umbral | hxxps://oxy[.]name/d/xlRh

Analysis

max time kernel
501s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.name/d/xlRh

Score

10^/10

umbral execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/3504-1411-0x000001920DE10000-0x000001920DE50000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2644	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SOLARA_BETA.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	installer_29374.exe

Executes dropped EXE 15 IoCs

pid	Process
5332	installer_29374.exe
5576	OperaSetup.exe
5568	OperaSetup.exe
5788	OperaSetup.exe
5196	OperaSetup.exe
5364	OperaSetup.exe
2204	Assistant_110.0.5130.23_Setup.exe_sfx.exe
5204	assistant_installer.exe
5228	assistant_installer.exe
392	winrar-x64-701.exe
4052	winrar-x64-701.exe
5224	installer_29374.exe
4068	winrar-x32-701ru.exe
5544	winrar-x64-701 (1).exe
3504	SOLARA_BETA.exe

Loads dropped DLL 11 IoCs

pid	Process
5576	OperaSetup.exe
5568	OperaSetup.exe
5788	OperaSetup.exe
5196	OperaSetup.exe
5364	OperaSetup.exe
5204	assistant_installer.exe
5204	assistant_installer.exe
5228	assistant_installer.exe
5228	assistant_installer.exe
5552	taskmgr.exe
5552	taskmgr.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
481	discord.com
482	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
468	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 15 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5596	wmic.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607672868537951"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaSetup.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1260	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6044	chrome.exe
6044	chrome.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe
5552	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4240	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6044	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe
6060	taskmgr.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
392	winrar-x64-701.exe
392	winrar-x64-701.exe
4052	winrar-x64-701.exe
4052	winrar-x64-701.exe
4052	winrar-x64-701.exe
4068	winrar-x32-701ru.exe
4068	winrar-x32-701ru.exe
5544	winrar-x64-701 (1).exe
5544	winrar-x64-701 (1).exe
5544	winrar-x64-701 (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 2140	3096	chrome.exe	92
PID 3096 wrote to memory of 2140	3096	chrome.exe	92
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4160	3096	chrome.exe	94
PID 3096 wrote to memory of 4748	3096	chrome.exe	95
PID 3096 wrote to memory of 4748	3096	chrome.exe	95
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96
PID 3096 wrote to memory of 1608	3096	chrome.exe	96

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
988	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.name/d/xlRh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0900ab58,0x7ffc0900ab68,0x7ffc0900ab78
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3808 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4292 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3824 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4552 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3312 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5108 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5252 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4260 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6020 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5796 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Users\Admin\Downloads\installer_29374.exe
  "C:\Users\Admin\Downloads\installer_29374.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5332
- - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies system certificate store
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x739ab288,0x739ab294,0x739ab2a0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5576 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240521121516" --session-guid=90145865-dc6c-4faa-a2ba-e0e20691eb4a --server-tracking-blob="NjVkNmFmNDJiZjhiY2E4YTFhNzAzYzJjYTkyNjQwYjI2Mjc2MGFmMjJiMzI4YTE0MTM5YmRhM2YzY2FiMGI3Njp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPTEwMDEmdXRtX2NvbnRlbnQ9MjkzNzQiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTYyOTM3MTEuNjA2MSIsInV0bSI6eyJjYW1wYWlnbiI6IjEwMDEiLCJjb250ZW50IjoiMjkzNzQiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjdjNjEwY2YyLWNiY2ItNGI5MC04ZTg0LWM5MTJjNGZiODY5NCJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=8005000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2d8,0x7270b288,0x7270b294,0x7270b2a0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xb530e8,0xb530f4,0xb53100
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=2052,i,8675138843996495366,852372157709145704,131072 /prefetch:8
  2⤵
  PID:5480

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3668,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
1⤵
PID:2036

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0900ab58,0x7ffc0900ab68,0x7ffc0900ab78
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4936 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4332 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4428 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4340 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4564 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4908 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2508 --field-trial-handle=2016,i,5312338680217608342,17688478167416014215,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:392

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4656

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:5552

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0900ab58,0x7ffc0900ab68,0x7ffc0900ab78
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3640 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4352 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3132 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3204 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4052 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2368 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1904,i,13900493662392583226,415920609611266565,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Users\Admin\Downloads\winrar-x32-701ru.exe
  "C:\Users\Admin\Downloads\winrar-x32-701ru.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4068

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:5876

C:\Users\Admin\Downloads\installer_29374.exe
"C:\Users\Admin\Downloads\installer_29374.exe"
1⤵
- Executes dropped EXE
PID:5224

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:3032

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c7ce6f5de99f4618a64139459eea8104 /t 5224 /p 4068
1⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb1d24d02h0888h401fhb718h6fbff5a78c64
1⤵
PID:3284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta649c2ddhbe5ch403eh8750hb0a20f352692
1⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault08988f4eh830dh4147hae67head2e7058f71
1⤵
PID:5544

C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
"C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5544

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\1e56ebda3b094b3dbcc0805d78d60003 /t 3168 /p 5544
1⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3528,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:8
1⤵
PID:5324

