hxxps://pl[.]exloader[.]net/

Analysis

max time kernel
272s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pl.exloader.net/

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 31 IoCs

pid	Process
1204	OperaGXSetup.exe
2752	OperaGXSetup.exe
5400	OperaGXSetup.exe
1416	ExLoader_Installer.exe
844	ExLoader_Installer.exe
2380	ExLoader_Installer.exe
2348	ExLoader_Installer.exe
3648	ExLoader_Installer.exe
5636	ExLoader_Installer.exe
4288	ExLoader_Installer.exe
696	ExLoader_Installer.exe
5064	ExLoader_Installer.exe
5600	ExLoader_Installer.exe
5716	ExLoader_Installer.exe
4596	ExLoader_Installer.exe
2240	ExLoader_Installer.exe
4252	ExLoader_Installer.exe
3856	ExLoader_Installer.exe
5804	ExLoader_Installer.exe
5332	ExLoader_Installer.exe
6052	ExLoader_Installer.exe
5284	ExLoader_Installer.exe
4772	ExLoader_Installer.exe
5652	ExLoader_Installer.exe
4504	ExLoader_Installer.exe
2480	ExLoader_Installer.exe
5024	ExLoader_Installer.exe
3952	ExLoader_Installer.exe
1848	ExLoader_Installer.exe
3032	ExLoader_Installer.exe
4608	ExLoader_Installer.exe

Loads dropped DLL 3 IoCs

pid	Process
1204	OperaGXSetup.exe
2752	OperaGXSetup.exe
5400	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00080000000235e7-455.dat	upx
behavioral1/memory/1204-474-0x0000000000370000-0x0000000000930000-memory.dmp	upx
behavioral1/memory/2752-484-0x0000000000370000-0x0000000000930000-memory.dmp	upx
behavioral1/memory/5400-496-0x0000000000330000-0x00000000008F0000-memory.dmp	upx
behavioral1/memory/1204-600-0x0000000000370000-0x0000000000930000-memory.dmp	upx
behavioral1/memory/1204-976-0x0000000000370000-0x0000000000930000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578286931214592"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
5136	chrome.exe
5136	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2296	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1204	OperaGXSetup.exe
1204	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1656	2296	chrome.exe	93
PID 2296 wrote to memory of 1656	2296	chrome.exe	93
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4584	2296	chrome.exe	96
PID 2296 wrote to memory of 4128	2296	chrome.exe	97
PID 2296 wrote to memory of 4128	2296	chrome.exe	97
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98
PID 2296 wrote to memory of 1672	2296	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pl.exloader.net/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2c2eab58,0x7ffc2c2eab68,0x7ffc2c2eab78
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3908 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4464 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3928 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4388 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4136 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4208 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5028 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5572 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2420 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5132 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6552 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6956 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of SetWindowsHookEx
  PID:1204
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x7514626c,0x75146278,0x75146284
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6744 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6308 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3192 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6816 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1536 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5716
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7068 --field-trial-handle=1908,i,18440845968417814976,305823479106574582,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5804
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:6052
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc2c2eab58,0x7ffc2c2eab68,0x7ffc2c2eab78
1⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1960,i,163399940239686269,606116531786405174,131072 /prefetch:2
1⤵
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,163399940239686269,606116531786405174,131072 /prefetch:8
1⤵
PID:4036

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7b290c2f83906305ff0622aa82fea47d

SHA1
b160215d36789a4b22defaa93572ba701fe6946f

SHA256
434248d4a028786cdd363149c848d2441387cdea37326b216aa6b25596f8b960

SHA512
4b10e4341d0f189eb519060036161decf0a97d3eafb77f5488a7c1bce7638ce3cfdd8910bf176786542482490e16abe3cf390c817bca308a5f2bd5a726af8da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f950de5-f0cf-4b44-93a6-a06b38d2faf3.tmp

