07823bd90cb66545241118a792e12f2baaa47a9dbbdf1fd1798d55dcccf14e90

Analysis

max time kernel
487s
max time network
490s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
21/04/2024, 15:29

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-21T15:38:26Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_0-dirty.qcow2\"}"

Report Analysis Logs

General

Target

downloads.js
Size

28KB
MD5

f436d4f9e24ddb561836dd9f768f0138
SHA1

4e9ea045bb0978f0b01274171f270c782f1cfd8d
SHA256

07823bd90cb66545241118a792e12f2baaa47a9dbbdf1fd1798d55dcccf14e90
SHA512

480d23df32a611d7b5a64fd3f9136ac5827d26a2c608dfba22d2c65044eb60f8c64d13515ea2f3d45a83930f780d3c3fc4b8bec01617cc0f00e1a3d20f6b76f0
SSDEEP

384:bkX3WdKoFFVqsP6tdk2GOJEiP2k6cSCGsv:bkWdJFLo

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

pid	Process
4916	OperaGXSetup.exe
4068	OperaGXSetup.exe
4052	OperaGXSetup.exe
268	OperaGXSetup.exe
2488	OperaGXSetup.exe
3228	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
1440	assistant_installer.exe
3512	assistant_installer.exe
3088	OperaGXSetup.exe
3744	OperaGXSetup.exe
2124	OperaGXSetup.exe

Loads dropped DLL 8 IoCs

pid	Process
4916	OperaGXSetup.exe
4068	OperaGXSetup.exe
4052	OperaGXSetup.exe
268	OperaGXSetup.exe
2488	OperaGXSetup.exe
3088	OperaGXSetup.exe
3744	OperaGXSetup.exe
2124	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002af14-698.dat	upx
behavioral1/memory/4916-726-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/4068-736-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/4052-744-0x0000000000F00000-0x00000000014C0000-memory.dmp	upx
behavioral1/memory/4052-750-0x0000000000F00000-0x00000000014C0000-memory.dmp	upx
behavioral1/memory/2488-790-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/4916-807-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/4068-817-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/268-818-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/2488-819-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/3088-1025-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/3744-1028-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx
behavioral1/memory/2124-1034-0x0000000000DE0000-0x00000000013A0000-memory.dmp	upx
behavioral1/memory/2124-1037-0x0000000000DE0000-0x00000000013A0000-memory.dmp	upx
behavioral1/memory/3088-1041-0x0000000000820000-0x0000000000DE0000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581870272151103"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "239"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\sourcemod-1.11.0-git6958-windows.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA	OperaGXSetup.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
2804	chrome.exe
2804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4916	OperaGXSetup.exe
2292	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2260	4836	chrome.exe	84
PID 4836 wrote to memory of 2260	4836	chrome.exe	84
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 1996	4836	chrome.exe	85
PID 4836 wrote to memory of 376	4836	chrome.exe	86
PID 4836 wrote to memory of 376	4836	chrome.exe	86
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87
PID 4836 wrote to memory of 408	4836	chrome.exe	87