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SOLARA_BETA.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4240

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:4512

C:\Users\Admin\Desktop\SOLARA_BETA.exe
"C:\Users\Admin\Desktop\SOLARA_BETA.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:3504
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5520
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\Desktop\SOLARA_BETA.exe"
  2⤵
  - Views/modifies file attributes
  PID:988
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\SOLARA_BETA.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2644
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  PID:3240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  PID:4148
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  PID:1656
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  PID:5460
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:2368
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  PID:3784
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:5596
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Desktop\SOLARA_BETA.exe" && pause
  2⤵
  PID:228
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - Runs ping.exe
    PID:1260

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5f581bb2f17ab78ec0aef269a63a763a

SHA1
8c8a58ae8084d251b7756995f6dc896c60f025f9

SHA256
b8d7c26d8fc43f995b4c7a234b41f588bdb22a941d6ddbf65eda682f195790d0

SHA512
a3e4e70ea8ec3ea15604f998d594783679d0d1b939b0ad08fde13d27fa94a7dbdbdd81fa81da9a1ec248f3985c6caa294b4bb06aa394f827780169c24cba7a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
25d974b87896c2867c760b54a0a3f543

SHA1
50af86ca3904dea2dcbfdb61fd0d540fbe14fca5

SHA256
268cd12d70a4146ed694df9fabfaba00216279703ee8b6a17d170d2e0dc89b46

SHA512
1438772946693def94b3f10fb606978f93fdd4f62ffda2722d0743f1ec0eca9c2935a83d835d47551e2a34e87aecf42bc4dd3bae105588ff9b5ea0b6e6325882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
e648b4f809fa852297cf344248779163

SHA1
ea6b174e3bca31d6d29b84ffbcbcc3749e47892e

SHA256
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758

SHA512
a2240d4a902c8245e3ffebd0509e25dd5005d0e6f075f5c78a46095b9a52d86ed483583a2a8b39f1ad4e610d2f7ec63e4ef8eab89936d30da937690936ef4f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
4588208961b6b7ed6cd974687346348a

SHA1
52085a4f6c875b6949261704f05050c1727e9c55

SHA256
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

SHA512
a9853353e68286f62535548ddbf1a97f1b39c1b6200161a660b1a4eac6864a1f6e93ab72d2cfe61249bf4543e2317f04babb3be211a37c12a55d55ee08b2b515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
23KB

MD5
82db06ca267ac7fdd878a1df35f41f4e

SHA1
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051

SHA256
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

SHA512
6e9beeca7caa94fc5dcf929d5af18d24acfc2a56612840b7084fb6057785d85b272eec8acdf4457c7dd1de9bee5e03fefc082a170131002229da0c01da9a8fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
23KB

MD5
cd7b3e4dfecea7028bc1bdeda5a47477

SHA1
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365

SHA256
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

SHA512
ea11eb8d8347a39a1aa990a05cce6543e47145a1e618091750e2ad77497449e12e8b4d5b1e3385c9669cdd6a66e7dac96ff0e67913730c27c0ef2ff40a669f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
29KB

MD5
28198fab85f1ac98f664600f670ba43d

SHA1
ee0dd46d793071270130c08412258d8c32194a32

SHA256
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

SHA512
a1b3ff8361213c15bb077a3b9d31e9cb8b7705d04f2815395c13365972ca94e798f11532df48583fb3792df329d2a98ec903aa0457841da34f062f170de5d921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
88KB

MD5
f64473f7f0d77763bf319a920044a5fe

SHA1
085e34089773af2ec9ec67f206d51e9ada6a84fb

SHA256
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

SHA512
25a85139b51b7b1e45a30c3cb8a5f53d7c7c09d7a636236a2abe56e7737c5ff1b7481d2d71ccdee2959c480cece1f753acc27998c1cb981c989b5b03aec5a20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
31KB

MD5
8e2a0e56ae25b282b437f9d5bd300d96

SHA1
5d4ba26731ee84ba9bbc5487312162b826ede550

SHA256
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d

SHA512
a2529efb9941f92a6c84c40214bc9c7c97ab70dd69040238b82f9422bfb5424b41e3f56146017c4a9fdb545b17f84058e03c8179fd4f6385e542d799df5d7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
19KB

MD5
d37ece4290313a264b5e235c0dadf2fb

SHA1
9ae09bed58122b3d3c4914c45e682dce63993e14

SHA256
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

SHA512
28a9ebb27fa73557ed24458864558fca4666cfd53766795b2c6785202fba4ca67a29a25f48d3e11ff9bf462b070349571d67a92b1202ae42ca8583db3a781a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
72KB

MD5
ce2f90b81ee3a43f46c29223ad1d981b

SHA1
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5

SHA256
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505

SHA512
85333d169f9815e608eca91d3ba07b18ad6d121806caec0474fd73bcdf22cd0ec032058ae029fd8ac650667df7a382c1fe186ec15f2e13b224a253e7d7c3c674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
24KB