Filesize
6KB

MD5
a81a6d85d9ccc975af2d464a8fdce792

SHA1
06eb0e69a692e4ff3c8981e97381cdf2e5965fa7

SHA256
4ef93ad81ca353e96a1b478cb3a62f8fd2a6a014061f74c4085cfa6a332a22b8

SHA512
83dd181843a469c2a6e61e96b2301f9aceced79ccc3296641c09492092361937b983b2b024014e554470fe42d8e12756803177ecb5e75591d739ce85ce159907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
33KB

MD5
fe70663122656a5c59de60232d8be61f

SHA1
382d85f2ceeb85d8561401cc62e5d9c49896a606

SHA256
9e6988b270619eb054f77a35a7b3df50b2579f55af768aa119d89fc269ea61db

SHA512
e4e8b5bd45bf09dde9ded38acf658d35d6277dfb0aca5b2c095bb195d579a81ab5adb8c4dcfb35902ed704bcff09d2d1d3172637e0a23e3c86426bdc20c01e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
39KB

MD5
bb9d0cc624e14a907449e5ea1f602186

SHA1
81bc523244b6950dccf5029cdcb4b2ee85f9d2c1

SHA256
a39ea9b2e813eca3669c86d386b5f7a54a044f8756d75147063b832884c8f5a8

SHA512
5178c3784ef9d1a74c390a77376f87ff6a4c73a9eec52ee3716114ba763d24f130c2eb37ba80de22b4cecae57053e6682354ea2f91bc655f3134b232c863713d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
39KB

MD5
3d82e791b707535b54dd0d68ba38cdbc

SHA1
8a63647c1374f35f3d5a5aa3013fbc35892f492b

SHA256
82e239223f2bababc14619f8e35ec7d414d735da47ad5de073cef031ec6bdb23

SHA512
89e1a72ef0e84010511f446f25905e9fcb977a994416071d10b4eb3f1216a4efc92f43183747cbf4ed19e00995f1118a54be83851565ed1b76acf75cafde105f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
219b9df91f6cc3e2f24fbac25a57c561

SHA1
680324a3e134f703dd45a6e90fce6930b9442112

SHA256
fa208f8ad114c3fad367623b817eeff9c6e7bcfafdd38d8653b501e2a78d06ae

SHA512
ca82c57c99af82f1587b4de1aa279ddfeac2703d8af70d44256a7ee576899e914a84f02c97827865a40a8134c5aea8373e2ed7bb5be031ef722e485d085e37fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c4efe9fc6988978e7eea814ee928ae37

SHA1
1d9f9d60fa25699d485973e429198ef5e1080960

SHA256
e85971454fef687c3aaa937ce8647db82134978e78815a2ab7b7ce4ceafbeaac

SHA512
1485fc69b23642acf04cbe63c0ac6c2b9951b22dcaf640dcf4ee4660a1619df6cd513ec0cdd819332c044625e276eeb96b22e0bc60301e2fd4fdc10cc789917f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4bd2adb5fb742fb869225f48169d5022

SHA1
58fc92116cd0e176568c5710b0b816d684e55a7b

SHA256
0f2a770b13352623a0fa854a00b01f428c06cdd1f37d693e5791708024285cfa

SHA512
43fe54bb924382f47b93ffb3066cb450083e7e857301e1d669b3b88f53a47bd1d8bcddf1c2730f3c95f58377c148a5b37840a0139f8bd0f038030fd8e00ade4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
229bb51f62ea61da1643f425855d13cc

SHA1
902a1986ce9a9590ab6f5c5ddb27b664a20f98a3

SHA256
96bc4e1fc8e8e640330910f575ca9fc69966789f35fd0e5efffbbde51a480fb4

SHA512
49e3ec0d5c3236724d9a6bc1ddfc4d5600e7145f6aa64f8f6d9c497c53c9e93426d0f394e8683bfe88dbe420178f767a825cbbcd9da2a42bf4b2222599261b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55bb8c33b45972ee1188b3bf6ca68f64

