fce2c48fea4bb675c5eaffc41020dc8feb8456816ca23b6e14b20ccc26caa809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4dd9e12fd2a32cc654afe9419ff5df24

SHA1
3a056d5b2cc101fe59c8139c4d029d2c7fb49660

SHA256
eda8609bd2d52c5a9afc7a534301d013c8da739aae3ce949d2e73ef19ddfedcf

SHA512
ee49d99dbbe54fea083155d550004a8419cc509e7ebdbf73ff5ac6fa9d1d7e7e9525a6511cabda46580d06306f8d9cba758a1e3c22b135574e685b59f23d0dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a8176.TMP

Filesize
48B

MD5
7c7835b746f0092d3a5d2db089179be4

SHA1
821b362dbaa6843165ce5fd30369326053dd4dd1

SHA256
63984c3984e8efd9c45bf73bddbe7b7c80c54ecc9c693756b5af3888c6b0593b

SHA512
5014e531fa423cb4d9261b3051654ca9d98dc52df99970b53d84e30bdbd0e3c98e6b544480ed49e312535a77e6ae87ac3eec76b14bf41159714117aa9c8a0320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dae9daee-0f9a-459d-bbcb-1b7e13ab602a.tmp

Filesize
10KB

MD5
5339019b315f5b6766e870b77c627e95

SHA1
985c046d49ff23ade8754f80e8c62988dd848147

SHA256
edf46895ca22c43b385f433f808034145e9c12994c1ff31845696993949aa81f

SHA512
c99a30943534206ba3ae73dee860b048249cea8ef9f59252fdcedf34bf311e61bce9369b478057a6b409e502f05e203b097e4ad39bf44608b96778a53c1c16b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
eed923e9ceaf61f01929e7e21ba55a95

SHA1
e458495c8baaa27919794863b24cc421748bcb59

SHA256
a3b42ae3cf4acc2c4f7c2be6ad558f2612f88bdbf2bae5a2e4c45b798e62004f

SHA512
abf96e3b2caff920829fff896763cfb8ab793ae6eb9c86d5db71d893d7eab993ebc73df1fb17ccff317418ae7ab94e93973aff5674d308ae99a912af8985b30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
bbf5699febd5981a685330879f5b387a

SHA1
b4716df8999fe699217ab325167ca6905134a8d0

SHA256
23650f79bcdba855ca1917f53d5fbb1e456ab288b74686e85a42f47c9e175290

SHA512
58af90fa2f98c77e8c3701f6b17a179a41153e59f15bc38f87efe2db6096f86c121dc81577cd8c8cc8241465df41f681a42985614914383db9a485fec548aa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
dbcdd042cd86b64471ecc3b463b9acf4

SHA1
d0456d1e041ff870f179d62bfc43c8a3772be17e

SHA256
cd37246138078d14808c6c58862a55b0e49beedbaef1173fbc557d44486e6840

SHA512
5116101d7f798c3b285c5f5eb7d06e737e62215baca2ef06914dfc19626466c10f6e7594b86d2237dfde6d5146cf6e5ebaf9e2967eddacdbb723b32a96241e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
0c0ca4926f93fd2bd0580761474fedf4

SHA1
c9114c4530b4481a86ffc32b2301e253cfd33fed

SHA256
2ad7b74b6cb9c1787086b75b77672e0dd0d6dd5ab6c842448a4ff009baab810a

SHA512
b0ba8f8a10413cdb7a0c92bdc1796bb5f61c12ff98d7db4ba63d229c20c9290c715e1b347573babacb6fac872522adb37e7c0f3077dcded67fd5815d14537317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6a943b12a973d8c60136ac0b7cfddacb

SHA1
54526541ee7c98cf00fbe6b318c2225f3b6a4759

SHA256
83e5bf137f38bb873e1ed4c98d4856e78c6c29f027a6568587357a69f339bef7

SHA512
9aaaf3ac2915a77c7d1749fb832fdb6cdfd1844d001c7554a58c2bb2d126c3da5d3b13bc03e7641132d400fdb43174a6e18cd64352f1799cb250b6c99b9bb05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
a14eb58d46655dd815c768bfc488102b

SHA1
21a85fe6e2331e38fcbe70fddec9fbf6bc6c3a0c

SHA256
b26b0184a92a9e17da734a9a8ec34ede13a4ceef4f6bb2fd9e1526890a11ec37

SHA512
d90048f4ea8fa345c0952dacf9baafaa6005ece806b059a2ddb52533f7218e7b112ee37a014d4e059d31b70d67919f750e161b4121bb2743c3765ecebac69901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
b0443e31bb7d812195fcf843ce282167