MD5
5f7d2bc97c949ab1c65cd36acbbea761

SHA1
21e65bdbdf39f619502950918d4fce6e494593c6

SHA256
10073d31eb34c968d2a1cf999bd437b9cf9b978a49f7fb73a9935f6a1f7709db

SHA512
df550f1635917c62bfa1c0572acd60c2f9df3dd1750a4b3158107b90b34ce2b30a65a3e02bb06c10811f0edb01fe64aa1ef33335e3dd8298f32f6d3d442ec375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
220KB

MD5
02d837b25ccab045efa956f1a8904b3b

SHA1
9c2a9ff550333cbcf0f4b840ba60e6e290f2685c

SHA256
1fa7d2dabc2368f940ce8ef7e5f45c2e059220e9bdb47e3ca5a55eebd1f79bca

SHA512
44e50f8b11edf1a47803e0124a13656b89c6ad20f5423b5a0810cb8fab15ce2c6fa6df924660b06fec800856439e7b90eea0f9144ab9931663029a8a2722c034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f041d41d1ba1360b6ee24aa7e0ae98fe

SHA1
1dbb68e6218946e942569954cf51fec1f91a5645

SHA256
03d149e41fa5930f8b6f14efc905e9d75d93771c2b1ace4f6755db70b775cee2

SHA512
1fccdeca82f774d1b913ea9221f608b389f27b2c196f90f2130696f651435a0713ee0ecb1b4102d6e89452a704ae867ffdaff3d2d8054e10298e02b32fe82614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
063c4cdd6469f62ae8bd32eac0255621

SHA1
99ae7e75313548da76c48fff0c7a82f93be9ef98

SHA256
89e28838aa800e748619b2b33fea54534f1338ed407121c86bc4138f2a83db62

SHA512
77119ebe6ff7feaae79010e87d9ad4ddfa2b5e98d41ebc3cf7f3b27f8a85c6a696ed63ef7d630551e471bb53d710f482225a6056d6f938a37994e2f169dcfa81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
57327237dc081abd8715ce3847407f13

SHA1
d806b5c921b5f58ae3935e94d24086c9a608017b

SHA256
f514afebb5fa2cdc8b1b74133acd2759d2df33a3c3ea8a2b59728f97752e19f9

SHA512
e8e4c7d8543b336e7bcf9ef18abda3a0910dda21c3f009cfc82701c7528c6db70d19cf01e0dc929f28a1438122565d9b004c553105ff1586aa49802d688168e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
39a64b33ad7f7c730c99a8ce01e78760

SHA1
68bf9b52f749e1fd702fe4598e100a5d938175d8

SHA256
3ac647fbfd92417165c4855064b03a8d32f90b3260f9c44c9421f94f80f17e9f

SHA512
dd33d75fcfd659c446546bb860953ab4302d6603a9c0d5eb378982cf99737bed64cc47faf5420e3faabbe1c1b15e603d5779a30b83b65d9afe1a509f1990893a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ea238f224c0a8f21c818391d3b3a2451

SHA1
4bc52cdcf2e7265195732a4a7fb5839ce4ce7b13

SHA256
fd79ad3272927dbc77174f5476ca1d1188c752f15f3c07aa89bec4c400393a1a

SHA512
aa81fac28b20a8e409c525b4a27355bcdd69bbfc60da675d631a69f101b4f8a01415cd1847e1b3c08c620129a4492869b2aab3216211832f37abd440caeb9d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
24708aff230fa27f87f852468f41c541

SHA1
12b8db56537f517b5e2711bcc70732779f785a00

SHA256
45f86bb1d60ed1cf251d6fb38abefc50b371a4801d568c80437345f7017fae9a

SHA512
8fd1b4e5cfed2d583becba16b519c000e7d04cbd93f6a52013fbc1926df8e9c1527dc8d5e151cb4382db030e5e3ad57f45a3967fc361e592c385e2c10870c5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e0a06c9923fb9c9fc46676391ea8d21b

SHA1
c76ef0ff6e4ea02800c3cc99ef647b1b5df89d51

SHA256
4b3babbd01bf9b48d813b74d2bf842965edae4dba1f3a5b52dad0c1e750f3f7d

SHA512
e0253fc2d4316f39326d27605f78883dbc2d2976d99240aef9d8048abf1fd8a1c401b355ac32c3736d2c0825827dfa2bf1ebad2390cce28582a0ae89fa163f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8c8d9d93fc16539aa8392b12f0fad12

SHA1
13f98cf9e253059cd5c6a68777a2ad1eec88e4b1

SHA256
c74b4256e7dda26976afbae314972144752bc6804071ec20091c6b2fa0fa1750

SHA512
a770436642550ad58d47e0e54e54178af4f74ae1d29117039ab893f662bde6c57daba2a5986a32d129d3fb91b096f61e3e90e73c84fcac3ea871721967e8a81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ddd57435d4a5ea286694cfa08de7c59