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\downloads.js
1⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd72bfab58,0x7ffd72bfab68,0x7ffd72bfab78
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4372 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4784 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4188 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5032 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4416 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5320 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5600 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4300 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5816 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5900 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4068 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6092 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4528 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6052 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3488 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5600 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5116 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4460 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1620 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5676 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4396 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:4916
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x330,0x334,0x338,0x32c,0x33c,0x754e626c,0x754e6278,0x754e6284
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4052
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4916 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240421153350" --session-guid=5e18f957-1be6-4d3f-9fc2-dab8762af49d --server-tracking-blob=MzQ3YWVhMWViYmZkNTNmYjk1MzQ5YmM4NmEzNTRlNjMxMGFmZWJkN2U3OTc3ZGI4MjExYTE5NWEwMWUyNjQ1Mzp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX0NBX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiZ1dG1fY29udGVudD02MzQyNTk3MTM4NjkmdXRtX2lkPUVBSWFJUW9iQ2hNSTktNkEwTkRUaFFNVnlJeFFCaDFfdGd4eEVBQVlBU0FBRWdManZ2RF9Cd0UmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRmd4LWJyb3dzZXIlM0Z1dG1faWQlM0RFQUlhSVFvYkNoTUk5LTZBME5EVGhRTVZ5SXhRQmgxX3RneHhFQUFZQVNBQUVnTGp2dkRfQndFJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX3NvdXJjZSUzRGdvb2dsZSUyNnV0bV9jYW1wYWlnbiUzRE9HWF9DQV9TZWFyY2hfRU5fVDFfQnJhbmRfVjIlMjZ1dG1fY29udGVudCUzRDYzNDI1OTcxMzg2OSUyNmdhZF9zb3VyY2UlM0QxJTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUk5LTZBME5EVGhRTVZ5SXhRQmgxX3RneHhFQUFZQVNBQUVnTGp2dkRfQndFJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9RUFJYUlRb2JDaE1JOS02QTBORFRoUU1WeUl4UUJoMV90Z3h4RUFBWUFTQUFFZ0xqdnZEX0J3RSZkbF90b2tlbj03MTEyNDMzNCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxMzcxMzYwOC43Mjc2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0NBX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiIsImNvbnRlbnQiOiI2MzQyNTk3MTM4NjkiLCJpZCI6IkVBSWFJUW9iQ2hNSTktNkEwTkRUaFFNVnlJeFFCaDFfdGd4eEVBQVlBU0FBRWdManZ2RF9Cd0UiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neC1icm93c2VyIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZ29vZ2xlIn0sInV1aWQiOiJlMzBlZDE2Ny1jZDVhLTRjMzEtOWMyZS1lMjc0NmM5NWQyNDAifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=B008000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:268
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x324,0x328,0x32c,0x300,0x33c,0x72b4626c,0x72b46278,0x72b46284
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2488
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0xdc4f48,0xdc4f58,0xdc4f64
      4⤵
      Executes dropped EXE
      PID:3512
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1444
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff69e5aae48,0x7ff69e5aae58,0x7ff69e5aae68
    3⤵
    PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=1496 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=1484 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6824 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6960 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6688 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6556 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6508 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6812 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7144 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7152 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6476 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7092 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7152 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6788 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6752 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7132 --field-trial-handle=1824,i,9796428213831513151,939797888544226656,131072 /prefetch:1
  2⤵
  PID:3500

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1748

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- NTFS ADS
PID:3088
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x310,0x314,0x318,0x2ec,0x31c,0x7205626c,0x72056278,0x72056284
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3744
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x000000000000047C
1⤵
PID:1884

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39d0055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
eeece5e919a33d267b92b22e8c2e08e3

SHA1
5ab76b001333e3999c3d1c7dd928c9940bfed114

SHA256
1e3ca69a2e6ee930e91c55183acc8001f0390f56870660482a67b6d928c827af

SHA512
4052591db3f8243da47915192caf029ab08534bb9bdd0ba90de344fd81db284c8d5c3e8e2100320b52bf5fb4c8cfa0b14be3cef1fcdfb693ef8865b7bd77fc9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
c67beb78222708138c490d851f9ef2e3

SHA1
2dc6496e763eb19d4ecaa1796da98af5eff1096c

SHA256
b99aca1f227b98729d06f26b5c82783dbb006eb4de864bfe6d8e3d19b3af4d69

SHA512
0da9202b48c68aab49cca442c1c97b749d65f55720a3f32d67441cb9803562d1376ce4faf1ec2cc40f0c62571514d15afb87128ad77eb551c620ba2e865d31a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0cf78fe7840c934bc8094fb5a49c8467

SHA1
e6df5f2d2d659ae6837d769bd863fce999eb275d

SHA256
7ae6e9cb6f75014cc3258840f2a27ea01cc7645abfcb1884090116b933c2e4f5

SHA512
081fcc8c72952464f69a16cf2ad35dc888f029cb96ca120656f6cdee66182340c51457ce1ce32bd581b3e9bd4e18973323d03830dec4b47df64f7d3ba8ccc5c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
06ca5c2b0a632d0323651dea9e4b6987

SHA1
3944a9f4400c80d158782726a81339c0567d11d8

SHA256
e6c860722ae6ac02e40c74087d5ff060b69d96620b21be1b8af7bc84a707798b

SHA512
ce22c9a18355891d19339ef07ef94dec752095ae723e63d335ec4048acf120866a53ad8b4a0e3c02c68162eeb6f848e181d0bb42ec9b72bc424f66aa58921d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
324KB

MD5
7a2499f444a0f81d580bb58a4ebc86d9

SHA1
c80e1db934e244f11892f9683444f6dd2584323a

SHA256
b4e2c97ec8ce695352891e4b16efb59d312447d3144a67c4ad609b1cee600648

SHA512
814981e4697fe9dc47264a1b5867fb0a35d8dbca2f96d4677174a4c7bf07fbb6139d82120a3ad3c3fe81db4fba0c91f7c304c6898627bd4cf3f268f3b7500fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
137KB

