hxxps://www[.]mediafire[.]com/file/bqu1nlu3kn4zbcv/Opal_080624_ez[.]zip/file

Analysis

max time kernel
498s
max time network
496s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/bqu1nlu3kn4zbcv/Opal_080624_ez.zip/file

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	systeminformer-3.0.7660-release-setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	SystemInformer.exe

Executes dropped EXE 6 IoCs

pid	Process
2372	systeminformer-3.0.7660-release-setup.exe
6964	SystemInformer.exe
2092	SystemInformer.exe
216	SystemInformer.exe
3116	peview.exe
6804	peview.exe

Loads dropped DLL 33 IoCs

pid	Process
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
6964	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
2092	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6552	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 43 IoCs

description	ioc	Process
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\LICENSE.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\icon.png	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\ksi.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\peview.exe	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.exe	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\EtwGuids.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\README.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\COPYRIGHT.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\ksidyn.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.exe	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\CapsList.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\ksidyn.bin	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\peview.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\PoolTag.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sys	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.sig	systeminformer-3.0.7660-release-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	perfmon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	perfmon.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623429428911541"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\MRUListEx = 00000000ffffffff	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1 = 8c00310000000000c858748f110050524f4752417e310000740009000400efbe874fdb49c858748f2e0000003f0000000000010000000000000000004a0000000000f64dd900500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\NodeSlot = "5"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	SystemInformer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0 = 6600310000000000c858748f100053595354454d7e3100004e0009000400efbec858748fc858758f2e00000046350200000007000000000000000000000000000000fd09b300530079007300740065006d0049006e0066006f0072006d0065007200000018000000	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SystemInformer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	SystemInformer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SystemInformer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
6532	chrome.exe
6532	chrome.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
5156	taskmgr.exe
6968	perfmon.exe
216	SystemInformer.exe
3116	peview.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
6656	7zG.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
5156	taskmgr.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe
6532	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe
216	SystemInformer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 3048	3544	chrome.exe	82
PID 3544 wrote to memory of 3048	3544	chrome.exe	82
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 5116	3544	chrome.exe	84
PID 3544 wrote to memory of 4816	3544	chrome.exe	85
PID 3544 wrote to memory of 4816	3544	chrome.exe	85
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86
PID 3544 wrote to memory of 2880	3544	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/bqu1nlu3kn4zbcv/Opal_080624_ez.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde10eab58,0x7ffde10eab68,0x7ffde10eab78
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2572 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4728 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5072 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5200 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5376 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5580 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5712 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6408 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6204 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6708 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6360 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6912 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6980 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7120 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7256 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7260 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7556 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7952 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8080 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8100 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5972 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8496 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8536 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8804 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8924 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8956 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9096 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9112 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9532 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7692 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9832 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10208 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10104 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9540 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9676 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9976 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9948 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8576 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8072 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9232 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9472 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9968 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9988 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8380 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9920 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10500 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10616 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10604 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10580 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10544 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10516 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10504 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10600 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10392 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10388 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10632 --field-trial-handle=1892,i,18193893777537239065,16522412049754160674,131072 /prefetch:8
  2⤵
  PID:6564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7032

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Opal 080624 ez\" -spe -an -ai#7zMap32603:90:7zEvent3250
1⤵
- Suspicious use of FindShellTrayWindow
PID:6656

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Opal 080624 ez\README.txt
1⤵
PID:5836

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Opal 080624 ez\Opal-Patcher.jar"
1⤵
PID:628
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:6552

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Opal 080624 ez\README.txt
1⤵
PID:3236

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Opal 080624 ez\Opal.jar"
1⤵
PID:6024

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffde10eab58,0x7ffde10eab68,0x7ffde10eab78
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:2
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4356 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3152 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5040 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4780 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5128 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5716 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5944 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4360 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3272 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5420 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5392 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=2020,i,1906170770447786567,2811008385809307986,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe
  "C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2372
- - C:\Program Files\SystemInformer\SystemInformer.exe
    "C:\Program Files\SystemInformer\SystemInformer.exe" -channel release
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies system certificate store
    PID:6964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6448

C:\Program Files\SystemInformer\SystemInformer.exe
"C:\Program Files\SystemInformer\SystemInformer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
PID:2092

C:\Program Files\SystemInformer\SystemInformer.exe
"C:\Program Files\SystemInformer\SystemInformer.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:216
- C:\Windows\System32\perfmon.exe
  "C:\Windows\System32\perfmon.exe" /res
  2⤵
  - Checks processor information in registry
  - Suspicious behavior: GetForegroundWindowSpam
  PID:6968
- C:\Program Files\SystemInformer\peview.exe
  "C:\Program Files\SystemInformer\peview.exe" "C:\Windows\System32\t4pfwd.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:3116
- C:\Program Files\SystemInformer\peview.exe
  "C:\Program Files\SystemInformer\peview.exe" "C:\Users\Admin\Downloads\Opal 080624 ez\Opal-Patcher.jar"
  2⤵
  - Executes dropped EXE
  PID:6804