SHA1
e46a2559683db0511fba7552c08d74ba25701e26

SHA256
a511bea3b47e4f318c0d0112e58fd0ad742766fb1b8e46a59f3661f8eecd45ae

SHA512
fcdac59cade9f6e9411957cce6fbf07bcdda2bf4e93678f7f5911fd27677dcf45731cf5b96e2eff3dbfc37d42836292af08cde36f7256f56dec06b28c9d87941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ffac0bf33e12b347c86e54897d86184f

SHA1
ec340146f18c293cd5fc592060b13a55d6a262b1

SHA256
9160bac529b2e79ee9ef039c35d9208e179afe2a4194885ce4ef3cb265cfd012

SHA512
607674a8f073b12b5da6f6e6c97a7767b64fc0026353beca264a729a5da2b38f6d12ba1fb1ce56eb60f9b8018a25de3654984ba935d1a183ea5b6a828c556ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f846cba8e58515b26775ad99ffc76329

SHA1
9be11be01a32ec7732cefb072010a4a6ea58ef0e

SHA256
ebac99c37e7ea90e63802fe6372f5eb5cb20bd130ab44518e0ffb3130b4ac484

SHA512
75518636ae0fa2bc2fb89663646913ae53e88a5c3287ce66278cdd31e5e0d6ea02f35ce48bf9b81154beca1e8b4c3a5ae82a2dec2507120c42fa4fa7573cd320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cfba9dce96afc5a42bf7d486c7e7248

SHA1
a0dd9aa4274dcdb1064c1ca143bb4eb106feda07

SHA256
52a8b37ff5cf6dd222bbad41196ea7415309c61504d062b67c6bfea6481e042d

SHA512
e8decff64ac547c1473fdadda1b88b50706ef2ffbce4fe97944fd6dde882775be0edde93d490f1290235fce0299181f59312988f58a7c709f3df387224ac4137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c30e2fe2457987abb2f4ff5df145d5be

SHA1
643ccbb7f561607097e04af778f67e6bb9e1d31e

SHA256
5639748cee45d075c5d23634b10add0b62735e85a7729c59353cf7d4f3d3788f

SHA512
fe9247b41398c7105974de5555e64927f2e766a7635f850d32ff729a1dbcc3cf0094a577b42e5247ef830c5b545cceb927df17b03389fab681100c2d8b3083a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
68d3fd613de8be6aff9c1eb5f589b3b1

SHA1
1949edcfd6c5d7672fa4cda9ad4516e242373666

SHA256
f6720424a88aed2aee6585e1a8fa3dc7da59daadd3371f46f51ef33da59dfd76

SHA512
72796e887862b43292cd4c30ae060fc295bd817377863d36ed52d9b73e87c0cda59d67349b0c79c83ab537a981eea5cc46f39126e1e34a6857ebfdad46618c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3114fff39af1a2ae23176d7b8308c4d0

SHA1
7a19a13a4edcfb74aa4381e6bd73ffd2394d44c2

SHA256
386e87d9ff82a6fbef6d5d47eb8c754152f56edeb8da801ec69f7ddbf5695f1e

SHA512
822c2a816387917e283289a41888ba14de2276036d93dc2a60535874f31a6b2fbe8858afba5890a1f3d1d3b95c13e2413ea9680126e199f7ea1f6c43e2e926c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db0ee366211f71bb1664cf6a9a7b433e

SHA1
36cef96bcf1594bf60953f2aacc23d1586816378

SHA256
e4e3675bc1d2b88ec00779e26775e0e82bae0c984753458a38f43c7233e82f94

SHA512
60f2f43fb30f58c2c68d3e0a13c1ffb8e7779246f0bbba9afd897eff143d5f9b679da10c404bfe52246af0b32396b307ba1c76f958583f61d79fb713a81ca584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3af4fd912f5e0eecfe28a5ef43d45773