MD5
83ca99e63c4c78c7103cb3548309af1b

SHA1
939b2963212b3d025e78d85451d6fb74804fecbc

SHA256
e90f0575de6edb5bdadde1365a40dc208e95276d99824e4aca9640e5e20bcf2d

SHA512
6e4404ef09bd5caa02a36b6254c51e13046cd57d8b9ed0936b5d538e412c625ed85555125e54f7dd94c0ffe0bf983316b6aa9faec46f2df8d533b256221e1686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
66KB

MD5
25a3382f20db29dda373559248dbc605

SHA1
3275d485bb1b9fb16e423216b57fbad011eb2104

SHA256
e4e6e0dbf1603234e5fdfd97e5d7446d4c512b5b24866af96167a421886d2eb1

SHA512
bd76ff19ad7fd5cba66e6f6b46503e61e147b242028f6f8c435e500ed9c0f78c9ff849f2daff4f10787cebc712bac116eb12a4c973447c0523c9dfe367ddac5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
11.2MB

MD5
b2f71b2b7129abdab6e5c190a0ce6c28

SHA1
d8e89644d7ff97657b219a8dee0dbcb372da0eb1

SHA256
50e9bbe726145de5dac095eb596b9fddea5f84408fad726f5e6a77f826e7aa39

SHA512
d7a78a9c5ce15b44d82f13b90500f40d71387a7cd1468db4d61294a0c0d726f7b27627d7ef2b1bdb4684be5355fa8ed8480bf443ce516e8dac065ef0480a76fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d3ebef14a487df57fbaddb46a22fabc

SHA1
ec1743f719ad8e28a1a5ad3d1800cad1959a16b8

SHA256
4f0eeeac8fd21d172561667f14bbd4384fb9beecd9c3f1f85d70b27e1c2900c1

SHA512
c3f2d0ae57e88c9b4ee8b28e6bfb17472e3de8dd711895758184e356d9b9e551f9a0c0276ed8cf3c05b8181e3a5a9a39cea9f759efbf939b5955bd29922a9402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1646df3081e0ed510a14a54fd616f715

SHA1
3085ce676a37b756bcaa995fd4912002d1e8dff5

SHA256
cc3b285df196fc5fbeb3a9ec2216d5ec2eef969053435e786ec2617cb090f0aa

SHA512
97047ffde7d9dad4f8333354cf68acebfe926e96e371756a87c17b19b149a36f7977de4ad8092c3ebbf5ec91149d621bccc3077d7d07fa3d9487acba711c9873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1ebcbc8bed393875c526fcb4afeec0b1

SHA1
bc5bc35d9bc075d72dab2cf22df6e804db2880ab

SHA256
b37d70fe53bb24656de8c554708462f5141114247c2307da4110be3b1dc4e924

SHA512
d012562092f44363da60bddc2e8c4d232258906264f7455efd60c9b9aa9a934b4f7e4f8b4f8859e0dfcfc368b3f47bf7035e4ffee764e2183bca11f186ee70cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
59a66d5032fab10643d857aca8318faa

SHA1
6095ff9108466102ee47a802c76dc3a900b574e9

SHA256
6ab67cb4aa005847594414d7347ce460fcfd69f47387805bf1c87eb28df5fe93

SHA512
98a9ae3bcc560a4b104075da4b9ef63bc99a5d80f22902401781669d635ba64c6e3a5a8db15447d440e01ae85016702df026d6a533b68dfe17a385b6f45c9b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e3fee834b5a5ef2d83c841b55bfcf484

SHA1
fb840cb3f47a1bcfbc95ea642dc5a4c6b8f2fbd5

SHA256
d5bffe6ceabf9885567804721ce5803104b4e1cc3689016b4a53f67556c10c4c

SHA512
5d02e7b9782cc5ae420c9640c3ef7611c116e7b22f2bd5a0036a1fb0feaf1b5855ae62123c3fd374b839b4cb9e6f931d62365d521d82c258cc1068d2a2cb5cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\655912bf-91a1-48a3-acee-2efb42e7d041.tmp