SHA1
35453cb7afb7c41761eee0a64b2174356576ba11

SHA256
7ff8acb48f84be237ed184a327467fb39462851a2653fc82333d111a70489d2d

SHA512
f988d3206ef72f98bfbf364777dc0cd9de8ed4caaf47121046ce129e5ebe51b3bc50df92b1aef2fabccefd1d2f3a4857b32b81abdb361c74b964e6c3b122ee3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6fd4349946f0771b2e5f7d352b3ce736

SHA1
0c55bb92427679ef80017d044cfdf9e69c4483d6

SHA256
3cbfe6eb1a5e5fb39ee0df8e0beaf04b3b4ccd872b92722ec9d82e0210b4dd1a

SHA512
6f2ece4dc3afa4637f7b83e64c79a64030c90e2becc09cffb66de6c4bd35c79831b856da0c631ba181093ebc8f99c4fafa808bf465bbb5129deed4934449d856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
be72186a4e1648be5cd284a7a372fe4c

SHA1
cceefb336afbe97c5c2981dfef2af8b3547cc8a3

SHA256
a246468ccf571f15b1fe098de3ff8231493422c24f81bdc14d9309af1e9e36e8

SHA512
68747177c7aad1b85457b01b4f97201da616ee0644410699f7d79d79324996a08e706afea63cc1e782c6fc7adcb2a4b0e02724f21fba1b6a5e75caaec08a7874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9488656da50a322ebb623583aa869059

SHA1
502a4400808540f3655ffaf34450d139d1cc24bf

SHA256
c015e65af184ad391961ddb37196d6483019a44c7ac7cc12ff487dc7a42a7bc1

SHA512
bc53975cc006bd2b5b4791a479a9d94ccd0ec75fa2651cb3b380f4c42a7f6b51f0bd2bc18086d6a2bfd5d80a309185e391bd7bc5b42758a4a16f5f312abc8fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d4b2cedec418cba3404e16ab6e05202f

SHA1
548cebcbb2b3ccb351d97d628cf216687fd03890

SHA256
6505e860bd19e441f62fb3ffda971f2bff8139b1633dec73bb3c24b9a9299929

SHA512
65d92fcb3255af9b5e607b5da7b7bfd33495aec8376b3585dab3a4c85cc2b4a2deb59e3043713ce34efcd46e236b1a8a7fdb27825b492dd7b4094d08cbed2635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0dc2c591d03ed671d80ee4f648e78730

SHA1
4a52620e0696c265dcd8aa455f40c6270739b339

SHA256
c0527e5a203c16dc09b9283230ecc6186ddbbe2a85591e3a6ca9bc19a2275ec4

SHA512
90f74b541f5af5580f1c59e89c5b5d6b8a48baada2747a219e2c097774a2badb639f4041ef4870691d9b146266fe7e14152d78cab73f7e30ad55387d8de9e0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1cf42daf7ad00cacff4e376f59a631aa

SHA1
fc58b25bc6f1a3be143870195bea454ac3f72aa4

SHA256
f552c56d8debb5e45bb024a96eef6c3d273905ab21cf3d73330ed5035f966a59

SHA512
49fe0508258f38879fddb0ccf5d284d1ea16b8c8865b93770da7651dc6444c055992785f4c3834c834b966aafbe4f0ec37e3106f9cfac7251a558b412315fa41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ba193078c34ac23d6e357daa81de5d49

SHA1
89dfce47b529c86c9ba58fc765f667557e99eb32

SHA256
fc949737217559713d2733cff0b74dc38285a9c485d583c71d4348a6e844d993

SHA512
00c752d73e05d5ae1d8274a89c779f82d1a5a76a836d1a873af188131e41c5b3fc03d0c5ea2ec2d7902f7f9eb22b7c5e803516453366ef74860acc45db986c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40b6edf73dac776a863e6daf428fcba0

SHA1
35fe5bd17daa4ae701dbeb843b4ed35de4ddf768

SHA256
ade21caf5352ac5e52e77d57327650dc5edc430512c0f4a508e87de81a6e459d

SHA512
e977c1e89b63eb0d5cd11ab88364d64f610da09a15fe48ae48c0325148b7a3464d3eadac89025e2b71b87a46d1613b18b0ee8b39d481fdd4d55fdd1dbfbb0d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1fdf5e4dbd3d60e466e594560c2386f7

SHA1
10782ee0a98afb9caf781d479e854cf86f100224

SHA256
9c642289f6d96dbfe608bd74b6862fd6193bba95e1122bff9d34ef2d48320825

SHA512
37b6e61598b8633dedd3e5067d41a2a482a03d4ef08e6f250f6686ed37f35c5ff0d118ec741f0af037d94b2d9af058da5ab567bf1d33f9de916d7aecae79f355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a70a2c0c51235878ab834fb3914e41a4

SHA1
e24a01248b875676c7f4a85be1fe5477d587970e

SHA256
f5db749545f3fa1bb1dc6efaba6257f6b74d526107108217fd0bec1bdd1b2de5

SHA512
304e1d06ac23e90927be7bcdd7a8275330bb4a33b0500e25aea00d49f29bd5bb1ecc1fa8bf21c044e35a1d41ef2c2fca9587b2a99c2e059f59b3c639fdd9a298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b3a196049e53398fbb1a065d1e64bbc4

