hxxps://getmyfilenow[.]com/lp?id=Delta%20V3[.]61%20b_64188184

Analysis

max time kernel
693s
max time network
700s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_64188184

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	setup64188184.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	Delta V3.61 b_64188184.exe

Executes dropped EXE 12 IoCs

pid	Process
3096	Delta V3.61 b_64188184.exe
756	setup64188184.exe
3292	setup64188184.exe
5460	OfferInstaller.exe
5748	OperaGX.exe
3740	OperaGX.exe
2852	OperaGX.exe
4696	OperaGX.exe
4436	OperaGX.exe
3116	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
960	assistant_installer.exe
3648	assistant_installer.exe

Loads dropped DLL 64 IoCs

pid	Process
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe
3292	setup64188184.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup64188184.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup64188184.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGX.exe
File opened (read-only)	\??\D:	OperaGX.exe
File opened (read-only)	\??\F:	OperaGX.exe
File opened (read-only)	\??\D:	OperaGX.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
88	drive.google.com
89	drive.google.com
90	drive.google.com
320	drive.google.com
410	drive.google.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
5824	timeout.exe
5216	timeout.exe
4340	timeout.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
5236	tasklist.exe
5220	tasklist.exe
4468	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Opera GXStable	Delta V3.61 b_64188184.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Delta V3.61 b_64188184.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	Delta V3.61 b_64188184.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{39AC1660-EFEF-4275-B338-95CF51E3F3DB}	msedge.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup64188184.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup64188184.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup64188184.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGX.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 139182.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5780	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
3112	msedge.exe
3112	msedge.exe
3384	identity_helper.exe
3384	identity_helper.exe
5216	msedge.exe
5216	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2136	msedge.exe
2136	msedge.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
756	setup64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	756	setup64188184.exe
Token: SeDebugPrivilege	5460	OfferInstaller.exe
Token: SeDebugPrivilege	5236	tasklist.exe
Token: SeDebugPrivilege	5220	tasklist.exe
Token: SeDebugPrivilege	4468	tasklist.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
3096	Delta V3.61 b_64188184.exe
756	setup64188184.exe
5748	OperaGX.exe
3740	OperaGX.exe
2852	OperaGX.exe
4696	OperaGX.exe
4436	OperaGX.exe
3116	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
960	assistant_installer.exe
3648	assistant_installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 1088	3112	msedge.exe	83
PID 3112 wrote to memory of 1088	3112	msedge.exe	83
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2724	3112	msedge.exe	84
PID 3112 wrote to memory of 2936	3112	msedge.exe	85
PID 3112 wrote to memory of 2936	3112	msedge.exe	85
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86
PID 3112 wrote to memory of 4024	3112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_64188184
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7104 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Users\Admin\Downloads\Delta V3.61 b_64188184.exe
  "C:\Users\Admin\Downloads\Delta V3.61 b_64188184.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3096
- - C:\Users\Admin\AppData\Local\setup64188184.exe
    C:\Users\Admin\AppData\Local\setup64188184.exe hhwnd=524924 hreturntoinstaller hextras=id:d8d090d10951db6-AU-KA1rz
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5460
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
        5⤵
        
        PID:4596
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5460" /fo csv
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5220
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5460"
        6⤵
        
        PID:3624
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        6⤵
        Delays execution with timeout.exe
        
        PID:5216
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5460" /fo csv
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4468
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5460"
        6⤵
        
        PID:2148
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        6⤵
        Delays execution with timeout.exe
        
        PID:4340
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:5108
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 756" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5236
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "756"
        5⤵
        
        PID:5360
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:5824
- - C:\Users\Admin\AppData\Local\setup64188184.exe
    C:\Users\Admin\AppData\Local\setup64188184.exe hready
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3292
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:5780
- - C:\Users\Admin\AppData\Local\OperaGX.exe
    C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:5748
  - - C:\Users\Admin\AppData\Local\OperaGX.exe
      C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.100 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2cc,0x70fd4290,0x70fd429c,0x70fd42a8
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe" --version
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
  - - C:\Users\Admin\AppData\Local\OperaGX.exe
      "C:\Users\Admin\AppData\Local\OperaGX.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5748 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240525130258" --session-guid=6e6487e8-5e24-4138-bec0-a4dfaa742097 --server-tracking-blob=ZjcxOTYzNGI0MzYyNTY5ZWMwYjI4ZGE1ZGYzZWY5NzBmMjRlNWFhNDI0NmI0MzQzMzg2MzdlYTZjMjQ0NjgzZjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04YjU5OTlmZWY2ZWU0MmI4Yjc1MWIwZWQ3MmZhNWE4YSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNjY0MjE3NS40NjQ5IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI4YjU5OTlmZWY2ZWU0MmI4Yjc1MWIwZWQ3MmZhNWE4YSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjhiOTI0MjJmLTliZmMtNGYyMy05NTNlLTZjNGJlNzU2YWI2MSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=AC05000000000000
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious use of SetWindowsHookEx
      PID:4696
    - - C:\Users\Admin\AppData\Local\OperaGX.exe
        
        C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.100 --initial-client-data=0x2cc,0x2d0,0x2d4,0x298,0x2d8,0x70364290,0x7036429c,0x703642a8
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xcb4f48,0xcb4f58,0xcb4f64
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9418670941577985311,16126987837744725119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
812B

MD5
ec95ba152315371a12b61e59736ef2af

SHA1
5420ca8697ddefc184f61745f4737305a68a4e75

SHA256
55c56ef40fb19a4cf6d03acd5c5232286fe429d79e0f619701f32d51a5428198

SHA512
ecb8c92181c02083b06272b5d92acbbc51abcd3eee7e42e06d8df77fb2e4240d5fd2f5a1a084dc9c4f7945218fadc1f6a4532145c12dbc1887961cee79f19be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
1KB

MD5
7c2265b9aad8a390485e106ae9a44fec

SHA1
d8398429ef17ac07aa562efc6055f7dda9c2cde3

SHA256
3d1ec1edfe811ef32ed08db473ba27d3246f1ed7646ff831250d451ef70342f8

SHA512
b979eb283694091c29ccdf3d57964ed8846429ae01097cd395a9f570232907ec882847b34ae1d17cf1d94200f9c937c5f50e4fdac7f4904becc5a28a5219e17b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
540B