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Opal 080624 ez\Opal-Patcher.jar"
1⤵
PID:2664

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Opal 080624 ez\Opal.jar"
1⤵
PID:5616

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Opal 080624 ez\README.txt
1⤵
PID:3944

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Opal 080624 ez\README.txt
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde10eab58,0x7ffde10eab68,0x7ffde10eab78
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:2
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1900,i,9401238891716559879,8371015560364194830,131072 /prefetch:8
  2⤵
  PID:3388

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\SystemInformer\SystemInformer.exe

Filesize
3.2MB

MD5
60d6d4096eed212458d15c1ae5a69b9b

SHA1
b1ab46826bc2608cd4a36b5b8fb8b90d80570d59

SHA256
c2e6ee62a548067c722b71f19ce59e81922fe16d00e0fbf36a1a6e28803f57d5

SHA512
5bf4380158369dbe30e480bd4679899cbf8d7758b8e49f0b19caf5ea5832dc968b21567aab0ac7f5e5c97c48475ae79b303fdf97d91b8440fcb4c758062df106

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8e147abc9bfbd995ea2a23579f028680

SHA1
2e30e0870e6ed7c974d9296098ec63603f3b8c37

SHA256
cc53da46924618f05cc9059d63f12c1e80170e1a864ac575f3848c98d4c1f2c2

SHA512
2eece2e0ab43f88a9e8316f07b7cb7c3d585721baca2dbb19525f613bea78906343778db1076f225e02c85896a756afa1bcacb49097845854902896171018d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6123155f7b8a202460ac1407e231fbf4

SHA1
13121f6000a380f6621bcb8dc7c83f9cd10ab626

SHA256
dc3766fd1d9f14e305d5483a9e886548c3ff3ad2d8497e26a04c6d8c31e7be6c

SHA512
ef2e48a3517f58cf068d2ed9e202ba4d2a54afdccd4937c74b5c84d5c4fd47d9b92ddcf3b842a102b426dccae53ab3bc9e571a5cf27cb315be4dc58bdaad34cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\38ef54ce-13d2-49d4-92ed-5ddcf45dc047.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
64KB

MD5
8b37bb42b1577b08892393df19f534c8

SHA1
e12eaa944bff9ccd0687ac54811a3ada4a5d21e9

SHA256
6cc9e87df3ba27d6dd288a0593a4f70a17ecb0bf5cac0a591ff72f355a9f454b

SHA512
9dba0d070832cecab4c2aa922bd07395b7493845926a5bed5c5f86d61c3b2fff1f6fa12069b7b7abe4f15cd58775ffa238aa36c47e100d7ca544abb3bc1a29b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
69KB

MD5
4f9d58547367f284c0fa5c840c00b329

SHA1
afdf5a998830ad8bea4d57ad8cb3882ac911b43f

SHA256
3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

SHA512
7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
327KB

MD5
f43bae76aca474b1c3c685767390f30b

SHA1
3c0529e776d3adbff6b3da32879f1f67f12ea31d

SHA256
c872f37122385d45ae96b618f1a0298387f90a3baf2e01b64f4a296a9fe230d8

SHA512
6f71a93834388b0c9f3f5ef1c8c0e94bb98122eebbfbeece1403e530f214f36a32557f62e6e862a5d29ab25bc39bdcb14505f99c82cd3355d05c87447b81f3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
133KB

MD5
f91dfab9ea71dcac2d56932ee97b4a88

SHA1
ea278ac6e3a673d0047623473051b64a7b9085b5

SHA256
f985b76e4096b86b946fe552479dd890b4510310ca11effdb58035f6f9b236cd

SHA512
7577458acd4ce0e69e73d29c8e332a9089627d1ed31c6e2fe02907bcd539cdfe37126a418a445c6722f2196177cfee4501ec1498a86a0af6cddea3914740b120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
24KB

MD5
79ed1c7e150c5f298205f2a1e9f18c0f

SHA1
9e2bf9d6c7a4e1be4dc792581f127f70a805d806

SHA256
f0b2cfd4a8aef7e57b26ce0c631c8b66bf70f96ab0409d84a85e4797f1544829

SHA512
cdd7ce89c78bae90b8542afc768bb4794e7e47832be6920536addc4d07b7268f050cd98211c305730cb6f228d8fdbc6ba0d8852a1b3c2ca5672932648e54378a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
26KB

MD5
69b550731f9a789a39d18eb917e43a4c

SHA1
20721285bcc8dfc47777e43b2d94a224469a0b50

SHA256
230bd4129d0d79dd196efcf6d9e8db962c5e750fa539dfb5b72ba43666485066

SHA512
0de48338b7108eb2b9206c57d382c69703f1424788f7c665f44e4ebf8fbc92da8f11d10416c03f37d62c0d72cf760b902ef52f8e41caeb89ec221f0fac76702b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
18KB