SHA1
4d951ed83c67f29faa507eb23cc325ce06ff07b3

SHA256
d946d12ecfb57e858fbaf79bd4c47554394aa5d93efc478016a71f99b5faaa6d

SHA512
333fc9a41645f3621d7575792cfe122da80cdde6836b617855fbbb51f264bf2f68bdf83813bedb6ad6275b092f3cab34419617625d4393059f4acf002b8190f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
545e162e029297bdeace2cdd84ebf880

SHA1
f334c4d2bc8406565bc2fef3254d3f8af122c5e7

SHA256
586eddadace433b3ddc293726bd6e248ecc359983a3a6ab6c0ece599bca3ed08

SHA512
ac7cad5ba5968b7133492eeb59175f2e2c53ce1356abd508ed00cc0fd6306802929101e88beba896b28d8099959c62a771bca64b0d07b4f465755195e6318d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2b7ab9ad34a9d9bd37db0e4b5dde8411

SHA1
316b3e688a64f1d582d70113a33281a8c1635371

SHA256
7f1f678b75b83424663c21af84a2f7035f284c20dca69f17a0670a74509fb4df

SHA512
2bc8c12afa43765024a80490b60e7dc51638c70f059d24c02e4278c1c5e0099232ad92a0f0ad2faa91995f69f796a6b3c081d0c19c7f1bc68cb747be7b041ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
87f065fc59b0efb955bfcf8790dcf24d

SHA1
d3510fb200be5b6ee5b72610b2a0bd8894e2e651

SHA256
c05e43df42ad3bdca4840323647d2972a47044c8c602c2a96780425261a1e327

SHA512
251d2ce8a46bd341e536322d49f1169ae2c99cb8bc7c0935bd3360422a50e0a61b72b827429ee5e845daf1d73f08178dd9cdae787ca5b76e8a4a24853e78b2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
b85541969d13b8ae7ea7417af62c8073

SHA1
c3ba9bedf38d8bb86d1b5845e9460995442bd045

SHA256
b4e946ef798b4593a5e278627942308edb263b35b39db1c4a9bf05a27b1502a1

SHA512
cd8d9d42fe4e69741b9bf385d40a5e9aa36ba0bd1ef072b395468e462edb27bebf6d2295fabe03368188f67268f0d02ffda87af1d8dbc222458d9272c7272877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
17f8e0b20b40b8e908486d018ff788fe

SHA1
c337142f1f40c2a215cbba69ca3fbaa752618029

SHA256
013291f6e4652d03645add3f7ceb7621f4de8ebdc13b4f33f40cd26343b28e50

SHA512
9320096c5fbbedc3442b1359a284e8ea5c79fc5158740c109db12d7ee23c13d9be1e9dd01f69bf84a945da5f118326b702373f043be6b5ad533d9363e2121190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
18964dcdc434b7918f3f0c7a5c4ed007

SHA1
5e14d6d9b8602c97c55e1c97e95de46d80d3c2df

SHA256
81416f69f26b4446e8df19b32f79ec5130d3d48a13408f3d9fe0d7f1c0839431

SHA512
c321525de5bbf992c9d04703e4f98012600977abd50bc14be76b6774cefa3dcdf6b565cd61546a1c876f04644556619f9675a27ef3905d5247423935611af3ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
a7deab7b0251ec7f62a344f78ebc1072

SHA1
7c896b6d1b57291159ab944686c017e3ac47b82e

SHA256
9f80d30539dcd09b7732759ff112264df51f85af4948cfc5c06c1443611a7170

SHA512
2a3d2cc1bee0e9a6a1075ee02b5f6f2210b9601eab799d1fa374f9ddddf443de0974f0716b6d8e2ef2fe55ec7f31e6e860086c3e7a7959bb5d227ca0392e87a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d7b3013ac637bc9c16626496b4f648ce

SHA1
72cf30119b70f9070aef37b9c687c2e01202fb40

SHA256
69b37daa3b72ec80c29fb880a8a5908390ad69aaf13ec6dbe12f907bd6683afd

SHA512
4f1946c92a46e79b81eabd5f6ebcad031d0be076010dfbd2639de0d907ec89d1bc1e51402f5f518f3fb9fed48cf6fa32b20aab26ec0cca77daa685dc111c042f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
490ff7b3a4585582490ab7d60b37b8c1