MD5
b7a36d0925685f0a452980a5e1536d7f

SHA1
93aa465db17a4399c9e5282a6a7dad31e32b396f

SHA256
b17b19112331f695ed901045dfeda68dd4a61c9a3a3a24d0d6e016576786eee8

SHA512
fd49de7b59ac0cd84eaad19fc9ba65df1f050dfd19e9355851e5a3d708f10bac6a746173efe4aea9c2e5cb555fb53e2c8ec39690ee71d17d111739c53d8bc257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
528B

MD5
35cfabe606aea49b3675fbad996e6a16

SHA1
6a1d87d7400ee8bdf5c0107098e65062b7e80617

SHA256
f336eb73ae519b0c778ce8b627b529e3c98d9da0d3b048d16c05813496dba8c3

SHA512
ddec34786faff58437ef5fe6ec40f26f501fd8eaf201001cfef3f852fcf9e3aa63cdaa91c5dcd7c31a718ba3aa4fe26d8f3b7fd0b347744c06b0c68703f65e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
40KB

MD5
3c2ac6ed09323fe172784cdec7f3d671

SHA1
79eb656ac99f1a2efa7fbf8e8923f84dd2b63355

SHA256
67d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f

SHA512
ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
1f7c0a3a257e5f561b61cb6af85289a3

SHA1
7bfd5ea039ee0f291fa4e5ef23ad91d583e840d5

SHA256
d15d37dd6e8b273c4bc1e4d64b8d462f33af2fd58831ea3e28c1cb6fcdec8669

SHA512
64a0eaa739a6f7f6e5579975a1dacb1741fe8d2f106c08df6cc87fde0bdad59ee80dbc8f7ea38cc926b5a51e469e32cb11effc0cb1ef50475fbc7747d240a442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
28KB

MD5
74271be4cf454fcbf6e96ac88b08277b

SHA1
e89d89325746581b630e8d88ac9977cbb089b47e

SHA256
8e2e82123fa233106cd4589032c566df9aecf7f7a7b496e6aec2fb0123289316

SHA512
fd2e13fb77254eb99ca16b8b6174fbb676ab13f593c0a60bce285ae04d9679214eb110218f2496e50432ffebf05219564f9d53e823f86746327a60680bfd6470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
56KB

MD5
8907de64eda658ad5435ca53879d80fa

SHA1
6eee5072235a2f95baa5bf3d0eae83839b696e08

SHA256
8adcb5d5c14d8f83a4773f361a95992d5890147305ae88c21b6d2d425a07842c

SHA512
d2dd7756b73c761e647cc765d507a2a6771f0a737ad5ebdb8519547ca013966de8f46fade7785b679d3577b7502e1b692797abebf384c25bd8085c91e5dfefe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
32KB

MD5
05b3ca1301afe06fc2a11e50adb849ad

SHA1
e984ca1c9cf31ec5b4db53c4987743b4efee4223

SHA256
211520626cb13520a020f3fd6144d99af2368d6ebd9ddfd89e314d87ca358025

SHA512
6a58cb1d39a096d20c99ed9c2d8cfdfaf687f0ffdba622e2f4d9de592edad88f85dbba3bd07b56ec5a211e887d7322f9a34db626edb6fd8e73c2bccddca885b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
27KB

MD5
4b419751b95602190e663dcfb4397186

SHA1
584625bb902af71e0d551a72995cce18736bf738

SHA256
566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2

SHA512
60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
83KB

MD5
7671d87eae383d3a88f5d9a7e7a83d99

SHA1
bc2dfc0be4b39003640a322cb71ca5ba9d548d90

SHA256
173c8d680338c485f3b50475f7d3c8d2a5981ba2a0ea9f05137d2efc8f7f739e

SHA512
4652c19355d5fb77029c0d95b02e9da73ba04377c5e590291008d042baabfdb12ff9fa9039cf6c9f5032caa934611ee7e0b0c4334fd67e44ed6c73f42a9244ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
058d0c69ec5d6491519dac6537e08b98

SHA1
67666bc6c7961f680a181114d216f1c644b46496

SHA256
c22643617aec4c15eabb0458ce2acd746031b28505612a8022f4baed186be165

SHA512
a69d83f6211d04f372de570683a1300e0b6e00ed875a68650f3e0346181b7647c7fdaaf47a1c4d9650d89cf7e178ae8a0d9c9ce18a618c4e56897067cbf6493b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e9757b3ea21234ffca777fe3407b7d63

SHA1
b3cfe1c5e2f2406a95d751ae87248694e3a3b573

SHA256
73dd07d5aeea9f7fe6c26e14abd200b8c9c63314b096f5631e0522570f94c55d

SHA512
6a4afe171730b68b82fee7086afbfbf649aa99ca01e116640083508a42a6e95bfbb86de8aa231375b4f10dd1cbd815cf12b5ce918a26cb91002998b94762e672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
70dbaadfebf689be66fef38869144f93

SHA1
0a5ac95a097779bd357f7bc7c84cd0883902af87

SHA256
0361bf4d41c68de05070f5b36e1d956f8fe5a78803f3e8cbd046c5263b806358

SHA512
328288d9c4693e761f59c3e61b37099e01b3bccedd5ca9a7e34a5c975be7a15c9f24d500190dac6c46e4daedb86784866e5d6b5e8c2dc3d757e7e88abc425bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
34394a19c68e224a44e8927c7a12d5f9

SHA1
ce32e5ba171fe55e1612ddaba60463bf4472754e

SHA256
814e7dad791930aee70c4bd38b75a004b7a51c08398a070078f639cf6a10ac07

SHA512
bfcec554034ee7c19d72ebfae42823b47f92182ea3d6bf7ccf0eecdd7ec0ecac7af154520553873b2dfd7b8f49da7b4ff9a7590a79567696656b3f1e05da6485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7df06320a344f00b10a3a622d7709f84

SHA1
e531e7eba2fc7686a13db6bff02497ca38d4b4ad

SHA256
0e4ab4844dc540a3a3e09ec09435df98bead01059581bc5d054a7bc83e02b45c

SHA512
5ea65824aeee627665921e9e72b1988e4ca4fdc66ced08400615a3a4861ac061781ff10b8d17d3013d368d4a484195aac84bd120f1c75e3bba4b850e12afe568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
05854966ee46086083a321427ab41f05