MD5
82b03f239b58044f1dc310a32f0f0cff

SHA1
58184e5e351719ec9b10bee1693260f4f34e37ee

SHA256
18a1e3a37e5cb38d38d452d2f0ea83b78b915a507ffa9860cac9c33575a3c105

SHA512
884d2835624980f8a8c4eab8da57f93f3b2de8dc4978070d48ce0df355db8a82c291cc8bb7c42703aa55fa11c7180ece5d5bd1877e77ac875fa6155e64576cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
17KB

MD5
2e152ea9996806843082ed6acef52d00

SHA1
64d22bbc0ecd519b689edaa86c3fab7bfb9489df

SHA256
da3feaa23d32a129fc26f550c8dab39a3b00375b9e252093d4874733e5e60ecc

SHA512
bc112291d1eaa95218a1252659abe90f8d40d0de0b93b080ecd033a1d01add2e54cdd04ced465fa3de319e58bf16ab5d3cd2c3f779d89ed12b95e7d9b3791995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
22KB

MD5
fa5ec5d33418d2a7911e410fde78ae73

SHA1
9f705455945f7b7d182450f4bc8ab8bb778ff5ba

SHA256
af6c2ccb0194b6c011c4fc22a6809a2c2deecdd91953eac6a85de4412f9b9306

SHA512
f4f3eaa3be56337323c6d23d644201baa722a2c24987c2ad687d585d7b3c55bf4a4be95f1bb6216399c0da2aaca6b421990626a98581094b3e50416ce946eb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
74KB

MD5
4ca26ac165174fee7d2a7aff7aaef6f4

SHA1
14bb3b33908e2e770f38689988856325eed6a370

SHA256
eac764c091f052ba294430b0ef0fec44c1b9fa18020ee67a4143b76324f4c2dc

SHA512
525df772a9ae7d75b7039fa40315d5f96e01cd65b8a7018517a37ae87d8762fb7a3ae0c7918f1809e682c0a3968e555892db116fce82eca5f54abe0a2929135e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
34KB

MD5
27550c377f1373a8f7a0f56c0040489a

SHA1
5f12d008b2ae97af7336d67fa917fb1f7cb0242b

SHA256
af1cfeb95f3adf2e74a06ee49c2bcb5bb90ba8fc528cf765b52cd81ef46fd74e

SHA512
8ba5a8f0e4679496f3aa2679d2db871a575f4654b3c1ca79cf74714aeb11d9c65be0012b916b26ab4e24b2817393fe8cf15c722ff99d2eb78eb4e9101f8b7271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
100KB

MD5
d0f24ebe52666f1e93e6d02662509af6

SHA1
04f1fb5ecf51fbe95235e4381559002c9b802cfd

SHA256
d32bcad95c252ecd4e9a8dca72d03e5490fa64bbf7e1b83e01081a08711e1887

SHA512
6764bba18cd06a652d2b71d464809ded4fca58fea39b346110af2f5a4a64560c02e522d49c7fae11b7d3320eb7ee98862014402de78732c2a76fe8f812fa9c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
204KB

MD5
f5f1034cff64a613a5131922d7092968

SHA1
a83f6fd8bcb14b643af6d7107338f396fc7bd2c9

SHA256
6f0a12d000087d9af394e2252cc9340dbda8108f69d576905d96879c3a999b20

SHA512
62fb75abd274f72345c1c65a045393a3bfbe8f1f8d7fb7d842b8280b546c8f72cc1a9888ea384c06549ff4b383b1e345ab5c1cb95dc15db9ca727995f363edda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
44KB

MD5
2a675424480c48567c83690ca3901745

SHA1
5f9dac7d3f06edf9b8596d5461543e43d6e09896

SHA256
7e8841487875837c654c92bafabeb05309d44c250681a6866a017bf61d7df586

SHA512
5828d3029cd06e217e681e4b43e844c46df050c9a73e51fbdf87a711ff808c926e0e8e7c2630513ac366295b215029abf38ff91afdc64806fda08299567efcb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
69KB

MD5
ca2d2a79a531bcc827723b7cb58faa24

SHA1
58768607d1389f0aeb531d0546583e3201603655

SHA256
c50ba299b3c6ef491e7f7ae17378997ab22f341a95e8613744eef6baddb53325

SHA512
4a5201cd5bed4a80438a9e62e6e65b8f3b62828835e69012d1be29b3377ac5d7a1531519ab335f4d839235796e0d305f8efa2f356bd18ff9cd7338a66431961c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
31KB

MD5
b8a6ffbfb4114d3cafac1994c47a5659

SHA1
dcc6d399fbb89361c6232434d0e1ceb7847204b9

SHA256
a402d9a5d7722ca591aeac4c5bc7812c899bf3dd00cb21aa6df564558ee2329e

SHA512
2f76b438c74243da14915fcfa8d0479dd161a117164d2b8f93accddee9ba9ee5070de7ae5463f13de4c4432f045795a456e7faa63f78ae7f04439d545d0a3ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
152KB