SHA1
274f8d30d6f8c1ac50b1d20f12b7fe74acb844f3

SHA256
143ccfe95317927b25639397a4d51f098492550eb3d17cc130dffc2b6840042b

SHA512
ac0cdc766fdb129c33a98a1eabba61e6ed969511ef060ee5ddaba60510a05ba833d6eee6218b6323dbdb61937ab5bc9e9261250244b8ddabeaea7dfe1cab4b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
52fd644da937f74733a0c9919a99fe8d

SHA1
b39db8f9c3604d9cfadad83fa5e56fc2d064da27

SHA256
dc964179abedb5c48d4712465ee82972ca2abf423af11d9bc2ecef2a89121908

SHA512
f52b817f7319b7f636ff706dfe2bd9cc516575f09b54f33a98adc77a682d32c84fcd2a6f4d44f04738305314033e16ba74fa15ef28a12b4725d7bf874974ab65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41e589172820aac798b3418aa439902b

SHA1
fcfff6a8290d7662b8f55a209c1b59f2b4e651db

SHA256
f6765a143ea16183578e0bac1834010bd787688e4c8bcabd7697aa9a2c0d87e2

SHA512
238460396a52ff3a9a0f726cfcabcf6cde4b2c012b245c0e22e1a1f7e34294b19da31c75ad97ec8547667da759730b28d412204370e59c99cb99a9891d3a9b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed73a0847c8f38f0430d7468c09e1007

SHA1
5f64ae8edfa6705b7e52a0b789210b1a167f54ca

SHA256
b21e9744ddc50bc488e6c0982aba7b4ddd06a28ed1c145bc71c94c6c6ecf1681

SHA512
c5c9ae830c8f8488c2497bdf316b30cf8ddd0f5b090275a7e1d3cfaa197bb65f8f73ab9366db592bb529ed6a79ee6734787b56b8608256c032cbd271b4be082e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
f920007840a49ffdf9e42fafda6f5770

SHA1
a0907fbeb3eb813e5232e64015dd9303870738e1

SHA256
aaefa0256016189727db5009cf6a1d52fe5b2dd6a486a0acb1105e037421d609

SHA512
06c75c959b420b290a9c97f2d4466e014ff5b8cc79cc89986cad8b58b2348186aa7e3759d81f11969a0d57f6ea1b7a9fcf4f5b32cdf04135682958bfd94b52f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
1fcec6a090637b7e7967d4ff1337dfd2

SHA1
bc2f9f3bcdedde06c1470320504a48e958c3cb23

SHA256
8b789ac8d820bf2a117298214349fda85ab4aa9986e526ce726c14ef77bc97f5

SHA512
88fc20c78e370f31613e022431d917a448ed55983f4c35cdb5e1d2e30bd45267de87b28323bb94c2d616ea13e6d2acff75fb3b761762f9b7afe786d7ddf79563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
6409f5f941288f6412799a683838de6b

SHA1
1da668bd5f160d60bb572c33fd4fc9b18f52bc34

SHA256
8cac1434c86f8c09e26b056ca8b361447a46858b21072a7e04ef2e52eaf60460

SHA512
3fc4defac23f8945f2524dd91600085dab4e536c67dfac57f2c3b90c83868617b02a80f5accd979358a78ea0fa56ca8ad7c4def65e9cd7637400ff7a7e8acb7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
cf787c23c6102d24abd2658f20637a64

SHA1
b59306f3c2fdec30c4aa921d39c7caeed3a0dba3

SHA256
7641da0b6c25230d245307d5a43ce939a558c3e176be047b91099fae693e3a7b

SHA512
fd6aa8aa9b5f2d5ac198ca01570e06c9f686f07bc1915340d3e17a0b45512e80f3ce2e8da0720f5e39e5eab278747c1efb8f31b65e6b9ec838ed3c71d032365c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
bc52cbaf0fd47d8004bf47e49b9818e6