SHA1
a58e5ea1aaab791f798f0c5eb6724fd51898d9b7

SHA256
49a748e8146d4e18eb79c1ee4e941d4d5f61db1616742bbeb1e58dbd64f4b0d4

SHA512
7d729b853a6a1906b437ea889a96cf3e6074716bcda45ecfac43a81bf3802a02105e37e42007c5c4a1797b9dfb067afd45807f3ebd813f69ee6092ea43ecb6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
510d5d9e7a6557da9b578c030cd387ab

SHA1
5eba5ac93c321753c3f4a14c9694c260ad1f0cbf

SHA256
21f84286833b87f776ff7ef270950986e8bafe6d7db6247c3df76e0f425aefe8

SHA512
4d7a7a93a651c46b79e013bcfdffc5635fad8e279e420d92cf6ef7b91ce60165b8809d2c813538a2f8f28caf174d3d5d515b91850a2d1e3a71e88d64b77e9279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e8f6d005a3c25130b70784bcb566e9da

SHA1
fb284e879e5231bf37bc30c5996b7060e91b1d44

SHA256
16dea9e32c49a7d52c2c6cafe1aa7cb21bb75dfe3d09cafc64b12154f88e8a0f

SHA512
a4f3eb74598cd1996b96a206c0c05c9cc293637950ee66744cbafc7d4687a3b90b0571d160a09d5338c1414019f8a358f53cbdde8cc0d77e453b4d4f476f4305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
70bb890d75594a0a5b42b66e74ebc06f

SHA1
61697553859c9dbe289790e1ef5d5286c1ff4312

SHA256
378e0ec68160fa0b0890ca948f0dd0e739de14f8aac5d10202ff3d3c2f2eac88

SHA512
2611b935a68f3fc8cd49d22da39dd87f4aeab7cc36d34f8e78b1b168799f3e928b08eecd2a282861acf4658ef0f88c47f100a0cba72edbf5be5e602ef74256e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d989c723be52b8e22926291c964cb149

SHA1
785db034c00e75b7b8d416dbc9ef4544decda170

SHA256
7173ac42e54c6f00f73d11813ac796ccf3bd85887a4a281004b6be23320ebb93

SHA512
df9693ec805ab9bf5d147d55840114158f632d7ace52fae6a95daef9b67ade22b65acd29602cbe42994209043d89dc5e17a87ed8231212e58e54d9dbdb183c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.blob\2\00\12

Filesize
215KB

MD5
286eb1de262afa09be385abb00dac6b6

SHA1
cd2526b1afb8e6abff6698b6a4d2959d975ea357

SHA256
1e426b584771b4dbcf2797c0ba60085b638a39fde5ebb31f507fcc752ea20213

SHA512
5364f5f79637a80548e3ee89229ceaf739980798a633015646942a548e94080353f0c431f77d5452814123e7530812486c375b6f1e3860d649901fd4f1b60811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.blob\2\00\16

Filesize
215KB

MD5
acf7596d903248664e11b78e96475e66

SHA1
06e514fbafac645636ab8d5ed9dc6850bc4347f0

SHA256
907f9459d134dce4352570981a76857aa9b09d2ea036228e55a2bf7ed4bc4222

SHA512
4c1df3bbb76e4cb5ace36bedb7b019e1c1a0b61817494d3bfd9dc78ea8859ae2bd73125383ffe4cae927d5e2a4baba4be9ecdd8cafd8244c4f207fe80aee4402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.blob\2\00\1a

Filesize
215KB

MD5
37585039a34c810b0015f0e1574b005f

SHA1
7a11f6d7264a84ff0ac3d3fb8233896d551a4751

SHA256
c3ef88135e820d7ba22f3a2b697ebc0ffb08a52247c7e047b44fd5a43118aaa1

SHA512
017446ca31e23a8b0be62523a1ed1d7e95c2e84369e86ebcdc6ec2a8c5c7d898db55933db384673a82454c0d6cc18dd0d52a7a18d33b82673cc99b49206e19c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.blob\2\00\3

Filesize
199KB

MD5
c487872b60573ad2a147026ecbeab9a6

SHA1
6ec801804b1ab0ae411203bcb8c6fa1531c9ad5f

SHA256
6f33d18c038ea6040dbbfa7d9c705b15b0b909aa54e9465feca495131791372d

SHA512
5fdcb545d3fa0088e55d04e965edbb9f6a977e34bdbd91cf6168c17dfc470050fc665f756751303064ff3b2c8b7e347d75c71703aae68610c224e73836a5363e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da8f21ccfad1fe740f11d247fe8c48c7

SHA1
c0c106dcd260feb26344259ff57031b2420e32b3

SHA256
083d44bed02f0a35061ea99f72c27ec04b9c9e0931443f365b43ade69a15ff0a

SHA512
c05260072582bafe970f0087ffdc9bca5c213350e8566aaf6ef5e67ade552931bb5ff3467d8b24b8c61a0175e25613a676c7776a4e8bcf4fcc957b68e8d4e37f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
439e0ea27791c355ad015c6117f8d50b

SHA1
56845e2c02ebe1904d4e9706fcd6e79bde03b214

SHA256
5be931bf305cabc077c62fa7e7268028a6a141aa996857b5792374cde98f46a8

SHA512
ad2e309e628941bf49432b1766fc6e762b229a3a9b3d0064115c380c3c48eddc9086bfea761697302c08c0cd2da471dd9af67bb461fbbbdbe9faa52ad45aa194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
f2024e013e60a9ce7a58ff731496150c

SHA1
efabe388a5ccee13bbfe40c69990166d6b0a0182

SHA256
e50f66e82ea7298217b5f7dbd6f99c194826b23fa714deb800da4046a4fa9711

SHA512
32bf324af8c80b3690818c2d3c82bb6e9a229d00170c3207373cf3e59a3fe1e9af952e9a0dd9aaf6472a0355cf05d2292a8e0e083b1c1807fa8c8a867c571764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
aa09f8cb285718025cd479399a58f417