MD5
1ec0ba058c021acf7feaa18081445d63

SHA1
73e7eabf7a8ae9be149a85d196c9f3f26622925b

SHA256
ae17c16afbea216707b2203ea1cf9bdb45b9bfe47d0f4ae3258ddbc6294dd02f

SHA512
16a1b8a067ad4a33dcf4483c8370ca42e32f1385e3c4e717f8d0ce9995ca1f8397b15a63c0cee044c4b0fca96c4b648c850f483eeb1188a20f8b6cbf11d2b208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
33KB

MD5
aaefd1e1290c9bfaf9ebed7e9a229d2c

SHA1
bdc4093d8e1b6fe3b5e947232d0c2a73fee9244f

SHA256
7521da082d84701882b3a7f6b137dfcae3a5f42c36a6758d1b0fb5024936af0e

SHA512
797149df0f6a3329ae224df83b659160008ab63de394c3d4109a4065b962834b5bde76013e7435e28e7f68ccb8c4c060c8ba1c437aa8c5c74ddf49f1e85d49ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
26KB

MD5
2d3f25734eff279a43426a79464ee2db

SHA1
cfa6922ca1c3f90a7e86568cbfd765ebd4f0ce2d

SHA256
d47ef49aad89c5f47d7564b2af0a74adceb5fdd92559659f420d06a437409cb8

SHA512
e04b89ae7c8f088acfe54e37f23f7d942745a7a1434f96fd19152fe7ba52f8e08d477c0416495e5d2c927047f4eba3f9322d59d886c7c4ba6035b90b425c8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
22KB

MD5
98d9df53a47f21e2d4132fbfc3d80f2a

SHA1
5005bdd58df36d2034a8c90e3739fc4046ac7379

SHA256
8bf3ba80d43452c196bc554bd30ff184b13eda67d94b26e5ff6050e15cd4e4e8

SHA512
bc6319bbbdfa4a8ac317378cdb4cd1c4f979018ff4b550a8b5f914a58f1b746f62df402f7f54ea96a3b82cb54660c24fb94fd9e398d06fb91d38a40e2d02a9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
100KB

MD5
82f8cd9c8d92d931782a8b75b6d3942f

SHA1
d9bc1b51e35ba25e58d8e71ea52985f4f4938fb4

SHA256
818aec2797bc64201c602ab70c85f86dadf69c0e04e3cc287e51658442e0a3d5

SHA512
7b5114646869f107442f9b91194d177743513a16b70708713c0275abb368ea9270bfa3b82e122e5819720afb29c050ce286a133310c9a349736521fcb8c3edc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
33KB

MD5
8daece21b0e579bdf5ad970a80d623ae

SHA1
33735687d888224512009c3d7c17dcc7eef4e9cd

SHA256
4b5f7a9a1d9c10ec2e8e568c2294c0939ea24ab117eebd4c5c67ae063a802d8d

SHA512
ca021b0d449bdce99c7ae792a5a4c49d995d2acb60033d11dcae3c8eff981fe60ad66884b27fa5afb77bffefe22211e2135e979853cccf04d4ec7de5273fe2e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

Filesize
25KB

MD5
788c3854fbd9b1419dc04e1558aebb8f

SHA1
20d9210754a07fc8adb409b3f7b34916bef5d212

SHA256
c75d725a402e701ab80ea793379f903acff03440c2b79f2807323e1929278a55

SHA512
62d95ef358ebf15cc104c35e5252fa0539a24616054e880d93cdf1c7e114451703cb5f5dc6d43b7d4d83d29d0a7bfe9d41a6fa10e3557676057c86479088f112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\48849416afac851e_0

Filesize
274B

MD5
67cfea3fc401c3fa0b1a38ccbc26c980

SHA1
67c95949e03fbadeb82bd9ad187753ba69a4c4c9

SHA256
7b31c8d0f1c2c61e60dcb5fc004f7c87b52172fdec1a8bc0853064ebeb845395

SHA512
411302cfc3fc160e0722fecf418bd30f0758976ed5a0c5274e3d9f614fb892c9a71afeeec967d4e35216b58248a535df8cb67d8f60ba49b5c57ef844d2e8f848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b782a0c457063172_0

Filesize
107KB

MD5
2d0191e40f9d477c14891f8d08eb6396

SHA1
2c6cbac6d03ec57de87fedd0b1e9d1c5f48689ec

SHA256
0b3607c233a4542c636543c96472b1323ca26cbc28080730b15dcdbb8b8e4fda

SHA512
a38c6910bd1015258285dcb79d6f5ae978b23bf81dfad7147b7b94706b6874e08638118417b77cfe34377520708c7c03fde4b917838ff8511dfda2f2e4c108d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d61f1cf564974109c7e0ef131f994d7