Filesize
9KB

MD5
90ed9679fe2fc42306ef1047a8ce8a3e

SHA1
4ad155fc2106406080a9584e1a74d499b91efe19

SHA256
44cfcf9a748c0ddad61bf30f555f563848d0464394b727166f0f9671b383d936

SHA512
e9ec7ecf1b3795e421add4c1c61fa05b218d78fca3aaa13b6469a9dea1af6dc19cc6c9cfb1da833abf6259b456783fa0436103e0f0ba16c27fe6157d1216e424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1e5f8d0cd5fe091d7db67a699bf149ad

SHA1
355b6cef515f6662de4d010033eb38b613d9052e

SHA256
ccc7df402b855abd3452cb92269eb36bf165d0f988956df32da77a44982eef09

SHA512
9c9d12736f290a153c670e367c1d179f754ab64886a27d5ffa5fc79ee6ecd097c4ad10ddbb1353894da46eb0d1052592b80b6c6f0e10640ce2d24d5317d2befc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
438cecc3774f55778911d352e3beb948

SHA1
edec51b3b4dcb4b92c2a1cb26da631d389c02eef

SHA256
c03d2cf454d849b83dc78427ac3afe5e4e903773017f8eac4cb867ab0bac6074

SHA512
92374df0db99a80a965899dc40f475af449fc34761a88d1c888850e843d5941f430c7e0977abed4f799031c3eae9dbdebffd5bfb502fc2dca502762e8ca2a9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
073211808ad9bcfcd0d4e2a482da1df4

SHA1
486088992509cfb37360ca25afec950041f29ce4

SHA256
bb5288f52dda9d36518bd5ac00c7aa53437c3041955942850eee87d417789692

SHA512
c201f486fd84fb70c4111e901b9b5b8d3072c978c394f48e6a46d9e13160456653ac0fffaa520b4ea3651414e311fda21f5f890b62dfe76da38967f24251807a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c1a25bd703eb44f835c6fea8e5cca7d7

SHA1
3a949d27a37b36e0af285ba789a25740a4c7039b

SHA256
796d647e27f9255408482b7649d374922d0d9a1103d8890ec26667559cc5f90e

SHA512
00cbc56dafa6ffc2af9b19db6ee1c16f1576329615ce2b3039537c06c965ffe52091df18d23ed3f5191034ecd136f43da40fd3545eb70c4c72e7d359f606197c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
45a0bc0aec20fbd96381372cc3a7019f

SHA1
2719910ae6fb0de0145c76cb37802e177975cb31

SHA256
68558fee98f338e2167f36913f0eb0dfc11e297b5627234fea321c06dd2785e9

SHA512
1823e81ab70a4f9c5bc99503a146a692906a44ddc5d970f99f89fe233aeffe66db0abb337ce217973d7e117dc6d91c005923584664972421aff1508902420440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a7d0be089810dbb2adea6623616f5f3a

SHA1
7da74838f2fb73da5d559efdf60bf72963bf717b

SHA256
8389e4af867af46fcc6132427f4027fa0b482b12e86d77555ae127c31bb8708b

SHA512
9d2780efed000edcb6b93472c88671175f708341c57c53c7a8be7dc6c98f4cf47f97528728e39e89dff6709e6704cf6edd0dca03d516e3ce0d1cfb707d2b2113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9c6c6aca65119cebc37dadf873953556

SHA1
e0ed19201843715ed74712ca6806a375c6ac5657

SHA256
a174815a126782aead16cec98a015fe1a64e881a12bb43e15abb4f6db194ba09

SHA512
16a28033e83d4b0d328fad4412953703ab3430e4d32bf646ccb7cc641dc91073fe3669f4dcc6507360290f9b05932f4bda729cab405bf65c9bdeb902190b267f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
842B

MD5
4f6eaeb0adf6cfbda6d17a061a7db0d8

SHA1
517c8d38ae0522fd5c6a676a2910f9ad126a8b23

SHA256
6cd5871086a88452be6c8f2e2625ad4f794db6bc9a7fddbd9d0fe0f3859effa2

SHA512
075246ba1f83beadcbe134b47ca7bb69dd75140cd040fa13982b326e459387d4d90301a03aae5582b5e347c731faf544ae54249245cedabf22fe39706929a0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ad6b77250c4c26376a38628fafcabca

SHA1
7174eb4ff150e1fda5ead73e6eee3d17870bb752

SHA256
2a01efea4fc2cd831c3cc7cc85bcb12056d3067476013a075e18e8d30911c624

SHA512
ec191292c3132297364135f118fd09a88031540ee5b11d554f701606ee72dd4a8e282239ea91b83f2e231cb06bfee04a6108c8ab4a86aa9334e11f821c51d385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
5693e32dc4f9c9f2dcdcdea0fc9a97e8