SHA1
004137b02e857381c2b6624eee223d954bf2b9ac

SHA256
90f9fe7bb881ad5e32478fa357b16da6a8bd5f81779941f8f798ad7eeed23f1d

SHA512
f18e774f535181bd9506549ccb1038f93acd56519f9ed6e43075fb9f3348f9b34d9c51a6b9d32ded17f6d6592e50f800f74abb5e7181eacf9ed6289d0cbd57fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
6a7b0bbf1561fb3ca4ea89c3f6c1d49d

SHA1
8b2acb28f4403f221ed8b2ed63d558a30e42c77d

SHA256
75c7e7a19fa225fa5cfe4f91f27fafa2544604011a3659bbd9b1d0e8cbb9e2d6

SHA512
b3693020a9380327c326e97bf8c9531b3410bc097371081ed0c19550d5db849353159185606a75252ef53a4c442aa74ecd6e56480e73dde50462d98820a44a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2eddfbc98ae2af477de2fe17f7eebb3e

SHA1
f76e92d7d5aee580507a261f131ce06171483a48

SHA256
90916377d655719a352fee0af16c99b7f50c2f69e1375594e0e9b3c217c62f12

SHA512
f4e32f716c704f202ffe2604686fca8b251359b2765a278e7de0510cbbd40f423ff58638575060954bf8b0a4d314e4f91c1870545ecb1c75c1059aa030a070b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
c285967828dba2c070ffe2bfacc98900

SHA1
abe42d2d88c5fd6a2ffb0464b366b999081d9957

SHA256
0f2ece8b417942c2dad879ce138d7c471ad2cbf5e8e4f42f4edde2868a458418

SHA512
23f87b0492ab25b54dd609a2ce836de9cb75d787f29ce041ccae2ee2b8dac8c7e78b13ebc15c39b28b80572f323d0fb89c6a687ec46f2537cd157040818416ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
5e6557634af8874b00d4ed145d64fb82

SHA1
8fe81b17cadbb74a05e78e29697f8274f53cdb54

SHA256
5a78e4d9cdb28c3e7c80dc561ffa437618ea2f42f614b3807ef3aa384cad91f8

SHA512
2364bf1de0b954a5f5a0d92decb09acd1393a42639729ea4e47f683b7bcb5f7819b78eee90b4dbbdc69f72f0b0bac6e9c7ccf71361e9ca49c1c7aabd309390f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6abd6faf151fd5159fd17d810606148

SHA1
9a108d0a433a128f388fc2c70c254b0d2e36f786

SHA256
dbcc31712a6fc35b089651ec8b8534042169039db60ba66ca471fd3a3f599446

SHA512
6308bced4655154054369fe6555fcb322e4080e6990b4ab0ea74add085d68dc7ef0a9dc262b5edbec77b8eb0993194fe70ac78af5571e75751be36c0449b1c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
66742fb35fc1c0472cca3bd2a874a330

SHA1
305ebecf86d12efc713874871c73564be536fe30

SHA256
f13dd0ffa64ba216be324fbf7dfb9ba56fc3d5407859c57790c8b364a007925b

SHA512
3ec09769b725c481548367508459684d490d72f414205bb1c517a6c0291146bfb1355f774d242ac3795c349829a770608bf3b0bcbdcc480ee40d232487cf900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b2d69a7574539cbe85731f000c40c4d

SHA1
4bba13b7786afdebe65d5c3d8d9937e0778320d9

SHA256
4d8a525315aba50ab1150aa5ff677ae31e355ddf5e9cc791df57957fcf6a0f37

SHA512
9364ba44f300679f6bfb5de59ac1ac80407ef29668b4ee14e0736a6b79a88274b54ed6cc93be8cf83d99f21409fdf31ff8a02fcc095de3e24116aade2fe3107c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a40c7c043feedd3cc14b5c01f0cc204

SHA1
b6cdc9276fd7ee1f1772ec804ec9417ef05dd9c0

SHA256
5cf716c87f58e7df614a9ff21cfb79776a7671844e1117d5c13d9d04e11b60c5

SHA512
41d43b615bf598177bb3f8cb59a33790c3aad6716a0d1d7079bcf5580e9f88c959014a42f096bffea2b5a4726ffebb8e3a13e7c2f358c1f50b8ab818afc2e190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ba32bdc5f604b97505b278b59991582

SHA1
6f0f1f411b74bdd460095c65ca9b8eb61555870a

SHA256
c05355acc07f363ae5dd61696a9d8ac45bfcb1f6e37684424edff6d62a997c21

SHA512
6218c7a6b678467b1e55e6f0493de1e90a175cd78cb8542e089a3ed392cfbb75fef912b65dcc9f56dd0e6b74bb5d34dfe92d18164530a5872ef70539a7145672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0307c6a6210d6142c19d014f66f914fd

SHA1
5d28406f7c13456b1c36cc7a40bf9adecb6a3355

SHA256
d2ac7b31d72b0313568b5b802c8105b8dc31fd80c90e754411168f60c8889c0e

SHA512
4b560be30961b83483de64d08f4dff1fd6b5d9c0ef0b1f1139218e991b4e6a2af202861eb652be69b1eaa38f38be437daac80a08f20273c7c98a6f2c0bc84af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c676fe7d838b15a24d4738263a9b21dc

SHA1
ebde74f26a5fe006be333bf719b9d5f97e22d89a

SHA256
57a5c4ee74337644b74d36603371b216668dd82fd9c21fbfddaf8fc14a412fec

SHA512
ebca086be0b78d04f7e034f9b8f7eb2617fda7eed7c331b8bc9dac7977f5993e59ec2bf54376e352424dfee34fac142c04f65b348f0400fc76b26f6f9a1f5195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3dd47bbdf189b1507fbf657bb50beb07

SHA1
f13a26bd2000eb2f87ac10f9d73b9785e143c1c1

SHA256
d32da3710f1d5accbcccdb3cc3c1048cbbbed3acc110075e185aa0e4c96ecd08

SHA512
669ece281ddf3078518e53c0d2ba47becadeef235e5fdd27f0b25f30662fe4e81a4f2c52fbebddd04dc4f6707f43833d1bcaeec547d3db6cd23164def4319128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2ad977a3ac411f10cca9ea46258e6b54