SHA1
cace995b2ad8e5677cff1a6905759943bd803550

SHA256
4f933f5fab046a59a9060446e79c76c90a7d78a32a5a3d48d4d9efbb6bdca3a5

SHA512
6f2b5a8aa337f327bceafe39fba7ff0e2cd850ab6c2e355ae8f8a93d34c948387128b8815217e3d323058851dd362d99bbcecdb2d3677054b4392c1cc14105a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fa32b1b5687c21074cbea3294d4c192a

SHA1
9d0a49e6a773e2503de07602b82276e065e66fc8

SHA256
d5010532963bb2000dcb9a8950fa893dc7d3e3e23563753fb68ae2d90424fb40

SHA512
c147bcb84eb4a218ac74313d298a7a082aa6efbadbd3b026bf9a782dff8b020c5158994cc846beb3c35e6d2b22fb3ff7c2c9ae9df2fac28564e302f7a9f9edad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c391b26a511227e7b1b2a9e8d278f7d9

SHA1
b5cc73ed139445fcb1dc32f907e18ec9b10bda59

SHA256
7971c25a22a17a403bde1cc08925425769e1c8534fac390a6af9a42d3383adc7

SHA512
e3efd1f024d00ed89da5e1cf07640c5411967fc7df0eaa142edceada37a955917c0b3938176379678c169eaa464073b99f1c041fcdf06b46920e7982aff2f194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
875f6db4b3597265d68e5eecf1a87fb3

SHA1
535639a4577cc7123aaa7640500f13594d7c13f8

SHA256
a30adae429c7b3a0e76498b5a8fa272710144f634450d03f5465b6d73a787e3e

SHA512
5c5c5ae1b4bf4b597a6f3cf348b3f2427ec9ff1a25563b745f187566c99314c9b9e092e741b67e564d9ffb85d1c6e53e385cfbd0a992b66197e61ce97407dcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
4a9588cf9266a654c940f11e5e645db1

SHA1
ac4d2f0c319d96abf42fc6609fcda723a00deffc

SHA256
40e052da73f1bb3eeeca636a497b225d7ebcc9d29b1cda82aed17894c4f8d3d1

SHA512
0b596efb0863bad8597fcfdff6881570827969951effef5da1d2d485fa9cd2ad950b04721d1bc1cf8ed544b0efc744e3d915318113204edec7c578c00a47a96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
01cc880a8a67270d242c9034ccebce40

SHA1
4f2251b4ac6e2b9d1518c4a6a7b3a133a912d42c

SHA256
85c18d84368f05e1a77f0c1a6dd9c280621551b7a7dece74229bf7f6d20bcb63

SHA512
98e1c42181d5027a4d4b62072e6ea3a716ecfe377f4eb29c781440c1b9940633a5e620cc22d52a174d0951b1a480c39c508a8e25e4c18cf29e9b6da1b5961fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
986b6f0533a6da64461aefa9300fb7ef

SHA1
da986a03d143a694e7e7c78837f422678b504352

SHA256
d52e0e071ca074c90a57247bfbcb8b8613a5f30d6cbaab1b7210bdcd5c7cf244

SHA512
3cc0b7287ced863d9abacb70bdd9e016c52b5fbb1ef23742b3c84300c25e771e2274a9080c3ba3a46b8f272eb7221ed927f3b2f3f432e38b57efe119c630b7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
b446042e0f544a875eba0f81cd3f6542

SHA1
55d4c295e56575469fd22a7b7a688de2728c7978

SHA256
e313b3669f407a64fc4db210942f5f5869bc83bc877bfdeb44e55ad75c91ae58

SHA512
366d43f48ef2b1ebb9feb2187313467d60f6d33768883fd70d1ceb4ce8d8bb45d28e759857a9e5b9332377fef017f2085a3894aa0b9b2961b1d7c5feb6536663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6794a83f0cd5f44d5e99ed119b4102de

SHA1
a97e2b68212ef2db9b5db421c328f74d0d14f3fd

SHA256
fb91c0b1e0f59b62419fc1f1d5d35b94b97beca83fb186653c59e5c0a35b5bbb

SHA512
4d0616433bce1a40243b682ac2339de68e58ec598480d696d11d1bd9b4fb754af57afe5d08e442a3451826760ddb78a2f27da77a26ca8b021bee58d9558c9c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b33ae4bfd5f766a2dcd2811f46a6adb5

SHA1
274d054efb24fdec82aea859019d1fd483942556

SHA256
0a626453a4dfb471482212274860708543d5ba7269b50ccd21716e9640f0888a

SHA512
65dd2fd468877c07a54931a2f3615f49866e050674c677550aef1a2a6a2dc64a42200b8a6e847c91c3f46fba3151beddde7ab47e1dc795069bbce5a1ecff37c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1a347af22ebb39ca9b2122e9606d1639

SHA1
ff6197c1e31ff64f45e72c6532a0219ec322c446

SHA256
0a3b11b56ac09afc0ac63e98e9cd6a00f551b2bd9e2974f7f0ed389969294549

SHA512
32b70fb5aef9c516d21b3d0541f31014efa243315b3ffa3640730caec9f423d7c19fb5514de5dd8c36e662ed1dc1e6bed8fc4d81d217f7e42327c6169d0458fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
09b27d2bfa3f0c06ab7b29a7e6fc0697