SHA1
a89b2ce20ababa66df2aaa815bb53541e615c02f

SHA256
e5b1662f531ac75616370813b5e1364b49b8f46db27b1e1cb75c095204aeb0b2

SHA512
8fe79b966b701d412f9342178e43cd7fea6db5c1aa7006a2e8239764da0ad42a6170e539a1eac65886a96dde8d2a2a3ecd5603a3449f177cb8b9b6716735c1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ebaa53684c4bfa525eeb4dced744b98b

SHA1
9c1ef35562594753f4526b1f446cb024dd511cb1

SHA256
7bd79731d716b85d91ab3e35049fdae16d70a956a92cb4cda8a1ff02020e9dd5

SHA512
6bc3f41137834e5ef99dd203b8dfaab07142a09592db599347a9789b52721ebfd87756ef82f5f56f7a0070c85aeaf1fc576597566e125c24d7456eec02278f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ed93be574915c67a732527f3aeaee2c

SHA1
4885038344fb36ed027600d48475ea0ab81a21c8

SHA256
174777e70b8affe926823f68b6392ace7b2ac932f9981785164a640d8d508582

SHA512
9d468ddceef14dc65725b0c1d958070904d81144acb63d604c0235af515d00835efc550d443d84778266a1874ecb05a6b164a464abf6e1c49bcfa616d5807cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a06f8b3010e2f194fb6c48ad6b52846

SHA1
46b3f0659cd8bccb3f7a628faeb8e77ce6025875

SHA256
bdcb1a25504acd1ae6870fb54ab368dc5a12a60511241148cfeb53d51e04ddc9

SHA512
5bc50d24486b96625d5c54c1f44aabadef8e6f54c48c1c47187ef148ad5e74c131908a7b0d3b4935756287c669447d2372d9fe8a8d6269a2d07eb2a776d4f6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63c4a99b613837ce68fd07079a3b3f98

SHA1
c694af756c1e8169e4be5b081fcbed91622948ae

SHA256
21d38530e5a5669b21fe3ce51b4a9734e46bb5fe707a630c33cc70a844fbe0c4

SHA512
375d60ae9a191edce6efb5435e6d58344007fbd82c878dbf3a83424c548c62dc9d977a89685bb8372f8992b81260c005be24dc74094f0a35a223eb1b74248758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e1c2d77c928eb7a7157b7f6b95973ba

SHA1
cb4fb55d73b6fb5c09eee7619a393fe8c9274da4

SHA256
1719f08cd069474ad62ac2a2896494ceae694bdbe1ec5c891ab060681ae4866c

SHA512
bceae92628fb586640f0357594415a2b164d8abe88c15d7c7f31cc6dae511cb30d08898b134b9f848a96d2c5ca7dd12eb8bdea00097a97c66a9c14df4b0f5199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bad0225152aed05f77b7487a52ba1dc7

SHA1
1eec38e4b75fab8d085a294c346bb3c1a1002330

SHA256
595215e3adc903c95f9056bc83092c386ee5d8d4abfbda2546b2b9d0b3103a70

SHA512
37b906efc6ea80690399b9a29864f2b5c3653417b370520f69c3224873fd61fc9e0f214da22dc7d9459e2a786c348a35e58da077686e267d8da932a47c182fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04c57af82d4d79992c9a62678e4b8a1d

SHA1
09e446fa2bf569e6b2ecc18a78c19f39f455a6d8

SHA256
ae9aec72218a9497ec3972ebf31295cf524ff6df977c3f5ff589ecee11220258

SHA512
6192d596398798718a01494a08016c722feaff4e076010fbd60b8b32f4500091cbea29fb9577ead6b3309812780e92058ed6317390cad2c12a1d68974e3adb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa2be11ba67835193d7e05a27b88718e

SHA1
ece19e4f4391afac435593d9a425ca5590488d3b

SHA256
e370ae29205f51e2960f03f99c857baac69d00a5b7a5f96e4d01c14023333c33

SHA512
64f9076b5c65cf47359c9a8bf8c2394be141f6cdceb164a143c315f56662a57cb32481def62fc09e47e654bc6c57c60574bd751a4a4568b8b019b7eaf0e2a296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34fb372a1dd54eadb40d6375201fe995

SHA1
090c9813d509adabaa9b7833375e6cf0d545f5c8

SHA256
33c807a19d5cb6345696a9f17aeaf450412ae9015bfcba188825fe3557dbe5ad

SHA512
fc0e79f10f768f353976bc645b1dec7a77896ceb2a7243cc0cf0fdcef4568d109a641161c3f77508f01aa03f76e87efb9c127008746f273f61d10b9fa0951f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
74cebfe5ef42cae91e3442371353ad30

SHA1
ef76ba8cd1336f97ff6219bf826ada95bb2ea8b9

SHA256
aed8319b9dc23ec6c249b604007616cb43ea54fce0c2de3dbf37b68328300373

SHA512
2f2e322e8beed6b1bc2e8ed9627b1295793b1823cde5a6931f2720bd66ad2241d2b714b87ddd6ed6dc818835fe4a7f1b5f544e5e272904834d4fe83af3782378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b1c7af0e0f677791a988bfdee8f41a53