SHA1
d74eb5eff86259bca283d3ad8433f6ea9bac7a0e

SHA256
caeff1151f55b5b4fccefe6dcbdbfa0dc8db2bbaa5b4dc200f4eff4491bebcf3

SHA512
83af712e5280e6ed86eee0b786a7401aa5066fffcfc1da57d7d61b754b33059533ce8915356c707ea57bad32ec801b1bef28786d2cbbd6d94474e136e8445621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
196a6f0699a2a1033530d831027a4928

SHA1
daa9a76122c2cbac89953a00831f724bf9a9db9f

SHA256
5142c394656fc76dcdfa9d895f99adbb045818a5c46255b0c998bbacaac1efec

SHA512
a54f53ea1ee91dde74b1334d59832f8c31aaf7fd1026a63983c2216aa490a7b59a32c25f74eac9e567b983ec6ad6a780a8ac216dfa0ff210777f46157e9b9249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb878af0ed793a7efe80c773bff13f15

SHA1
2cf48f90a69e0456af8e0e81ababc79eb980de8a

SHA256
cf13fc1afa75875b413b218109126f4d7db3f12e4f9e05430adc3e4a35f906f0

SHA512
7429e730815f18efb009d46f3224438e370e4af42418c4fc1ac4ab7d42899835ce2fc598e69f1802f2f79f0b2085e48874d06e000fcc266e330251b65121e284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be86036b0109fce09eba36fa83efd534

SHA1
bb1eb1de3a6a92ceda5cf95ccf5bf78c624a293a

SHA256
7a26f2535f9f6dfe33bf768e580bfcc5d77b08dc89a9cbdb7f1ca714c54d4e05

SHA512
a52247b19e1d85ee64a1276c9fc06db54e41146ac4aebdeb36c17cac01c272b891eb72f53649c4ba6e2dd660e25c42e4cec5089a68f946e96ae75c8b7fdcfd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\eadf114e35641d8a14aa9648d8e1c01b4b3bb3f0\86564c39-f77d-4443-91ba-c6a63440fdf9\index-dir\the-real-index

Filesize
192B

MD5
5562d8f99694189af39bf0a3caa18a93

SHA1
c350f391726a8c35cf3db64c634b25fcb2e9c0b6

SHA256
8e2b184a933d5004a6434d1008ad34e92f2f3b211f64384976229f807ad373a4

SHA512
d673a20a43f267e86fca566efe6660897b0525102d46bd27f3757e1545df0998e746aad09d7339c00a8a8e7c02c10d509588ca47257f715f6a3a0cc800a07c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\eadf114e35641d8a14aa9648d8e1c01b4b3bb3f0\86564c39-f77d-4443-91ba-c6a63440fdf9\index-dir\the-real-index~RFe5ad92b.TMP

Filesize
48B

MD5
c3b156767ef15172d230c176fd4ac589

SHA1
b87c2eb3818c5405c39ccda60566c0f044553856

SHA256
4ed83539d127fad367a92caa735b81966b2a97bbc3da8a4bb0ad82c50af82332

SHA512
7781f58b5bae0fde181c4b8c0c07526a48b808eefe877923fbfb62de7509929db6bac58ec6e00c23cb74bf773393a9c6e372a75870515128e3ef90a8b02a82e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\eadf114e35641d8a14aa9648d8e1c01b4b3bb3f0\index.txt

Filesize
121B

MD5
a6d2ae7306566926787a0e87598d83ef

SHA1
5d2dbc5a322d6fcffc62e87def49dc60a284903a

SHA256
8d20be5a0ce5f10446d0de5ffb826c0dd11835b49a2a09ad1e415f5819deddd0

SHA512
58911292b9359635bce72244a56cdcff5d0ade13be53c54ba7d4fbc300826692228b9fdf7694d6a386d774b0bba99b0d6d27e9bca713ccac89deba1e668e09f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\eadf114e35641d8a14aa9648d8e1c01b4b3bb3f0\index.txt

Filesize
120B

MD5
07ac1734c135022ed6ba946742ec3ce2

SHA1
dc4a444ee0a7b241e2dc0655b8af90360607b716

SHA256
1426b64fa9dbbbae88b6fc6e35cb909b4a66990f169d6247d1052d9f0b887f73

SHA512
0e353b7ea0536e1a07aaf72218bb2dd08dcb44ff7fb9e46cbe32234109db0b8cf60008454b18314ca3ce0d0316cb50ccd83b5271103be1d095adaf3b54685a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
15KB

MD5
acf62cf3353356a2c75f476b6ab075f1

SHA1
12afa716bb5a190be1f797584bdfe282087f7744

SHA256
7252931e7df06998e870d6d0fd51e6470d7be6e41e7fed8db75e660a7e8632b5

SHA512
e969a82926482d811bfefba06eae499741551652947b9fc6ad46a78e5905b8c887cf99664dc994addb4e59cfe7414f2807450d15323609d189af0a4f86822062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
8KB

MD5
e3ce0e8e6fa6bcfcfe1c10f5f25d1dfb

SHA1
402404d3d5be59d7cea07171e31485c10413202c

SHA256
ca72682140a2690b127df4166ddf541d117c7dcc227a5d7d8348180695ef9470

SHA512
bdcc9b7b8e469f6556e9ed87519334331bfa1a8dec4a32bc4bda846b066f788b998ea0fabf567f1ad86ea9f2ed21952de69704bbb1c82ed0186c804ad6e75ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
162KB

MD5
317914ff0daa1225c74540e0248aa283

SHA1
8fea98f0e9c88787cc3d685fc10d5e141e424f24

SHA256
f6702a30de35ac51a878235f1274f4b996864a894bc6af161f973ebfcb93815a

SHA512
0018d44a75ef79fcea47e3fe312c41951a74d0222669c422986539966f8d3dfa6c67817d50064bbc177f84496c9ffb5f39f42154f0e69f8e505d4836d59b0ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
389KB

MD5
3e08152f29fdb3816ca3c282b8d5ba3d

SHA1
b0038f7a240220d727a0ad133c2e22c238f72c01

SHA256
be4fb18292648a1696f6d9bbcd3a9f61dd3ebdd1a98125defb7e1a61ce55c23f

SHA512
3813ef4227d79565a54fc2ca33423cd642fee2ed93aebce84fd784d9b6529776898763b9e8631876c3ba488080f9cbe6523a9de9d01778fe62c8d852c4d26e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
3dd16d9ae315256595c148c4a92a5ae5