SHA1
a8730d8722a62fb20b5ee8e74fb4768231bf28da

SHA256
c93096360d61bb00a26b3be2bc41a740bd1a9f2de26e70d479b90db1219fe719

SHA512
f9d12cc29bf17e16597dc18c9c02ce03e9671ddfabeb4dfc10191326dd76bb2fe7e6135066898060d50e64e76de6823f23553d6d7cd0b5cd459951d4bbfc51e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6c82a6700b65e385f5c3a900f673b7ab

SHA1
d50a7e8256e2b503321cf440d650247f93809765

SHA256
6fdec944c35d834cd580df4a3f91eb6f90f0673e96f348bd516da0f2393b6a37

SHA512
40aa69eb973567b56f8ddac375a6f9337561178388e780857538252b5655094f8e7cf10e31f2634c9c59ec00f3971185ca033c29db660dfd5a2860dfce3a07e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d7ee07ccfba610e90fd967fa6a91bac5

SHA1
328d69a7eb2fef4e9c4d24b7d3fcb508fb8568e1

SHA256
b98bbe8388a28e1ad786ef7daaa12a84bc31c3f32599c1a060fa5f6a5d72d580

SHA512
89cd7df3e0cf828a7ace04707c9d91f40cff3ba26bba0d30fc6f190ae6f0a5388ad9abf95a1f99d6d99742b8eef4d0c4da89f84d4910545f04a617b6aedfffde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15173bcd3b0a21045cbf2e3f74754da3

SHA1
c6d442aa1e721c60c962bce0b58c91f14d985b79

SHA256
89cffb1dd19c2e8dd521c04e8503361b1127e5635217fd49c1ec8a78df64486c

SHA512
9cadf255dd8a2b464a72835a79822ed5158ace8e44ebd431d7ab648725a4a69774c9b87ab729059099e59815c83b87fffb6a5e2720f99b633bad1ab1d72f1a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae4bbd9d618135967a3ea0b554dd34e2

SHA1
ff72a77178c2993b6afb28848a8a230689cac49b

SHA256
3c935f1f77415d05a0e601cb26e8e7e072694807df0522abfd2313df5b1663ad

SHA512
d743976aebd51023fd1e934002ce3ff94fc814b24178d2c93f2911d314428ea765030060b25701b4d52d1b20624ea0a1f672f4a869950ab202abdb879bdf2155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ed54f3bad2aefe78be86456bd5d2a6b

SHA1
e7a6f0d4c1348c90f4a4d3d8d025b5711275748b

SHA256
d4335217b372919fbdf025f7a008f6ca1f5d6be3ea4a1a3134ffe2a5bed4434d

SHA512
98fbd5ecd8c8ceb947583dc514e5f5e8b1126dece0e58d87064321735f9b2231dcde0f58205b80e201796227ac551f020c3faaa7ae81fd10e4966957965d3812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
850f559d05bce814d156da68eaabcdd8

SHA1
2b37f0fdd350177cdecefa755b7ac12abc54cbc9

SHA256
7fd0c4300e86acef65f90578d3d0ea16d7507dbc2569aac7dcf1cbf1d0ff06cf

SHA512
82c9e43f2ae59df323866edf72c6ca8391cf5d60e51442c5d160026ac410759bbaea61027fa87e91ab505101a03fb4f4dc39412a7360ac628b7088f135265856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8543546280a2ca523a7b8abb3b4ffd58

SHA1
0978bc5965985c566851dae6d199e8ecdb99531e

SHA256
22ef572e1faebb90539b5a194e653bb1467a0f5713eefbdb17811ab2b9760cb8

SHA512
e3079f4a7c86e3674035f698fc5405c8f5fd556a784d79c15ad8f87a7ef915413f6c29b32d7a49b400a692b72a8bf691937270fdade140eac4503dcde00a76a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ced6eb80c971a0b718cbfd599352daf

SHA1
2680baa7a9a6f8dfad9ce901e197b0f178e1802c

SHA256
340184ba0775a6867d141e258345aefefe4a6459207d76366fb1f8728e07f22a

SHA512
30ee5bdc851fa30549a5e2be783188f46de1e441378175922f65284d5792f27d42978d7c38a32fa5d8946b064bddc446b0caf06f194773c5d58c74e3faddb24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a7cf2b23761a340168319fac8a30ab8

SHA1
8c77a4874336e76817b688502cb6eb1b4b6f1876

SHA256
13e56cef1d824ed9aeeb77f912b3d75b4d2cf22ff54dd4e8b1b809c0271a1e53

SHA512
84a00d50f39429c0f95809057364b97b207469218c012e028037c3dc72613eb44e55bd118655e71afe4ba2377a445edcbdc34da291952900690ceb74b41fef9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c00e96016bb1416c5310177456718443