SHA1
5cfe8f6ef05779f8b12cae83eee98b41e5bbd1a5

SHA256
db141c6abb89ec6b7343a8adf0cbbe9a52f36436a189f1d1a146a4725518c4a6

SHA512
b114c6b0c98770bc7284b1df334575cb103cb033fa69392300f6322d09f6b6d3494eff32b55ad1ab74c0dc5127ecf51d2fcaa1db7e708bfa938514f7e0d6f08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
f5f6570848f5b6894f8308556e1fbc86

SHA1
ff0e34c5eae49f84c74d1714f519fc1f04575aae

SHA256
1ff67df0c00e9cfc822d49b6d992c50e18d0709d4a2ad7c310817366cbef790f

SHA512
4602a5638d9a9c6c28a3f338841ebfb4b9045344b128dfc8a767fb9097f63505fc60bcd65dc98a6f52d613cd1338f330cfcbe4fbc1712aa640519a5a98ab6679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
356addc5864717cd26c21ac7b1fd7dce

SHA1
fcd713b2f04e33a87ae1794aa44d4856a8e937c2

SHA256
bf901025587a690b907546c2664dd005ac7192370de0f228e8d15c0901d8f47a

SHA512
616208e6fa264361384c40769fd5c497337313b8b375ea8730d0fe5985ea05307342488dd31f66e20243f52d3338bbf36b674d120302dc2161bbd440bbda8352

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404171158231\opera_package

Filesize
135.7MB

MD5
34405ebfea4e1d48d679ede158d18bac

SHA1
1a2d1b3d70a26ab939b74903a827e1812b300b61

SHA256
3ef96463650872a1c19b06b4840096aed345001597b36a406ec4b0f4468e04eb

SHA512
94aed6a4c85f8dfe7b77511f39b51fd2e862059e76ac89fbdb0ceff088e86d18a9c9d1f6e5a1cc23ccac1df380f2a4a86d12e9a877497909300a1deea8c2bbd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404171158219591204.dll

Filesize
5.2MB

MD5
3b60f0a8ad54d51f30bd2748faa14c3d

SHA1
831259caa00ac546b76fc21ea2f6b4dd7c26aeaf

SHA256
0047bf9db605d0cc7fe247834f3faae5f026fae9cbe0848984e801c64a6e513d

SHA512
c352453424792204182fb334c95c5679a5b8f6448e616ad1552922b7bf061451787f17dd62ade11055585684022e53a9864671ace51a114157087042fc9da42a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\data\flutter_assets\NOTICES.Z

Filesize
83KB

MD5
d1183040ee4a457686d0ef34978cbd61

SHA1
6077f8cc3d74429a1f73199f33606c72ab8adbb8

SHA256
73c8ef5a21619b700dae5e0776062acb63d04bd5418812e79bbc446fd39e7c8e

SHA512
e1dfce1bb1fce344c8736eb36baa56d2fe5a4b28abd48107d20053620f5e6718c803bcefffa57ed49813cf8458880e3e14f639d7dd01b572a146d8e346aabe2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\data\flutter_assets\resources\audio\AbominationPissed_DE.wav

Filesize
131KB

MD5
b287fcc8278972ff72b8e46b481c4ab7

SHA1
71a91ebbcfb6debe7673a0b59079c5e90cb2ede3

SHA256
c87cb5c9c64b5798769af14563e268080ed82c7c8a1958f6fa1c1b5e7f10d2e2

SHA512
746f5d9232a06b5a415391dcc191902c7ec12465a22551342823da5880a16e9b9cb44da7052638fd0f5a2211ba8b97be6d835f5931bf34eb4fb1b96c6c529c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\app.so

Filesize
13.8MB

MD5
9dd98b582f7c7abdb502ce89aa182b58

SHA1
c19a63f37f8628c01fafdf905fe7cdfeaaf114f4

SHA256
f86e82b9475317faeac418a8aba9ea8432cb0253956b30ed92005043d6c3b3fb

SHA512
e5d113a7e9a604a0e89101bb746c31a996806a1f51d9bd111fba30f7673c5b2f439b3b4493454bc9799788d871719a3c11d7a65f594714d1ee6dbfbebf11e9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\AssetManifest.bin