SHA1
bad8470f1b2a74d5240c379288125f60757d6df4

SHA256
1ffc75bac9207ad03c3735d24a03b2da1e0dbdca540f44e5caa982cf89c2e3ca

SHA512
d023bff16cd9253cb872b8e71abd9415a122d46bf527838212e400fc7ab78c51ab02f54a2c0d7204312c9bce1212eeb7cfcc52e17c7830236a834e472eea62fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58972a.TMP

Filesize
48B

MD5
761cdf414bf2d2bdaa1739dd8346590b

SHA1
58f88bf78915bd1847a3f30453766b97e0a8e5ea

SHA256
55c7cf08f5e69464ad089cf308eaddf6ef9394d9158e68c161d6d1562e6d268e

SHA512
f88e97502c64bb302f28f53eee6b8ec04236a30e9c38e6ef374061a09128692735b2cee99785c029965334ef1dc21d6e9addaabf6902097d6eefca3c86b5964f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
8cf36eed480121c6c7636ee094ad2bbb

SHA1
361bbf8e2024d143ed646e0b92324b7a558cd972

SHA256
bce3912339beb2e846ce189259ef7fc80587a6a0bd29012e7b8e29426ec6f6f8

SHA512
d564f7a930642b60f3cbee53797438e57e704019eb9e080c73369633c99201ef5ef89970551ab98ca50c07c29db71abd3b5a900973ae4f73e38f09bb2949864a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
86ec2ca7c94d876bc79c211ebe85887e

SHA1
8f35b0a13f523c98b63ba2ed85d35824e5187ef6

SHA256
2ac7e4d5a811f75b68ef2671fd54cb8cfb23941a7b61ca38535ea92c8826c190

SHA512
f14aaa3d691e284551dcc5f7ed9c9a9a98c19977c7e2ec3b1f40b9cb9cc27858e6265b42777d9c31158258bc2e867070b804b982f815416be1a4854150b050e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
37de1d7f3e88a121cf5408c21d8382c7

SHA1
76fee687886ac5510b224e2b68673676287b2fbd

SHA256
5f6453e589fcdcb90dcbab61df7eb0c0b09ff090f70835ad514146d23e18278f

SHA512
525e6c56ec24ee5770e9c4be9bda555b4b7a3af8d442e7fe383ebaa23b17ae19c6c3b807921e1abf0813d00841545b8bb4c0e094cdac734dbda7910d8bc352e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a08264dc-8242-4d8b-aa6e-86f1bb55a63c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
08b0a413f5ee16138b05c3c8d442e053

SHA1
b23cef9ff8e8242c3a4eed0b955f72ac4bcfda1f

SHA256
6c43e70dae3c512e738722a03ca7e39e259e04b70cc08b33f24c9404c396f0e2

SHA512
8a84d82ae8cc1264890bda9392e336041432af44b9413ac048eba6a7cbb5b8516fdf8ab6b4141ef6ab5e21a5228f7ce13fa1df0df797af44c627f56efddc671c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
270b73a499231fc4343cd02f89440ffe

SHA1
70adcdfab542fce9a1b14e44bcd25a928874f634

SHA256
965d58cab460e8ff2573ff9ca1d91a8bdf837e6fa2c49cec5baa4b4679d40a66

SHA512
98a45b0dfcb64a696462fcb19ad4ed8c527673b9aa0bac37a0317dd07ea5547ea02e582e199285a5a675ca1d6994ae34ee2a1ac2697345957f617575e3caf05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
3018f0567765e5e3635cee7ba1ca208a

SHA1
646be940a6e6367de236c1f5115e83207c22c952

SHA256
836faff476fce3c8a3570cbe9d30e0a478a3e3f75ea6e7d5ccc9df672b45b11b

SHA512
f22e0c9e58aa85f34b49567bc58430281269a1fb37825525d3e4d1a56701a7e25c627754852ad8129263d543c26433a9821669000c782c16628ac886e3658427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d811ab64d628f1ddaa8ff78ef590c901

SHA1
e1a78efefbf234bb3fb51cc10b347ff264dbbb01

SHA256
425478f11bf9fc98bcf933fedf562767d4f13b78dc4a1054aa49f60ffb0df03a

SHA512
3d84181bf90b8c54e8523b405e827de5401171a50850f7b5ee8c63b44322a5e887c94033ded4dc832340d544a8eec217a1d6bff698c9c4feba556d5881a9a8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
926858b5af7f3b9bc75d1fec16399ee0

SHA1
4df31c9910d3bf36496bece22e26590ea37b7fc9

SHA256
013b35d8c8e54bb8d72d91dde64efd90119bdacc7bc451b3390b344464d82183

SHA512
913763dea1e9db197d39e019278b8ed2be84285fcbfdbcc7b604276bd9e29abd38f4e39afdedf8d9828a4e0b14aa950d97bcea2f66f7ea67b81c4cc2ef0c0856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
a6f62239d7dd4225bf3bfaceaa878a6f