SHA1
f5a0a98d7c2d3081f35015a703c2bf2da800d9a3

SHA256
56f8e503841d234c65e7135e7aee8911b13e481fc5c08d51e6eb0653b40930aa

SHA512
6b928c0131de780c5ee0c3b0fd615bac09c1c1866c537fbb0238e159eaf0ccffbaa8540b78bd07aad24ebaf977f10f50f70d96c82c93c2e64cc68863182b1240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4583c279dd6f3c92d3a2355168d98fc

SHA1
689b43d63ce8c6d8ec0a814b15a28d8b332166c2

SHA256
6349890902fa0c4d44398ca31a436ad2edfcef506b492497e2396c8d7353ce67

SHA512
a565f644cd131de83f2b2302f454f89f5217bced75557da2a9bf4d38925ed3f2f4d75caec4847288cbf498b69b1f62f2c202aa9133e63e39a98e4931b26393a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7675747c05334a92a107af49b1b1316f

SHA1
8c03e7d3ae83ec7258628f1b53a7c3af31c13e79

SHA256
92d2398eb7b3381a136a4e560ada688e048bd77c52eec58d91912526013bc4dc

SHA512
84124924dad82e2db71b7441a14065036ff2dd78cee320d87bdc5d2d6912ad3fb3b534fa0af0a4ca7d286bb2b01aad9a2731a0224a41b01d6a36392f84979c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
79ded09266329809c0a9d953c8d416bd

SHA1
738c1784796728be3a7c7c86b9721945f19f97df

SHA256
915a2c4d1d3ed6a10e0d985ceda5b5fea58d60b99c91aaf662e97e2686ff3f64

SHA512
7213746820b0477f2def111af8c14001395bc27ec5be228d6615e2196e3a18ea59c797ab4d4f63f2b054306e5a565f10688041a3cebd8dff046a7effaa1d24ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7eabb95a8a59bed83e79fbcb164898bf

SHA1
11288a52297b6d81f2b37bdde4c3118c7e5b4222

SHA256
90fb8c502d49f6b8febb67e760db78b97526fcd854bf8139515f5181e07c6144

SHA512
e9c56226457f47deff2a41613f6b701d879f9e62ffff5799cf994e84d0c6cc1c4876492ff6184cfc3508bb67a7ef7083b1a36c1d2d4f2f232172a2188df9d304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
ab881e5536771bf73f46cdf4ce8e4257

SHA1
615834e55d0085434210252a181f03700f92ec84

SHA256
47f308367e8712f5e9052aa74822d2baa46eab5a47751b215bf37b2889e5cedb

SHA512
4b05f06f15a2dad3ae89bda2e2ef3492e6466bdefa80c7866a684a45089ab20b7aa2f26d09078fe5708b69039c6de5525c5642ab8c7e626cc1857b34326a169f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
25cf72ff1662af1227fd756330fdfb18

SHA1
db1a12becfeccc28adfa3e9a8630c7e89925ef56

SHA256
43440c4258d0e6ee2e9c099ee2f4e94bcd7d6794cb0f445e5de37d541da45b3f

SHA512
fcca3b3090693005685091b8c95c65b5445afd3e2f3790a392fd38cd403dda6c53cd7646d2cc229282791f0d2d027a6b1a6c93d64a69dc46228eef7c9ec1520e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
b195358b4aa843987a1b3eed896f02fe

SHA1
d14706c416cc786eb75fb1dad28920130611c07b

SHA256
527ccaf6b78aa714f3f8e86b5253469e3ef95ff43ca9670319e76e10f805a5df

SHA512
4ce701d885be46066efd2a4307382c7fa8c6fce9116c5fbd6ca7d11ac0f8d8084fcc31bce99a655863887c987fb56fa65c72b2b7602e28e186b660867886a999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
fc8253422e42feddb67d5a1b5e5200d9

SHA1
86a09c0d7dcfed6928dcb9f50d754beafd7fe8f4

SHA256
e13235dca71d0609b2f57c4e265dd2cb33c8288bb572e0ff9d7f492b88124850

SHA512
73c88fedf80d1f740c253bd71fcce2f646985024eb2af315e9648d2c406818da3ae773598cb434a637f9656be95cdd8586597ed99a443eeb63f95cbdb415cbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
5d654adfc22e946acdcda4cc4fd69000

SHA1
ae3c508b1c602a7f3001bc202dd104848f5a03ba

SHA256
5c356b5148eec570f863936803e28329bf5ced238f434399c2fdc5d240562d62

SHA512
58a59b1da9d81d8830fced26f44d08556a63128799baafc695794aeaf04e21614a3027ad4a28cc68d5805890c922cac245f6323d6deb64aba290c8ede2bb84ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
03ec552ebc610e9dd983bd617f75b473

SHA1
e107898772e09e23ed21473c9fe20559b9470e84

SHA256
2ba792d051945430970bc7ea1587348b351453d8de9a477bc8011ab966ba9284

SHA512
d3ccec57d421966e49039a262f25d4534c83ba5d0ec12217741ced80be867b4234bcd6e454edeab9b41b19215cdee29932117340ae511a3377671b1054b20271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582f48.TMP