SHA1
707bcde7fca4968c14d1f85a60194f3978499eac

SHA256
a557208d45137d82b327e56cd44fc53e8e7ca02cdf1f4914d1a7d49cd144f2fc

SHA512
8a9d207dcdfc372ea1afa2323c233a84a5c245892c29947bef512a2842893b7135bcb8c29a5a27328b4bb16daec489977be3f6c20e0dc32f44c9110014cc9efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
5afef862b87cf2c4560f82129d18fe8d

SHA1
9d4e3956939e909c1ad115e061ed9846e64aa9ae

SHA256
d43792b1d90fb1dc12b58237ee766cca361235dd81d4cb7dbae721aad0f70eb4

SHA512
418624a3e0fabe0e53b79d8c49b31f564bfa81e5af05db263f5db5f852cfd1930626cd09642ca0a32f20110e83d06733f4c76570a380c17563bf58471a24d9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589c7a.TMP

Filesize
93KB

MD5
918e53c35243ae66a14fe44966f1664c

SHA1
74fc0a3bc8eed9e1042bae3b8b832c67eda307fa

SHA256
57ccee9d0d000e0a7906f7ba05e44e15aa2beeb47770e7159afb07fb37ef0654

SHA512
976525eace3ba84178e04c6ebac2ad0194f5d33679a1206cf4e4cb08f1b82b2f237da97c62697aa6ef3710d6c29650ecec2a062211f4af7b9b032c5fd6479c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
74f0f0aa87e3e3093d7f8b9f4c1e074e

SHA1
310f22ffa326ef7e95f9f3480ea77b7917c77daf

SHA256
40699bd267ca549eae1f9c4c063894042540d0149ebbeb4d15496dd9ec5f2e5f

SHA512
50a583a5e574abe86e2604870273bcffb4aee1bdbd164a8358f5d447fd68f7457063960ea743781d8f02aa5b37e0221f1408a54ec923247e5b5f076d30151d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404061037231\opera_package

Filesize
135.7MB

MD5
51925d4ccf835cfc01fc4128e16aae03

SHA1
2e29709468adb5399c91da7c65c2999ff1e136e9

SHA256
4bc959418d2a311e7fe50db799145d65382a7697230f9d343f3ae23f6526a91d

SHA512
a23cd3e8ddb059c898ccde02e3fb56f9767d989b96c207594d9a437964fd35a4f3ec7c68923ea669f206d3d13f9668b3970e9e6784e92e3a4beef10707267b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404061037227834380.dll

Filesize
5.2MB

MD5
7c4c89e7a2b29a8fc7c24fd158761f5f

SHA1
f05bddcb3df1811d104939192510d7afce5bf9b1

SHA256
b2b0b0372fea8c706860f531099234dd2e90a5648adba0e540cb1eeba6ea0d99

SHA512
135bea3366b56f78d78d71969f8ae09fca130339e8989480c29b9970e35c9ed81bccb0a26e68fa572d254d2434f10c28e200baf2044248378724fd471483cd0c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
ffd7691d7f90701fe7e7b52824da4523

SHA1
6a22bf858ffb998ff05e1e97bd674dc344a211a9

SHA256
20d3667163b78dd57a64357ebb4b3326815586675231f9a95404182f911af482

SHA512
94b2212af57ebbf129051dde50bdae0c4cbf0c93f7084847a9f6f6de3e8ccf67d0157374e3f7ad440367ccba7ee0b4a7f7ccdfa6f9e58a11b6416b9b7f011812

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.4MB

MD5
11bb01aa0e85379f89ff2329973d11e7

SHA1
6f10f564fc899970f5c18d2ad25f66a92948e167

SHA256
4e6f43d68dafab2818bb93a2dd5406c8776b6c07411abcf143f07382fe6bb727

SHA512
bb03b68d9ea920fb3fe44269844ed45a4477349461156d91d92581cc0e86f0d9128215e35c019a2aa9d2be3fee8924c7cd7eacbcd5cec8e936de83bfdd5b1a44

Download Submit
memory/1284-2034-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/1284-2095-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/4380-2049-0x0000000000B90000-0x0000000001150000-memory.dmp

Filesize
5.8MB

Download
memory/4380-2046-0x0000000000B90000-0x0000000001150000-memory.dmp

Filesize
5.8MB

Download
memory/4476-2038-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/4476-2096-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/5504-2119-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/5992-2117-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download
memory/5992-2088-0x0000000000110000-0x00000000006D0000-memory.dmp

Filesize
5.8MB

Download