SHA1
2de96fd74a1bbcb7aec4a54adf4942a42284fd5d

SHA256
6c573772b43ebef7857bcb35d289a57553795f784d7ff89c2be8a690c18c754c

SHA512
2c77e3ddbd67ea8e5e97b8b6225c71c8cb73ad4800a38dcea260f831181d61607bc63244fdfd0a7713a1ca4559d791168af5073c3fb240c37d9b73334864c2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
aed878e5fc7335976f81110db47e64f3

SHA1
a9fe0c85397eb4c7370bfaa9d8fe8a3283c300cd

SHA256
0959fb920bde9e54fe824798290ff56bfb3be105ee777a7d2341ccabf80ee33b

SHA512
bde3f6bb7dca024944db07ff352f2ce1955b4972bfcab8b1f3c671f1fe082fcc0ebdf1638b7e03073bd52af21adba9b92ac17b8dc58b2fba9de55f81e8f90d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
cc1b5bb453947d461326f4c949d82440

SHA1
83102b88aa4e1c2bb617a563f0b7058ce9ca6523

SHA256
30fb067ca6a3bb817d761e57b35bab25bea4606efe64c4bdec66f1e82b92c105

SHA512
e77141e57bcb351eeddd0014656f76fd713f7eb778905754b48aaf3345f4bf304ddc341ed521d6f2168ba192a6bce11526fbbf0d3923299eb8d9c8a23681bf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
1378be39f2535d0ffc1bd54f76d76677

SHA1
a6274fb360ed05a3ae6c04b6b4c8b778eaa7ca2f

SHA256
4f1f18537684c5ed002d9c5efd1a611ac555058aca79669f4fa84fc06a425351

SHA512
e4140ca6ea916f801c7fd27da955a2d348c52496b605f759ec459acd143a7a39bbce431b6cced5609d6515b871a0b5c236f29bff82659a48603e875ffee5a7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
405d02a4a622874bf9c9e7ed88e90b3e

SHA1
58ab5b6d0dfd5e380367b1c9746541a9f40b48e0

SHA256
6f1d4283093c6d34675553f3dab48de5717cc4c7f22dac9ce456ec79043734ae

SHA512
63a967b94eb02853df2b96978064d7fd432fbaa30f02748dff5b8cf9a0142b9c4fef35cc7ed27043fe7b41dfa251f095d3bf088585501b207c170f6b05fb47cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58846d.TMP

Filesize
94KB

MD5
260290624da20c933f0c595386e4e633

SHA1
e1e684a29693a85b547578d4e77e3308d2b88f3c

SHA256
86839cfc3311a628f91008fda32f5338965c8150e6ed4303171ed9a59d1275ac

SHA512
ca919d25369ce093bb0c9dde621a1c2bd7591d31cd555bfa665c8881f59ccf3ffe0899127402aaa57dcb55c7e93517a2389575c4a75936b8642c1018cd0a63e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
13d574aadfb3e9b1a9b63e65381dd324

SHA1
4bbabe4c341f05bfd723530f92bc18a1cf731f30

SHA256
465ff64977af6e7d74eb7c2444a67e1662d5b036f04c82998278861e093b9c3b

SHA512
c0e7ed09792372a6db7f635f3b0030a7610e42ec531c3845c5bba36f37a75560aeed2a4a868b2884961075ae351960acd268cb635f5e087d5e27083ef6953e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe

Filesize
2.5MB

MD5
028fb19ee2cea3e611b4a85ac48fafbc

SHA1
d1a802b5df649282e896289b4ec5df8d512b53dd

SHA256
e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117

SHA512
99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
b6789061eb88781add48ec7095ff78e5

SHA1
c2cdf5723a94b3b5a69ad78a5e869347444abe0b

SHA256
c39c7199fa2221783ea61f085f484668e3c452706069b046cb0f4a9d4cb4c0a3

SHA512
7c9a61c7f8d45fb7a2591c0c57c22bca0b527e3b6b4a3bdde5fbdcca25abc1e0c56a244a39d4b65a91316eb8f19fb8232569f5781eedefbc0898646d4df10f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\dbgcore.dll

Filesize
166KB

MD5
a4ed3b36776e0155fd24ffa609ffc2f4

SHA1
3d6496f21e0f04b6789365d06e71fe7de284b1c0

SHA256
b69387b9284dc36d377e4066c4cf361dc65efc6c784af0f8666d9684fabd2d29

SHA512
ae5d052fdcc7e7d3e593a1fb2dd5e64fcd75c7381ff4e4c5f4302d8d3c058a48c943c66d04c02d44d45c2bda36b3d3df096dfea26fc35d3c682bdd5221225e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405211215161\assistant\dbghelp.dll

Filesize
1.7MB

MD5
fa64324149160877768551fd96c360dc

SHA1
dd76ebe617271465ae5820f49152f8a89703ae1a

SHA256
7f4a2cff90524b769781b763077be198d74834c6b576ef9f27132a415cbbaca8

SHA512
72161c1b0449f546e2a3560369f5cebbe71c5f098efb4037a9ec229310082b0fab2de10b8a0f94b0213d5119cd9ff66daeaa73ca2163ba0224b5cd8526f7bbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
5.2MB