Filesize
91KB

MD5
8d0907f940df7047cc4d8933f666c95d

SHA1
9997cf9df49f0dd586efab739acb3daa1cd963b5

SHA256
c732abeee35248da0273da48234b0745adcd297e004e8f147d71b3298ca167d9

SHA512
6870541d8541e6ab8aebe82de52e8cf9e131498d9c50e938dff7feea67fb40c169f66a5ff53eb2f97c6633be551f60dfc1dfde8b07fad350d692f9abcbbf5dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b0081c5529944e131d1133c67edb36fb

SHA1
a50923e28da6b1088adfbda7fc5606d53e63ac03

SHA256
5b38f35cde7ba9035a33637155f3aee55d1adcd4f1fe802b0efc7f0fbd892ef0

SHA512
1c964ae8b875be315c679185cd046f3b3db1309d148051cb5d0a8e18a1f861168e66aa9fecabe45cb1c0707e4a075ca8a11dce22f9fe86ec3e2878ed8f270f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\Downloads\Opal 080624 ez.zip

Filesize
14.4MB

MD5
39dd378d98735043da5c135b5556b6ed

SHA1
cc50aaab064717b14a10742b2a191cc03ae951ae

SHA256
8c9b16386f7ec432ca5b68bc435b49c6ee38b05e3f2360cb2a44dc4a3a6786ab

SHA512
dea437dedc375b97ea6338b8d66e329b8ef9a9b80bea176351e42fe08041a17385e571e34e0020a30ed5ad35962db16e4a6298a2911efb7e43065f2c96bc7f0b

Download Submit
C:\Users\Admin\Downloads\Opal 080624 ez\Opal-Patcher.jar

Filesize
7.4MB

MD5
60a2ddedbc03bc43c41daa858f5bd06c

SHA1
3bd4605685c148ed734aed7f0236725c320c2db6

SHA256
a8865c6ebf5f1b39bdee7e5205301c24e0b57e8a04a3f6ef120e998898bf4678

SHA512
9f2880faa3bde18b6c9fc260a2d2fc9ff7c16d92015b7c3d925ca12323903e54eca7a2f218956017c68f2db2df94618b6ab6f408b7bf0474c75c267a392340d9

Download Submit
C:\Users\Admin\Downloads\Opal 080624 ez\Opal.jar

Filesize
7.8MB

MD5
82428b26c53d6579a0dfb878ac85f02d

SHA1
0112b423395d558fd6e68dc59ecba57b2b3ca0d7

SHA256
018e7f22cc5fed88125b8aad188424cd659b937c35346b2a341a22c4e07db6ef

SHA512
d1134e7300b7278795e7032e1be54b130adbfda104a909eb279d20ba0cebcdb074ffd5603ee2606c392c3e19e4bb757f57e1c9175ec1186d1fc50c6300f7eca9

Download Submit
C:\Users\Admin\Downloads\Opal 080624 ez\README.txt

Filesize
43B

MD5
72b2527cd1490e4333493421589f2e23

SHA1
333b50581ea95cc10936e69aff1fb6269c7b02f4

SHA256
db7aee3940bb5de3b3142d37718be2cc692bfce1a9f2f8e78f431c17863d2e38

SHA512
c9623697d35d10668c6efdbd81ecb0be120617aa97abe091ca39bdbf0ac9a6a108044c9d923ca36abb55e67c312d89b04a5571e9254df0cdc35c11587012323a

Download Submit
C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe

Filesize
15.1MB

MD5
0d909a4a638465a17bc9f37c5024e574

SHA1
eab2bc1ca6ebfa17b95b8cacebcb04043238164e

SHA256
a82821a4c18ef940354b84cd625ce0fd8ed5cfba5418014063f054071bd5fccd

SHA512
5ca49bb16ef39f1cd7914a083f50f71099934b29baec7a813db16bd89ca1407912e135be7fae9260bc1513d722dbcddd5e841e50cab08f04eea0364f1ccbd324

Download Submit
memory/628-612-0x0000023CDE1A0000-0x0000023CDE1A1000-memory.dmp

Filesize
4KB

Download
memory/2372-1364-0x0000000000860000-0x000000000177C000-memory.dmp

Filesize
15.1MB

Download
memory/2664-1496-0x000002227EB30000-0x000002227EB31000-memory.dmp

Filesize
4KB

Download
memory/5156-632-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-627-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-625-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-626-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-637-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-636-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-635-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-634-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-633-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5156-631-0x0000023517E30000-0x0000023517E31000-memory.dmp

Filesize
4KB

Download
memory/5616-1507-0x0000012FA3600000-0x0000012FA3601000-memory.dmp

Filesize
4KB

Download
memory/6024-624-0x0000029B1A8D0000-0x0000029B1A8D1000-memory.dmp

Filesize
4KB

Download