SHA1
f3dd871e71f0f3f714d958a296a6639b2196ad09

SHA256
26203489178e5da9213de9a4051ecc807b8b28fa8b79a8af1d3ac0a7810e8fe2

SHA512
d268a5fab19e6f241fb1efc4b89a31e5244b4db87b4a4e6425a3edee9109da6521d22484409f21b130239aa79adddce0682144337c9c4608722b6647d5e08b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
30d6e0038fd9134e160724ae0cbbcd6a

SHA1
c8b6e6cb9d986c51e68d97d233bdccaf2d9df1c1

SHA256
57fdf8af2bbafc825792b30f956d4793269fbefbff046a8090176fbdad21c0d7

SHA512
b6f9eacccaf8358dfeaf32203274fa857f5f42d09e9ea5324b53d146dfba69d0d89126d6b8e9697a0521bf18909d39759f54319276b931bfe0087c2c539478a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad7b4.TMP

Filesize
48B

MD5
cd3bf02faa5fd34d987341162a2b2fd5

SHA1
18f04d5420c729e0786411399ee0ff7d32462acd

SHA256
b64f01547d5bc33c84beb0b2323458c19478b1fd363cb8f2476523a5d1ffb3d5

SHA512
66ce7fd4d0674268aa66f0316d631a4276ea5c0f54c53de107ccab8e406fa8aab69ab5b10d0176fa74d1d8b4fe77502b0b378b03fc80a1604f25c8a79283a205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
624d8062ff217dc40361f7fee2bfcef8

SHA1
dee967cf4198a9b4f2457d1026de526c53bac207

SHA256
175c620fc1862d9c068eb2d2b0262e6aa7b392f197e6068ac4535aaa9b052558

SHA512
ce05f3874abc37526a53ac17759478fe600c0f7d6407b7eb600d4be61e33852076924b2465062e3be91708a0fcdc5ff84213601f92e21d17d1a74a960e1738e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
2de89837555cdf8c3de15e4d8a0d4f02

SHA1
76d2f930e68a2706186d889f66f4c30b71ba9b2f

SHA256
61d0736934e11847ef5a2231d58256f389130ee13441661e8ec6bf3910f8d351

SHA512
e4f54bae4ca0b45187ec1e3217d294c3c0ad3ec7c798ade7c9976d01ed8fbc906e10b5b0927ef20436983b95daf386c12f62daece2a8faa82b219acb55506924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
97f6e9a2b84a2a4314118d85cc30e927

SHA1
2e4a05b48b94dbed79968a1dc5e6a0456a92f6ee

SHA256
263461f5987bcaff62dc710b28e1bbef56394fa09b6b2135eea2d8a698df925d

SHA512
80c970a73d74189faf6927b99f3f20e78848e3564658ca1469843727d9af4d5a3a3648fc128736f7aee0b57bf48e063f50e49ca09533da959845b103d3003f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
af66dd023caf42ff74c43d7f12b1e395

SHA1
ed3ee3c5f61353b768b28c13b5e03b0473f3d3a7

SHA256
47843bb4a84005e8a66530f0904586ce456165efc2439ddc6ad2d270c2431ccc

SHA512
9a4c59d36d0a6202a5ba4436b21ccfe7c29b5132b76e280a97545cc3de83bd767027d8966857479ea3e4fcfacad6c0c23ef93de81a58155889d2d9e6d1fcdda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
445ef8baf0e7dc01388fefaf4d6c06e5

SHA1
d0fc81128db3b996cd3a43a184dbafd6ef750317

SHA256
aa9a48e9e8bbc4faeb7760d57586a4904094513ebffe5454c6b3325dbe9916a0

SHA512
e269b15fc97740883ef33851f569cc27fc8b08958f91f1b0426defe8622161e37ddac223fbb486d463c1d0ffe65d7d72562ce9c6c7f024b83fc12c99d4e424a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
28806788159ca0414ad8cbbe24ad9c54

SHA1
1b031ee13c7a4fb5022d16c05fab917a0dc98002

SHA256
6f4cbd6a2372ff951c81a134b30adb3245b88805abaee3f24f7c7eb741c00ced

SHA512
e974ff4addba5fc78ac5213bcb5d3f3ecb49b897f6db164b08ed96709009dc7979847a2d110e146dff135d5ca1a6c5231c552340583a4c999c5d8fe25242f750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e9a06be9751b7e1569fc567912eb92d8

SHA1
a56e552612ee7341494e50409b9727467203218f

SHA256
b49beccc77ca9437e5cd828deca28d633a1ae6bf3b273f779c7fb7e8dd5fc237

SHA512
e39a0e12a1ed33c9478ee8d3c7bc99a57055898bf09b80c5114b4cc6c031f65e420b02b9bcda8c1aed79d967c0450f4fd245b6d2c6ed3db6a13b56f6b2805d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
54088efc36df8e0ddc7fbc8dec21fd0d

SHA1
78c26d2206f62f2193c9e081b48d48cec7d23283

SHA256
2bfd009072cb59495e2e0ce65ba77a1073e9d62fb31b58ed6dad87a813d1a661

SHA512
dac012ec6033d39e4dc092bd4362aa1e482cf65f6a8064fcea824c1334932f2e7f20140aa87287123f2ff9ef6169c642154b66f67bc7425fdb93c5c851975777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c901fe041f1132c97bd54c3c4197cfc4

SHA1
ec3b4767fbfb5c6df9d2bdd669b4770bd9f5616a

SHA256
15d76196f18063d2107b9c64c0dfc53f957ed745d621287d86b2704354ed6d3b

SHA512
32c8122f619c0b69bf1935ad56e51574f533ff334ca9368db3011d8a6773d064ed0333e9a1a4927f3c26081a7324b17c7a5ea2ddbb4befa3080aa7b93294b57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f8fb2f54453c641a3f7fe07c7fd5d143

SHA1
5fdf0d5b0cb5c1d1fa4bd695217d816ecbe5aab7

SHA256
1269d998570fd6b717eb476b1ad26dda85b249da0d0b9a80fb4f9b96d6671afa

SHA512
2f52957c050bc8f3db343b8a97302ea4875e82f144fd790e85819cf97c7a77860da24e7b5405c1bb8bdacd2030c910f0357f77892fd944eb7db7d29055d899ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0a973e1c4e721c49ed4e181b3413c72