SHA1
ce811d41ec58bc64c279686a36cba22dafd0e228

SHA256
53eaa9ec0bff8ee04678fd8a6616a336b446d3043e3d93575536fd2b661e2790

SHA512
35f601ef2c3f0f441975a18b6e496ca8dbfdb9d85591e872ec8f55b947cad3740fc20fc2f0371ad065df4753a04e988d65d7948ad9083b7ffe93cfcc5f705d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f89efd7b853b46443f5ae6983ad99c7

SHA1
da081bf204ccc0bd862b0364f905a8ad209f978f

SHA256
fb76ff02e7ae19ea70348a41822194442cb40ee3fc1c85cb01b0261c2bea6d3f

SHA512
2b62753ddbc42ab3887592e56f6c1bd00adfae6246a1735f756b639eaf17bd206de94b7782a06a72166854a86f118f90e8210fff598a3c837cccad11e1c2dde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6f8ee48bdd3f91fd744837e7c3d60152

SHA1
0980907196623fe53810f8a8da56cfed6df17221

SHA256
d055061758c95819998e294648a4a4d36b47df1f41008de0d7ef662a749ad59e

SHA512
e35b243c60c7b29dafa2f742aecd7c2fcef9651852299385eb09f7524a6f77e59d1a09a438ec8f06be7b7850bf4075f4b57688c74089d1693276a8b3a6b6d6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eb059cd96bdb933f6f0fd69f2fc5a299

SHA1
afd5dd77d0ca470d9824ad0ec0e52b00ec1ad696

SHA256
9e145e2c3a8dc85bcfcd0762b95241f62fd99e2d494018f50161aee5fdfdcc8f

SHA512
26a1ae046d7535a7bf847870eca36ba74a030ae16f58ca49c1e9514e34791d0bd5ed61bee8cf0582ac3b04fef7995e326c708337fa493f5254f344dba59c41b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fc1baa3df82ca83b33a7a81d1c799727

SHA1
f11cbb28bbc3be16e331280833cfe5888a5c3212

SHA256
9ff717a4c082aedbffcc0b9472d7a82ea8f7d63c2e7870e68237df5fc8f43003

SHA512
a971f0fca85b13bacb6a18a13ad1fb153b8b540e840470b8672958802def20ff6b840d770a58e4d6f37fac93b023bd65a66ffe186712e5a8ac83295359b0dc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dea3e26e23a4580f83b1abd6c9708e05

SHA1
8c8360ce91e815b92889c123edeb05630a71cdbe

SHA256
998cd19fd34d18ba5d8a11dd947f67b2cc13a919edd62371d0fd36e746d385b4

SHA512
a86796982c1653e95b6ab3ce81a9661d737ae593eab474ab7c5c8132c9f7b6b7bb9e96cb1d178a4bfc1871e6a8775d177ebbdface2bd95ad72e2a313bfa3ae74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba284061d0d614570e57ea96cc800bf1

SHA1
b4c7c6d529b175a51e52c149c678cf62d518b964

SHA256
6fa4bf3cfb75b0274f24eaa4f0de7d0d1468c6101fcbcfbfd51689fa2cacdc90

SHA512
ededd5efb4f3048426a748a43ba6dc9f67eb620f2bdea89090068ec8132e5210152da3617a28d6bad4acb1d1b6f2562cd06bf9469d0fe711fe75192f0290bcf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2023b070ea02ea53421d6cf935d08578

SHA1
eb6a1e00fb068ba3d1cb7309d144ebe176e3e5c1

SHA256
f089dd40639fe08103de7f9cb97d1adf83df3eb2fa65afddba9a0f36e9cb149b

SHA512
5dd8cfa353e12625c36a2f863d3da1d3a8f5dcfa76d2c3f0c69817ef3da7f73a32c4e4a34ae9e9062438f8431036e17a6f6bdd94920212a553e04466860323ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2561042cefae4e953062ba340732c262

SHA1
ba8cdef81b7f665d62b02ee3b0e82dace5f3bca7

SHA256
ef65b8e00169ba6c58ab63e92e3a5da8a112c423b93ec157c8846e6d71bb5014

SHA512
51ceece535c2d135890d5abfc107e685ae99121c597506ff31422fb74025e0e7d0e6deacc0a744165f064987fbf68a4d71bb3ddf546967ea45528981539a30b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
52e56be1d62fe669c881506f8bf7b5d9