MD5
cce782c83ea4e47b98ebcc648cbaf118

SHA1
8b6f1b04294a7e737ee2d8977c8062e8532b5562

SHA256
58b243e3fbf618c42fcefa289451f13fe45b72fab41341becf86b80949bef1ae

SHA512
8441d3d7af217c1a56dc336f21d8ce867393d8ee974b192524fa96c9e5124f858e841b1e7552a46e81b18be80b9c04c8661cf902a998ae70fbea7260c9711a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405211215146975576.dll

Filesize
4.7MB

MD5
74ceaf1146735fe0e297fa37ecd98349

SHA1
d77927d0b1bc98c4a1d1839591b1d3d5da2e3f50

SHA256
b4bf308a845e7b2b6cf1743a7c67440c8690a73631977d75197ae4616996c694

SHA512
f7717dbf780b5badacb27d83fc0e55b14477fe2179f11396780b053ba928b1875d77c83c470d5940ade9ce53082989cc581d411e9b441b52fe0b1f9396115251

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vxo4a3sw.ase.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
467d0b2c8ebd58f001609bafe19bafc4

SHA1
556fc4d457da2507f4668bf57bcf6061c7202430

SHA256
a4940d636716ebfb283e30b25c92624414a008911f212ea1090d33ba92b32d1b

SHA512
bd7e7c1b37cb81c1df336a9ecdc713d7fc4c7b5b02b602f8b9da5b205bd5eed362224955bb1201e956100b77bf1862da74b3e1edc94e489e9761e8f0d108ea1a

Download Submit
C:\Users\Admin\Downloads\SOLARA_BETA.zip

Filesize
91KB

MD5
41485ace245f211d5be152ff553dd3d8

SHA1
d4770897d54bf6f083cba5287f18886ef8b9cb41

SHA256
631aa3f90f033daae2e1e4d493b25f9d583ae21a38b02a1fed882049d44b9811

SHA512
3cbe153649347a80acc0b5b5d79b5a03386bca8fadcbd441e25f062e09253e54b257e34dc3feb49d6d3ec32316e9fdfab9181db4756e286e3c605c647fbaaf50

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 224492.crdownload

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
C:\Users\Admin\Downloads\installer_29374.exe

Filesize
505KB

MD5
c2f4144790ed39217b1dc7cc511ef8c7

SHA1
3c033675a05d6c57e587334b6466964adb69dde5

SHA256
0ccda2c02458f8251b7b2e825b44f95ac6b2cc8a0ffd53a50432992d6f9de8fb

SHA512
1927500a11be63a3ddb51db63f3f28f606666c172553645764ff160c626a866b96b68e5c12de85665cc4dfe852ce545077270420baefac4bd0444176e32122d7

Download Submit
C:\Users\Admin\Downloads\winrar-x32-701ru.exe

Filesize
3.6MB

MD5
cfc0f8772025dce9a5a35eceb79718e3

SHA1
29dc59950b2ce3d6f645c5252508426109041a39

SHA256
d3e3df5181b91a3871609458b4581482b3f8f8640860fe9994afde0b7f92d3c3

SHA512
e1cbecbe304372171af8126a66115a0e213687ee9314fb864fa25b3b2c3c51843944c2a9048a0bb042bec27483a3b30f32e776cadc46ed2d96a7e8ee19a97257

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Windows\System32\jpzkqk.exe

Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit
memory/2644-1417-0x0000017247230000-0x0000017247252000-memory.dmp

Filesize
136KB

Download
memory/3032-1185-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1192-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1193-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1194-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1191-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1190-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1186-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1189-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3032-1187-0x00000268FF710000-0x00000268FF711000-memory.dmp

Filesize
4KB

Download
memory/3504-1437-0x0000019228600000-0x0000019228650000-memory.dmp

Filesize
320KB

Download
memory/3504-1411-0x000001920DE10000-0x000001920DE50000-memory.dmp

Filesize
256KB

Download
memory/3504-1436-0x0000019228580000-0x00000192285F6000-memory.dmp

Filesize
472KB

Download
memory/3504-1438-0x0000019228270000-0x000001922828E000-memory.dmp

Filesize
120KB

Download
memory/3504-1470-0x0000019228500000-0x000001922850A000-memory.dmp

Filesize
40KB

Download
memory/3504-1471-0x0000019228530000-0x0000019228542000-memory.dmp

Filesize
72KB

Download
memory/5552-1074-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1073-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1079-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1077-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1078-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1080-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1072-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1076-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/5552-1081-0x0000012E10B50000-0x0000012E10B51000-memory.dmp

Filesize
4KB

Download
memory/6060-445-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-435-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-444-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-436-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-443-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-442-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-434-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-441-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-440-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download
memory/6060-446-0x0000025693B60000-0x0000025693B61000-memory.dmp

Filesize
4KB

Download