SHA1
9d984825658e16c0272efb18785d65143e1f59d6

SHA256
a003073d184df86b70b4fbc138fed1c5524ab46a72578e98094f701b921a726b

SHA512
f1b0c907b39cc2e35d6aeed2221f31378d3c9d5984feee7c5af84a07abb70cf0e22a41344e1ad2b0ef6a630c63d64f5b2127bfed7613d37852b710e747de839c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55752ae2cc2161029f60bec5c57b6567

SHA1
6ed1d07d9521d1e60ba79baaad85f0765609ef02

SHA256
8bfe9c7ca728d73142b07a9ec32ba48be5f78bf20b848e45828ec18b4f719538

SHA512
66ed489d1d055a3e38df73760fa2b0093ee1850f37c7b4b70ee311b50f42b328b3fb5ccded92b989c586fc75bf743898f842446d6e284658bf486a146e911919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c990ba8c4085dc4c0847608a2ce22cc8

SHA1
d94ee08dc36e5d1bb9ea301a7300b304ee208740

SHA256
c0a7ff4f17f71fe5173a972c0dd821e483db81c7894aae95f9cc181bac5129d4

SHA512
a873665ad0b6409924ca37e39c11741bed6000975ac9f8fb81e4697569ae07d492f588dd4871c2011ff5e63ec63c4033d2176b739b48b324274a654bca774fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1185a02b051439d6d0dddc438e669a82

SHA1
5d1cdc1583dbcf5b241a5eeafad09cbe2dc9a004

SHA256
d962cf4207f78a17710bf92faa482dc3f7c391934058c6a421884e9ea05a6445

SHA512
1be8181bc79e516dac3321c0cf63903de5ae531d7e5e8e02f043f7eb65d0e7aa9124d59635ed7eedea01ceb398106e23c67f04afeb9491c789c58e9ade24f111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc3b9057c6503775b5ae6fbf396c4b1e

SHA1
b00293005b2085f9c2361982328b8c95568eb47b

SHA256
5ee8c57e6e61427fbc6f1f809e0cd7c84631e0cf0f796d5283e18e8cb2b86e10

SHA512
413b447462ed564e15b72220d730503f700605d76202df500e36eeb25d9777b4db4644c945a10f9f8483d5a02dac780e5e53e7399e478eb1c6fb92d28daf1a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a46d64086747b7d579150087475d1934

SHA1
092b4da45064dc421715f40beb736701ba1d9ac3

SHA256
882a1732d4b1e8cb088ac3e1db44c6886d666ca40c200f1f4c0de776c69666a7

SHA512
a7f778bfca9dda68b8885fdce5eb1a32f3ee2ccb152e876d574ce01c5f07a20c856a85d9975ee265ea907ea6b8574fb4002d381aceaf961b2c69a1171b29f31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
385b3c8285a1aae2d09412821f807988

SHA1
87179cf426a4378dc58ad4a79aad77009d51d38b

SHA256
4bdd6a26e7909df4b0409e74309a22944bfd8c6c6806188af2fc16f5a0b8c9ec

SHA512
cbe75979e193ecc5225d63b405221413f6022a9fcd19a0e474aa46cb3ee5d30132d16cc99fa3545df5907f04011e800e1945149dfd977e6ef4aa7a6e4000c44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
7f61827ff0bc6f9f63438f7f0bd72b6e

SHA1
36a057c0ba03e1eb0e557cd6497340faedb8149b

SHA256
525a762f8f99de3bedd0f4de0c4396f7bf1a1f64d44d60acc197f653ff64dceb

SHA512
a7a31c574851224e26713c1b463299fe5e30bb8a3140fee19dab0c256735768ead47c125cbf275970825e7a00efc58fe81cb781c6e8e6c4b63d8eb7e77528bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee376245d8639488f65410ae6dadfceb

SHA1
c2e1a98a1872da08f0aac2cbf6f21582e55c7339

SHA256
a7d447f17b399e69b70813a1e6accb4e97155bef951c1b0196742a9266099378

SHA512
15e4bf191e99098d2a7fad38123ca25c23d6be9043b8caae8c42cc4e1edb0a3a0e6378bc7742bc86add5988d637a6e2a337d2b766a99e43d39860f9ffdb3a644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36dafd762d17016be8bd405e98f8d4af

SHA1
aeab033d48f58dee67e81ede9578670d28909d96

SHA256
cb4535babfc0c4a3975660f72283b1603a82efad965f402f132d2f370150835d

SHA512
c13f99b8bbe6ca416f54386808e41e6bb1212cb0984ff3f6318003ebd14a9a5a2fdabb2fd32fb99d5be225dc6df27c44c6aa6507752c32a27d26f2a51e33b8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f83b.TMP

Filesize
538B

MD5
f2ce90bceff265bd9a976e5acd4d47fb

SHA1
19ebd55caf7455b342b7300139408bb3a0eb345d

SHA256
7bc31ff30f8f9fc98f976834ce43eb5ea2d60c7f9066659a9a7d74644c2f3eec

SHA512
0710810e0eba68c2738b027f8f85550f6bc8fd2ce86f26630ee66c3d752a6086efb2a40b2dc625d08231406eb0f4a8c7644c3e726414547fde766f9244ba44fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9d067c32fbf2e482a908e3bb7a35030c

SHA1
a3ff5cee30108ae4e41860f0571a4031ad800466

SHA256
db9786e2936024c9c7bd843546e3894fbbbcc5a784df121984f49b3dd45f341f

SHA512
8c58b495846e65e06ff0854c24575c941ece3ed3f0ec7c5ea802bea3ba8ab944b11f3c987a35af97a5d6d3579876ae3ed05cdc8afbace95cddff85d5a7ec31a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d331cd497794e13736943df1bf48a02b

SHA1
75479dbc3a61f4d3c8741d646a1711458c5fe949

SHA256
3e71698139e4a05f62ee857808665eda0f1327a26c55e763b34fcd79c8aac8d3

SHA512
9d4a9d575a25f250804e25149167e177c5ff5d3f192c9457496f32955bab762edfed0a49a41f778e2745ae1e10d51930f3b64dca93003a0c7c86c001b2625c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
380c4eef5e0e531d1ee396df0e013980