SHA1
30b251d44de64d8a9a169293575b1455ad65dec9

SHA256
a454da300d83617317e4510df5d47ad2287b3e29dcfd9e4c1ac697d1a67ab643

SHA512
e57cf1589fb63399dfd3a05a5a7570c4ffcdd3ca6c0c6f7e6ac071b27f9b0856603d8eaf5f7cb16021dea051a88e9a632b7124ed3611c4c3907d5343a75f7b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72dea8734d2444107a54414b147995d0

SHA1
03b929aeebb98b0a09cd80a166da2057e4fb7803

SHA256
6c36bc1afa34f22ec75d35e3c88ffa2c812d00c7cb9f8b7df03c5cfe74b9589b

SHA512
bb7f14a0f25622057458f47a4189f6a87eab28b94a5ff61e3dafb95dca729e9c341dcfca4f7ea67fe2eaf1c6a1257f8f5b138f1d1a2d4b6f8dda68ee815aaf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0679196b081d46212d0cf43769eb665

SHA1
9bc4079554447e917e426cb8785173f1aaa0f129

SHA256
5d9102b48cae4a0337b47ac72a313f267f81ed7fe1ca23b0d780e91ca9016e1c

SHA512
f4ceeab1ade78c00e3c6bd10991d61d73708899908a9ad159f75cd50a4d47a0d267d3746d3d0a7bb9e88b1bd90569386f3c7fa8b58aea95461c15f215bc2cf75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c18ac720d963562cb9c18b05c1cd65c6

SHA1
03f7f4cc67862575659e487d55ab1ae700a4dd08

SHA256
07ddb9202166e148ccdd6e3c07ed49e745c8dce65f52265be99ac859393676d9

SHA512
8c92f29ecd0b52f8f49d8b9d6e6bce1ea5ba04a3f518b19f03f4233bc2d35b71494c2529d2cf602eea50e281e3213040c39978bb3825783e44cf1b4b1a32c36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5c59c5bfb82de84854ec9fac56df4e52

SHA1
581fd5554bf43f6bad32b4abaaf4f598b28d9981

SHA256
7957ba1d884e76ecf6033a6fe37e2be34d718a0cb4f1d62f4b9bbfc189929e05

SHA512
0b28340a5ff25848a016459f1228249d871b9e1cbae965a332e6a08c8bc16010dda6099de31d49d4750c84f416a7384edf1ec3e33f220c4104564ca0be4eecc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
113B

MD5
0794451167ec21d42b60ac538e81cbab

SHA1
a412e97bcd601eb792f9d71b49c2132dd41a50a8

SHA256
2a7620f8348246050b36a0d3fe7d9fa320f31547c186e2e1b48881420b8b898f

SHA512
3cbd0d0920d082d26509b39698410a3423f4464da4b064b9de316c6c932cc3ba6c0f1bd477d8101c113decfd109eb6306a95c9cc38d171e6357b0c8fd424fa95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a160a.TMP

Filesize
120B

MD5
f9181f1ace4008186daa7959f00c9e6a

SHA1
a83eec16d2f25b047fc8a8d2cbf9b720d3eba1ea

SHA256
4f922d3aced29cffd94caf68ede26a7694cde0fed03e50450c485e795e64a4d2

SHA512
6589d12e51fe5f306b7b983cf7fe2ae54fa66857a7f185d5b959f499cd6ca0688d4dad35126b77d7ca8e6a3b8e40fbbca927193dd5343dcf13f3bb9b3610ad3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
dc54230cdeccad01dc2c085ca384d31e

SHA1
835a80f5e501ff7b96fba94d0bba84dc6a44666b

SHA256
b11c71c20a4b37f2f5f2644456cb8fb09e345215acfc8d90e9758466c32f3599

SHA512
8fd16ca210a40e568e6c378aef71dc5bf473ecdd133f3688182f8c8ebca2e9d7b8fb542ebefdc993a652c8f60feaccf1cb074ffbbfdca78062897f0ffb398f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
2a034100e3886099471562de5f8873dd

SHA1
7ae6a5b66a8ba178d0068da55991bbebdd9f0363

SHA256
2667d8c2695761d0d1debc70e24460e1764a4c64c2abf39d1a20e472c8f6b9c7

SHA512
149ffe3548ffc18f0faf6bc32fba1f5749c4b0af9c891d145c21d25b27b9a48e15d5a672c0e90e6b87e23ece7535c0babebe2c89dab040c3c6f039d4041982ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
b774acab97fcf5f1e7c2af60d021ed2a