Filesize
14KB

MD5
29b2176e332fcad27b610e65b68d9b25

SHA1
41e5ce04d4ba90e0c0a0a04277065d4aa9203567

SHA256
80f2fb484f4bd47358e6ab0c0b8c0be903ebed49a6342ea6b6ce3c90a731582f

SHA512
0e7528b70ee2e024792ba91a535a1a6b93335e4b0845bf000d0e84ca05d68a28390b3d6e47a3ae11cacd6284e6429662597d53b5f2d041553e4c1b2c9b87df7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX2\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX3\data\flutter_assets\AssetManifest.bin

Filesize
14KB

MD5
8e1067b55664604ff725ccfc8cc60af6

SHA1
1deb11bd12ae351e906fdc7887a2418801cb80dc

SHA256
1cec3c71762c73b52dfe70cdd9bbcff95bb34834c8660904c46c5224ba442b99

SHA512
8e249272e0ab5fd109dcf32194d41d8124598304d5079893d049f0a5c2857b51cada936c6f05e19d84e7e3f669fb5624941ebc8d70edae61d0f9fdc546bea439

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX4\data\flutter_assets\AssetManifest.json

Filesize
12KB

MD5
511926b8c0a27515c0a2515152258792

SHA1
d18ee89347171dce996f8d461a88393dbc81d5f9

SHA256
9030e43e61f99677525615aae8832b5fdb61133fb3b748890c18716a23ba1afb

SHA512
bc29b003b674456428ba6e7b6e06d37616975c336f0efd83ac7cca322caf8aeedaa7fa5c6bb5352289ce40d2672eb29a487e1895097f9439604d35f094d696bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX4\data\flutter_assets\FontManifest.json

Filesize
413B

MD5
fb1230bb41c3c1290008b9e44059dd39

SHA1
66493d0f8a6a112d8376cd296b05c277b111dca1

SHA256
2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292

SHA512
d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX4\data\flutter_assets\fonts\MaterialIcons-Regular.otf

Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.4MB

MD5
1ff6b3e1aa0fccc910ab5015f633480a

SHA1
1831a2df94eec1c79420eea205dfee4d9d1a0715

SHA256
5d0596939d95cf339eebb365666e32ce579ae9e1a567e1f98c639ee484c6c4ca

SHA512
c73b7f038226d29614ac3dd113e20f9b1a812981b6eb0d82665f259db8779b222fa09d5052cb7ca94bf53ce8491d064f7dd1641d8112a807da5975593a1dcf39

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 49874.crdownload

Filesize
21.3MB

MD5
650a1cce61876f1a3739e398c720893f

SHA1
377998a6fb0d5ff55cec8a015cd7c7cf10f555d3

SHA256
8ed9a032b5f21c4b12bb76dd191e08af6943083c0619fdb07a8e2fff2c2bae03

SHA512
495306321bafc3d85bce9978423828e24d0e71a82d08833cc2b566af5f78a550e72d1962890bc5fb252ef44f103b8fbc6ad90490607d797ea6376ae37e0a7f20

Download Submit
memory/1204-600-0x0000000000370000-0x0000000000930000-memory.dmp

Filesize
5.8MB

Download
memory/1204-474-0x0000000000370000-0x0000000000930000-memory.dmp

Filesize
5.8MB

Download
memory/1204-976-0x0000000000370000-0x0000000000930000-memory.dmp

Filesize
5.8MB

Download
memory/2752-484-0x0000000000370000-0x0000000000930000-memory.dmp

Filesize
5.8MB

Download
memory/5400-496-0x0000000000330000-0x00000000008F0000-memory.dmp

Filesize
5.8MB

Download