SHA1
10f65b49088a783a81515cfc16a073c7509127f3

SHA256
ef12e3a2c7a663a3e96e8618d90833e10ba0be923a63b69b29b1438c0e09d5db

SHA512
6183d6c1aef8179fc335e38e50d1bddc5d79df5d9e300baba8bae4779bad076c904da6040c3089e7d93c1e1aaf1a4bc77b3c56fef529fc365f3ed765bbb647ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e3f0ca436318943f185258e405f4bcaf

SHA1
48448f4e5d3b6027d1833f9f095edbe3a3a07184

SHA256
42040eadc258aede1a170fee67ede6aa606552cd8cf344ee376035ddbee8672e

SHA512
106e59fa40e375fca155b692914ae5c92445a805a9ae37089d529f10ebfdeb2d0747b051e74cb5f77b0250a125dc9e18034565f14e80634bed40cdd4b068db8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d89753a9e284b97808f5e3192c32e054

SHA1
ec64f08707f17db9d45c1dd707c3545375bc1e93

SHA256
c66b2ba5bab1c602510ca91b60cc96b0359f9fe72c43af67e07fe1a491a2f2ea

SHA512
c867036c009210fbb926d0e952d3be3ac4c212863294e35cc56afb7559efe85bf46a3aaeef1e43b9402f9fc43d1b68e0ff33544fa922a799de52e7072078dcc1

Download Submit
C:\Users\Admin\AppData\Local\OperaGX.exe

Filesize
5.7MB

MD5
d6bcaed383b337e8504f5aff46939e16

SHA1
421d3d120afc01b2812e9e00ff15c84479ebc0f7

SHA256
a6128fe0668cc6472d15cd6bc10dcd45233bc0a3c45e4f3508239ce4547b07fc

SHA512
71210973fec9d6f8452f418d4518de3743561f4bd33abebbce1983fdb9f238895c0fce27052d1eed8c0a7db16bfa2c7b91ccbacda49c766b20cfb631b2495189

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405251302581\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405251302580633740.dll

Filesize
5.2MB

MD5
623dcca5a87dda60785b7b534eb7b621

SHA1
f9bd7545c032221b085202d5aa1e44846df57652

SHA256
f675607a12ff20d454c79bcc36c9bc2ca6760f49a6c79e3023e949b96d04f67a

SHA512
d44e2c9d2edd7bfd0aea64071ecec88b871a5af2e5d4c41ce1ba36dcf2e094d5546dcce73779a41ba528ce8265aaa1bba33e21ba1fd92caab01f43e79b0d6bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

Filesize
26KB

MD5
cef027c3341afbcdb83c72080df7f002

SHA1
e538f1dd4aee8544d888a616a6ebe4aeecaf1661

SHA256
e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

SHA512
71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\setup64188184.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\Downloads\Delta V3.61 b_64188184.exe

Filesize
9.5MB

MD5
3d50042e3e3991be509f56a2951a2183

SHA1
f027790afe9d7ce2ddf17973f0778fb9e983ded1

SHA256
76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2

SHA512
120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873

Download Submit
C:\Users\Admin\Downloads\Delta V3.61.zipjkdfhkhfsdhfsjkdf

Filesize
22.2MB

MD5
2692ff99a5f94520b6caa33bbd0cf05e

SHA1
0bf675fad129bc61f7c2763177a4314288cce4cd

SHA256
507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

SHA512
65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

Download Submit
memory/756-902-0x0000000005110000-0x0000000005118000-memory.dmp

Filesize
32KB

Download
memory/756-886-0x00000000050C0000-0x00000000050E4000-memory.dmp

Filesize
144KB

Download
memory/756-960-0x00000000060E0000-0x0000000006434000-memory.dmp

Filesize
3.3MB

Download
memory/756-958-0x0000000005E30000-0x0000000005E3A000-memory.dmp

Filesize
40KB

Download
memory/756-959-0x00000000060B0000-0x00000000060D2000-memory.dmp

Filesize
136KB

Download
memory/756-953-0x0000000005EB0000-0x0000000005F3C000-memory.dmp

Filesize
560KB

Download
memory/756-937-0x00000000057D0000-0x00000000057E2000-memory.dmp

Filesize
72KB

Download
memory/756-920-0x00000000050F0000-0x000000000510D000-memory.dmp

Filesize
116KB

Download
memory/756-910-0x0000000005160000-0x000000000518C000-memory.dmp

Filesize
176KB

Download
memory/756-976-0x0000000006B80000-0x0000000007124000-memory.dmp

Filesize
5.6MB

Download
memory/756-894-0x0000000005040000-0x000000000504A000-memory.dmp

Filesize
40KB

Download
memory/756-973-0x00000000065A0000-0x00000000065AC000-memory.dmp

Filesize
48KB

Download
memory/756-878-0x0000000005010000-0x000000000502A000-memory.dmp

Filesize
104KB

Download
memory/756-870-0x0000000005050000-0x0000000005082000-memory.dmp

Filesize
200KB

Download
memory/756-862-0x0000000004FE0000-0x0000000005008000-memory.dmp

Filesize
160KB

Download
memory/756-854-0x0000000004F70000-0x0000000004F9E000-memory.dmp

Filesize
184KB

Download
memory/756-846-0x0000000004F40000-0x0000000004F68000-memory.dmp

Filesize
160KB

Download
memory/756-838-0x0000000004F10000-0x0000000004F34000-memory.dmp

Filesize
144KB

Download
memory/756-830-0x0000000004EC0000-0x0000000004ED4000-memory.dmp

Filesize
80KB

Download
memory/756-998-0x00000000076F0000-0x0000000007CA4000-memory.dmp

Filesize
5.7MB

Download
memory/756-808-0x0000000000140000-0x0000000000518000-memory.dmp

Filesize
3.8MB

Download
memory/756-1002-0x00000000067F0000-0x0000000006882000-memory.dmp

Filesize
584KB

Download
memory/756-1027-0x0000000007DE0000-0x0000000007E0E000-memory.dmp

Filesize
184KB

Download
memory/5460-1110-0x00000000002D0000-0x00000000002DC000-memory.dmp

Filesize
48KB

Download