SHA1
49ed4c5fae9c3d17f76f00357394f566062975af

SHA256
9f841b692d7e5911aa5dea4d8b807705a65f6cf11fd473a0898ee20cb80324e4

SHA512
b67ad2e369f157d70cc8782ff1b38a8e11a286393f6dec3ab870b2ae968a0233053658bd7b4ef3428ba741077fba4af34e742eab44036837eb62450354855dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
a57e6d0e62ad4d8bf2a3b94a1f266d99

SHA1
eff0dce570ebe63140cd3d117c943bf7e91235e2

SHA256
4407e8a7cca62219c8f046def2c38a6f6d14ba935553c935495701e8cf49cc82

SHA512
5a51eeadda8cebc943fbfbab0e080cba4013c1316de34a2481c31e891ef2f77ccd078b2c2b4c0995d5946596e5697b217d44fd026f31bec409b87bc1aafa8fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
684e8bdf44349c7d67d9fcf6459eff3d

SHA1
9f4b2be25e30aa46fa00c9a1f3ea49a87ca0bf21

SHA256
2b65ec51ab85127f8604b3af1f9c84f9e03a18d18addb3aa5d71d5d190c63e97

SHA512
01d405610accd5f6ffbe6588f0a9725b39540990a967fbe5b186e617c6f163b17fa08f22b4439104d8106ead5337f6ebad14dbd140a445d8c5b2c48029b1156b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
78d0e0c3662bfd507404a99ad98d7b1d

SHA1
fb10aae6207f841f86562232f517b6ef4b29089a

SHA256
19f46fcc075daf780ca9fdceed27d5e0dee25e9f6a0f72db2cd595ebd1d2b553

SHA512
9febbc6a73345264636517bdc07e668426d6548d318c2498d36c5f4889374a9e1a7ccf4fc882095b2679721ec75049a2ab1007bb27267b598a7a56636ab3e24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
1383df87a3c1881cb51a05f81ab44793

SHA1
518e5bdd928940bf70a7c062c27b2606a54566e8

SHA256
37c6aabccc2ec13811dbc5d791c30e6635f158a4737a87ae8ef5ef2205dc4633

SHA512
5d384f777b5b256564f11c0b220865b33843c634562e19da0625d872eafd66bce8154d46ea9c4756716de1ed32c0893efb4fb6b49438acf4f910d4f82ad193d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
10e69be9ec854542c0dd10798ce4b4df

SHA1
12da34e366051df44e78b584e8540934891f1e58

SHA256
0c580028d441c83f9749c1db1396ac1536c8697dfab52f90e5ff1538b9794953

SHA512
fb6b8b2fe7e8d441abd6e9f5e66bba4ae4715cd5572bd88b0be75b27b36696cf3dd4e0cee93aa26a53c14705a3cc3ee6637bd4ee9d9a389c1c1ff1f5d4cf5787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
775c4eb2a0078a2915774e535eb4e2f1

SHA1
9648dff80aa79403681892a53337aa9b730182a0

SHA256
48e00a3666750d193e867f48f97f24177fabb4789c2bcac9e26429abeae13904

SHA512
26b65126e1863cac2a2cc0acbd6e0c08770d2089fdd15744536d1e3912c9d898719126a50766b2d9b56aeb6136518f1d735145e511c431dd766a62658616c6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
012bd7d25af4cf42a576c9025f91d77b

SHA1
4ddf6d21b4943767e66584adb3820854b4df46ad

SHA256
2bf0b7557c128ed20857e6aa67b9305843af2097081531ac3d9dceff168a4e29

SHA512
39c0b0d42b66fb7ece74c455c1e63f57223b1b8df0b23071dd9af1eee9678ed8f49fc39867c24e4de885dd985e34fc2f6d8ac54e40e40b71b01ddc0cc460e8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
65e8ba607dff0ed5aeddfbc06fbb80c0

SHA1
3dc76295cd16d64ea9c69bd7f99e1057c8eff7f5

SHA256
767fd61b1982215b3d552dd232139631b22375eb729c78b68e74b3da23c67cf2

SHA512
03b86f5f2f2f80fcc320c560a01d6815d73ed3b5bbc2e81340049ae0ea41a34e6898ef0b3fc5112d87555ca659ea61c457699cd7a33c00027428bce7d038108f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
9d2272c636a82b6c7415b9dd7c115f3b

SHA1
9aa69d095decb6c8daf33f2f8c9c22b9a014c12d

SHA256
53e03786894e7de5fedb5da4db4535ae1019d635d082ee09e5c44023cb046993

SHA512
d39ac79624e4a6fe7184b5bcd38a0b95d26574c725249785bff85050ea84ae140a4e263e4d1adb676f8b531bae728fafebec94171d5773f697790bd44ec723fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e2ee.TMP

Filesize
82KB

MD5
ddabab6ae4fb603459d12e805688caa8

SHA1
ca76d6d5bc69e71cd3176b256dfb553c519a7a5f

SHA256
68a439c31534255cfbaddf7567457a5ab5e98e8ab03987695257ba4ef0f0ec63

SHA512
105f57b44f0860f71755a0902312d4093f7719c41fbfb903b8dcb937a00840c900831c5d6b8574c0751ecbf6b67d17f9d3f3ad8e9b3b8a9dba0c6e7827662113

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404211533501\opera_package

Filesize
135.7MB

MD5
34405ebfea4e1d48d679ede158d18bac

SHA1
1a2d1b3d70a26ab939b74903a827e1812b300b61

SHA256
3ef96463650872a1c19b06b4840096aed345001597b36a406ec4b0f4468e04eb

SHA512
94aed6a4c85f8dfe7b77511f39b51fd2e862059e76ac89fbdb0ceff088e86d18a9c9d1f6e5a1cc23ccac1df380f2a4a86d12e9a877497909300a1deea8c2bbd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404211533496794916.dll

Filesize
5.2MB

MD5
3b60f0a8ad54d51f30bd2748faa14c3d

SHA1
831259caa00ac546b76fc21ea2f6b4dd7c26aeaf

SHA256
0047bf9db605d0cc7fe247834f3faae5f026fae9cbe0848984e801c64a6e513d

SHA512
c352453424792204182fb334c95c5679a5b8f6448e616ad1552922b7bf061451787f17dd62ade11055585684022e53a9864671ace51a114157087042fc9da42a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
943040229e3092f96a76d22e4d24e0a5

SHA1
434caa483fc15f3020c2a643e3f9fe019154299b

SHA256
70a464158e22488fe80a2731e6aabd705876d3aad9d3e628408135469505bbcc

SHA512
85d7b0661c1079c6bfaa78b8aa103734e18b98629f931a96f063c418f6bdf29efba20c96afde7f0604d84d75522310f55bc280c64e335128eb8899c3bad3e32d

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.4MB

MD5
1afc56d138cf98f90395f7619856aba5

SHA1
67ca150e222245e62baf00c6d76dfa2835d47337

SHA256
3665a60a667b8bb7e597ca97f129c5434b6ede88d0cc3410493227661117097b

SHA512
73aca4bbf60b1c660d8ef8ee23387eb65c7499b373d09e7c112b3573ae7e8d9dcfa08c004e5b8249210850ac6167f63ada480e564335fc102ab4e8ad480577d7

Download Submit
C:\Users\Admin\Downloads\sourcemod-1.11.0-git6958-windows.zip

Filesize
50.8MB

MD5
5c1105fd3d2e0bf0cf75a0c2be88716a

SHA1
02f04d2be65967c02ba8c252294c9d1280126024

SHA256
f67c70c8cd57dff26eb1e74df8cc9e47d09c91577033f6972e7d2b05bbd5fdd9

SHA512
9681617c335ef19052c3e0b46d3dc3af013d7b594f5f407eecb7f606526f81b535fcabc2f6b12cee8ff0669de45ab9edc0db2dad3e710cb8177c21c5ae4ca47e

Download Submit
C:\Users\Admin\Downloads\sourcemod-1.11.0-git6958-windows.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/268-818-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/2124-1034-0x0000000000DE0000-0x00000000013A0000-memory.dmp

Filesize
5.8MB

Download
memory/2124-1037-0x0000000000DE0000-0x00000000013A0000-memory.dmp

Filesize
5.8MB

Download
memory/2488-790-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/2488-819-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/3088-1025-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/3088-1041-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/3744-1028-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/4052-750-0x0000000000F00000-0x00000000014C0000-memory.dmp

Filesize
5.8MB

Download
memory/4052-744-0x0000000000F00000-0x00000000014C0000-memory.dmp

Filesize
5.8MB

Download
memory/4068-736-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/4068-817-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/4916-726-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download
memory/4916-807-0x0000000000820000-0x0000000000DE0000-memory.dmp

Filesize
5.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads