18d2d16e3ad07b9f59296e3357c5fe33b431c38f5c8658e77b5cba587124c563

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

bd56f3bd19bbf9eb406b6a235362806f
SHA1

73d086046896e22b2cc2c0a1e783a3917afc3d80
SHA256

18d2d16e3ad07b9f59296e3357c5fe33b431c38f5c8658e77b5cba587124c563
SHA512

a5457940beb20d9df7e91a5923b3c1f498100ad55ddb143e8e94e65f65382793e26022994d8c87ce22aa76743eed5a0aa4dc29d8419a76793aed7f3dfe212a26
SSDEEP

98304:oWlL1+2WNmcGCVIps5phuIAFe5xHsc2JS9mihr+DywoS0yBBxdgZd:oWO3Qcvlh9A4fWmTyPo

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4884	OperaGXSetup.exe
3360	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
1524	assistant_installer.exe
4288	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
2028	OperaGXSetup.exe
1376	OperaGXSetup.exe
4884	OperaGXSetup.exe
6084	OperaGXSetup.exe
6128	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2028-0-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/1376-4-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/files/0x000100000002aaf6-12.dat	upx
behavioral1/memory/4884-13-0x0000000000BF0000-0x00000000011B0000-memory.dmp	upx
behavioral1/memory/4884-19-0x0000000000BF0000-0x00000000011B0000-memory.dmp	upx
behavioral1/memory/1376-77-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/2028-76-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/6084-590-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/6128-597-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/6084-651-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx
behavioral1/memory/6128-652-0x00000000006F0000-0x0000000000CB0000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673198688205656"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	5272	chrome.exe
Token: SeCreatePagefilePrivilege	5272	chrome.exe
Token: SeShutdownPrivilege	5272	chrome.exe
Token: SeCreatePagefilePrivilege	5272	chrome.exe
Token: SeShutdownPrivilege	5272	chrome.exe
Token: SeCreatePagefilePrivilege	5272	chrome.exe
Token: SeShutdownPrivilege	5272	chrome.exe
Token: SeCreatePagefilePrivilege	5272	chrome.exe
Token: SeShutdownPrivilege	5272	chrome.exe
Token: SeCreatePagefilePrivilege	5272	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe
5272	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2028	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1376	2028	OperaGXSetup.exe	80
PID 2028 wrote to memory of 1376	2028	OperaGXSetup.exe	80
PID 2028 wrote to memory of 1376	2028	OperaGXSetup.exe	80
PID 2028 wrote to memory of 4884	2028	OperaGXSetup.exe	81
PID 2028 wrote to memory of 4884	2028	OperaGXSetup.exe	81
PID 2028 wrote to memory of 4884	2028	OperaGXSetup.exe	81
PID 3568 wrote to memory of 4228	3568	chrome.exe	88
PID 3568 wrote to memory of 4228	3568	chrome.exe	88
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 2588	3568	chrome.exe	89
PID 3568 wrote to memory of 432	3568	chrome.exe	90
PID 3568 wrote to memory of 432	3568	chrome.exe	90
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91
PID 3568 wrote to memory of 3948	3568	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x31c,0x320,0x324,0x2f8,0xf8,0x74e0626c,0x74e06278,0x74e06284
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4884
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3360
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xb84f48,0xb84f58,0xb84f64
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4288
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2028 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240805082417" --session-guid=c912070e-673f-48f8-932c-6c50c5dcff0e --server-tracking-blob="MGRlMTdhMTI1ZjIxNjU4NjQ3MTEzZWJiMzgwMzJjNDFmYzgzYzg1ZmM0MjM5YTQ5YTQ1MDcxNTI3ZjM0YzY1MTp7ImNvdW50cnkiOiJGUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX0NBX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiZ1dG1fY29udGVudD02MzQyNTk3MTM4NjkmdXRtX2lkPUNqMEtDUWp3bFppeEJoQ29BUklzQUlDNzQ1QnlDRXA5OGFaSEJoOVdUYnJhbjFFQlhBWGZqazVzTnNlcnd1MjRQUldZdVNoVjBxTVR4QkFhQW5tZUVBTHdfd2NCJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glMkZneC1icm93c2VyJTNGdXRtX2lkJTNEQ2owS0NRandsWml4QmhDb0FSSXNBSUM3NDVCeUNFcDk4YVpIQmg5V1RicmFuMUVCWEFYZmprNXNOc2Vyd3UyNFBSV1l1U2hWMHFNVHhCQWFBbm1lRUFMd193Y0IlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fc291cmNlJTNEZ29vZ2xlJTI2dXRtX2NhbXBhaWduJTNET0dYX0NBX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiUyNnV0bV9jb250ZW50JTNENjM0MjU5NzEzODY5JTI2Z2FkX3NvdXJjZSUzRDElMjZnY2xpZCUzRENqMEtDUWp3bFppeEJoQ29BUklzQUlDNzQ1QnlDRXA5OGFaSEJoOVdUYnJhbjFFQlhBWGZqazVzTnNlcnd1MjRQUldZdVNoVjBxTVR4QkFhQW5tZUVBTHdfd2NCJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9Q2owS0NRandsWml4QmhDb0FSSXNBSUM3NDVCeUNFcDk4YVpIQmg5V1RicmFuMUVCWEFYZmprNXNOc2Vyd3UyNFBSV1l1U2hWMHFNVHhCQWFBbm1lRUFMd193Y0ImZGxfdG9rZW49NTY5NTgxOTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTM4MDUyMTUuMTI2MyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IENyT1MgeDg2XzY0IDE0NTQxLjAuMCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0NBX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiIsImNvbnRlbnQiOiI2MzQyNTk3MTM4NjkiLCJpZCI6IkNqMEtDUWp3bFppeEJoQ29BUklzQUlDNzQ1QnlDRXA5OGFaSEJoOVdUYnJhbjFFQlhBWGZqazVzTnNlcnd1MjRQUldZdVNoVjBxTVR4QkFhQW5tZUVBTHdfd2NCIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3gtYnJvd3NlciIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZSJ9LCJ1dWlkIjoiZDcyODlmYzgtMTk4Ni00ZGViLWFlOTMtMTBlNDgxNWIwNzgwIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=480A000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  PID:6084
- - C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
    C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.89 --initial-client-data=0x300,0x304,0x308,0x2dc,0x30c,0x723a626c,0x723a6278,0x723a6284
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee0eecc40,0x7ffee0eecc4c,0x7ffee0eecc58
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1392,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2100,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3616,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3964
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff63bc04698,0x7ff63bc046a4,0x7ff63bc046b0
    3⤵
    - Drops file in Windows directory
    PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4864,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4532,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4616,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3304,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5212,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5376,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5508,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5736,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5712,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5372,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6192,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6344,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6532,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6684,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6692,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6996,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7004,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7292,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7428,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7000,i,8315929965562829679,13610623653099842189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee0eecc40,0x7ffee0eecc4c,0x7ffee0eecc58
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=1928 /prefetch:3
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5040,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3388,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=3824 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3512,i,16867809051838103750,4514234751672503781,262144 --variations-seed-version=20240804-180044.838000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:3396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8
1⤵
PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240805082428.pma

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
a79262f89d388f555cb943871550ff2c

SHA1
c3e1bc1afc3f4401a358ac079e7adc56087e9e8a

SHA256
5dfeb6413e81e0b127f6b04c960164441a5551ee6f797af190cc1552bb638a5e

SHA512
0eaf66040355a4f0e432f1753c58f5134c7f917088ba9d424625bc44ca6c6af1a58a012ca19c35b5365e9adf75194dbff5f254ecd5ed4ddb7c5b38f30f43b878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d56c90cf1ff6567d934977fb178605c0

SHA1
2ba4bf90593b46f86073a990dc239b2ef9c15bec

SHA256
e4961ea48767fcd80a6c626350ec730c8fbcf7c84ce5a5097beb96af7aac2fdb

SHA512
6dee81c94e4b04831a3087c3016666a06a001ef0f5da9dbb0a1102e2da6caf60dcbd479e47a18bc39a7f8da7c0a3024a05c2913408a8acf2c890e19b2d9ee0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
78244e0b7201fed8431af4f64f8a60af

SHA1
2999aa03b2598932e0a74c7250f5f38a8fe8e2fb

SHA256
540de3f7db61d8c0c2a6c1cdfc94ab1d858c15971330a881c6c2b10858e684f0

SHA512
600cf0789c4350a78a084e1993e4e7b65790609166fa3a3fd821ed95f66ea181297a0a0f2c65b96198354054321c6b3a00d5c2644a6f67ec8ba375a3afe1c65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7667bdfc4a85f896bdfcba7d0e15fb21

SHA1
202e4e8414c6d9cb51c0913dfeee160848aaa3a1

SHA256
78d9fd9c9ca5a06d139e13734f57c90afc0077a8fd1688dee34eb6cc4d1fa252

SHA512
a43710265dfe37df172fffb318e99ed69280e7edbb01d391442fa60b50f46d4897b33de37f2bb3ff75f16386c6583cd787152f8b2410999bacb710cdb8e65ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
684c058cc1e496aa0ee68c902a6353c5

SHA1
eef68061437c3b5f1a8e7ad96322f614cc115f45

SHA256
ec293c4d9fa51b4e94a5d90efc9b4524311b413de03551e2f3a9e3b20986d29b

SHA512
d772c619a11c13e632e3e674c72552e0a5361a95fd4834409647b614f21e75dfe57d0947829fece7927860788af31794d9d23160fbb6e870212b19aa6878d485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e3e932c166b1914d244d3592cab7634e

SHA1
a7efccaacd5796ce58f4641882951e16e1d36f7e

SHA256
d4322e641d5c06dc3b187ebd76c0a3d7c250b4ecf3893e91c71a142b034fd256

SHA512
eca4b0aec432140428f9350c4876bbf8c6a310680093f3435851ecdb04ab4ce33c929f7efc4e74a6d5daeba084088b578e5bdc760b0172cf39dd3f8aea61c1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
35KB

MD5
8b0a6420656e6b9e1a066868a6ad1c85

SHA1
7249bf70feaea214d28f704a56eea2f0389e6e1f

SHA256
caac4b9a014a2cf3534ee03ce69d97f4a01528e6fd62de7f4ccd0c3e66063a1c

SHA512
33131110df4a8171463c2acd44e8e22f04ebff7ba38dee094a0b14b6f41031b59181f44adb4b0dec8cf6818467af91f9884ae19c112b43a3e0747e1a5ed3318e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
28KB

MD5
abcbcd48b6d813f6a580d9f59b2bfcb9

SHA1
0b00c96fb940309cdbf59bb4866d2423e77c035e

SHA256
f40d718d090a7d9fa4db0b9c2570cb05f7729e6c998c32c1c688f421ca7ac8c0

SHA512
b961f4d2e02c1470ae42cbcdff8c90f3b950f73c7f1182c205d0c5c0f187115283ba581d1dc9259d48004bf71e0b3e2d9d4bee8440a1e7baa553e92fb26d36d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
115KB

MD5
9c5cff803fb1edcf640ea9e4a02b8891

SHA1
43ba340a8b6d6d028b42e9674b66f667a50eaca9

SHA256
4196d95ab415218fc8dce5037601f39e1824f2e57c6ebebf5557ddb3f11b537c

SHA512
287f10790474658acbe31faee48b75fa9d4ff720f17854e91fa56652c673bc97f038263c4261060e0592e41715cbbe48d12f242dde97f8626a93d4332b89d021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
119KB

MD5
ad47211cbf2b5037a632b255bac497f8

SHA1
f7b8efcd83e1ee5b936239c34fccdbccc50cd6f1

SHA256
3ff66387417489de93fa393db6d511581ea6c3b5c75d35190309be9cd916a9a7

SHA512
642166e7a45e073fa05a249d94f4591f30d303011bc8b79efcc04e8475ae07f2817a11fe04b8265a2e6f7bebd8fca4b06a15ea11814c2e8b0a83c38efaac4d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
23KB

MD5
3efd8055fffc65d4a8944d4a926c4d06

SHA1
c7392e823ab3f500ca143021c51057d193c505e2

SHA256
319e2c432aedf99b8e3b4cbb5c3bb850bdfab95bec1a6301482207193b6b7864

SHA512
2602cd412546be793f9b0dc09619c656cd737fe681df1f118fc7d3e62e2f8ece6b9c48aaa001f18a10474661f61bf79ec9035e225dc995de133a2eea62905950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
124KB

MD5
e6500211683946695a759b3432417c7d

SHA1
89f7b9b271acc686ed8c40b11a3db86fce5764c2

SHA256
9dd3e74102924f4d88b5a1bd16b5f898d9763702b8bf778953664fec642fb6d2

SHA512
2970329f555e91c206c4008dcb98ba4f4f7648e12adf2f5f58869a5f47d1462ad9e6f41594c6bf575ef14dae5819b15a253f53b21b32fa87e1e2ec3df8f2d62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
86b9162404bfc13b8896cfd217070c35

SHA1
a30176166666fcaa41fdbbe8bef0c2f5573bc5f2

SHA256
675afe8f51d4c1b6e7aed91fd095ec81185b48f816f3e51a9c2b38117ed31128

SHA512
9eccafa4fdfb1bdc6168710e1c0c69abcf0380314d37799021a6138316c71a3f5df3a939e8b066854bbc6ed40d44d86970a35ed22ca9987d9ede7ab8d6f08e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
117KB

MD5
123a180cc58825d981adf5360fb54ce0

SHA1
9ac60ac2782fdb2df58044a902a5be068546596d

SHA256
b286b34bac2e24bf1f4a514b7f9f502337f6fe1558397718f54ab00d85e397d3

SHA512
20f470516b5a1a094dd79479de95b6bdebe9d4ed96c5041564d5dd31c364a27defbbcf3e9e806e1d0c1aebf246a874a98fa6b50545feffa98232540c5dd86446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
30KB

MD5
0fd73f6573dd429f34a08e56015f38bf

SHA1
786e195a8f3a7606e952e8a3866c26f1b7399821

SHA256
2b3aae58b9076b64bb4d11d4e78a3e6c16e0f5456054b969920ebb050c3fc16f

SHA512
8d67b6e105669f589c68f927c18bd2f23c673a55f06443f44a039e7b013aa2458b6bea1552f7b220a334772dbd230a894ee0ff7d1f3ee29e00eaf20c5953ef41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
349KB

MD5
231534dbc9f0bc1cbee263af80c30583

SHA1
56ae3fa282ebd20556246c5d6f10f1274a14e358

SHA256
e71d3e1607248eb4b2f09ad031d622c1df3f305ecb15ac81d44a5822834d122f

SHA512
f3864eb3a3616f551a876f1d373271c290fb3a2830aa854667ca63ff2dda72898c31f892a6e861a6d39e2aaf03899770c52fb4f1233e505434170ed396efda17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
42KB

MD5
59ce6f8786ca4f1e500913628d3989a4

SHA1
ba267b89d0c8a97415543944f7545cfa6f008424

SHA256
88cec93c73c76450b3eaa29e9bb2329075d4a439e752e532f1618229a41da45d

SHA512
19ac248b973405e88ec9927f6ff6c3cd8e98133fabf0f96f870e250bc1b8bfec483fa25a4582e725b86e94a2a7e6083bebb0e4dd85b11b71923fe1deebd5e17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
b23f4ab3813d29c7acc924b0f276765b

SHA1
a8dd53b8ce4d7b5620a63bdd00e38e43fa199dfa

SHA256
c7da04036fe34539befffb1a553626293ad089eb0263e17537b5d7ee5adfd08b

SHA512
d0f89732a3e94ce016ff749767cd00b739392b3b9e60b6f6b377bec2749870339e9c688ae3aa15630c4aee45dfde3feab1943ee452dca0eae3e0da3fc8684b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe5ad2aec0a707684431033f967f5e43

SHA1
a0a435d568ac9d23de16156d3b43002ab03293b0

SHA256
e94797db27aa44405a9cfc00b8ee14a4dbec9d0b468751fe64d5f27fd68499c4

SHA512
1176a49853f9496eb5252f125ec9008c382a5d5ff70e2618b602e99d9577565fbbb73cc6a5bdcf27eb3d12d6d2b16153b83c7fae750bfaa35c44d70883d2d044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8551361f4d3dd47675dd6195e62af5ca

SHA1
61395a54afd19d99ac5960ff5f74a46bf5dcb7af

SHA256
3711915b002920c3f10536a7aca0c008ad0b768f796595c553883280ba77fa0a

SHA512
22e5c7dc85872b6e613f6b067b20edd0a383135f5f41d75e94fd22da89af378d750a0005f56e1fec56d97a6f9cd84ed2fb7cf5bdcd078d09b5c88fb08305fdbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
dde3d0df0ddb3d5ec7c8face4b06a34a

SHA1
82b62f0d7301c31ebd73b2aa20cc1847cd38ba6d

SHA256
61a3d594d82b46cfd48a5dff51487d7754d258b00062c10825cb7e4aeb297156

SHA512
8ec66b0b56c8bb3a031e149512f1393b2ac849a294b2f5f26c32e212bcd1f41efec573b8a46169168ad47b09c998a4100c86bb20687ca8e7298871351192dc53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xnxx.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xnxx.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
223c69fa88bcb31ec1dcfaad0f85b661

SHA1
d650727928fd583f65a65915150bc0f6c2d056cf

SHA256
c810a574a352e1eaad6fa69c6c39815f1e65081f0edc9c470254a1f483b1be99

SHA512
9e70e5648f890a877b35441b05fd02f9e127a506cd83167097493c8106d0e448b778504c147b2ce7f489068e9eea8320d9039acdea17c3171cbff86eda89cbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db11405c20dea5e7ee5e759e2af62881

SHA1
3c971bce6e6e45cc60ef3ea0d9a2e1944b1ab609

SHA256
95de2471faaf35862188267dcce43c31cb1fa7d4e37de386d6960eff50a70854

SHA512
10ff0cde5aa67500430ac52e2c3ce6027279c332542f4fcdfcce05e52c050efdb97618e6ca113bdc0bb5361527c936d699caa4bdf107b0ffee7f4ea430507533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9e8abbd9e5c56a197870906c250d6840

SHA1
756fe1021a0bca22eece13c4984addb4ba0cae9e

SHA256
abc495d07bded4334c17a048d9090ee9eff35f0566cbabb5970c9b324155c056

SHA512
f5f13bf67bb43acf403331f742cd68e3a6adf0647ac3adce9f87886574952ae0c34447d558ead5df2d2b593e54f61330127168994ba2ab3324fc725cb74d7d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1c247536e6c3b95c57abdfc7bd3706b3

SHA1
8fd3c08dda053c58090a5e475a77ce7671a973f3

SHA256
f3996760d9589168fb4284993bec3c7dc86428bd69b5d538e1d180eb6e88c700

SHA512
6b15d969b2cc5a7c3c7aad37e9a5e311052ee4d9e3b62ecdf0d073f4cb8283c1c8a8c3866c00a182c086e5732ef08516f071693efde4b0979b5e6982b13e1966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e835a51e17646eb73e3d25d348aa17ba

SHA1
4efd043bd9c439c9ee707e13a344873dd1a1aa13

SHA256
b29e9a03b504e23e8a3ddf7e550f3c8929dd6ef108ea4447e63d86c8e1db702b

SHA512
38c2ff2c434a16cc70ec6935148088a443cfd1589b19ae37fdb5b3beb22bd304f091418bf5a4d3199dbb22c3991f8035dc8a479f81092e9c89a99cf6be745708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71b994866ffd70c65c311837788fd6d9

SHA1
71bd9121cffd0f66e3d1b19220ea6856cfa4537e

SHA256
d52c8dc9675e4f693decbd833f9ee361aa31c7c9875bf606d20551c8eff10aca

SHA512
0162ea3f5a3dd5ae5f233e81a660eac2acea3dc326c7dce0d24d31dca0b2321aa9b64c93bb9122ea1698dacb5729f4235138e002f6ed63e47d2c15993a83a416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e600782e9f2ce7a34d54d2169c9329d4

SHA1
30969275b7f93a53df1a419277f1a21015fcc6a9

SHA256
cfee95a6db5586d40bdcb3157097fbb9c7916c6e0b60d7ba829304593ec8c4b2

SHA512
72937b50b15506b414ef0b9f57b3e31666d0a20c8ec2cbcf95e6947e525102c2149d1f4560780d856307e48b39d8b38db80d7eb7296485366d23e6e058117307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d6fb0e38c23d26f9343df07105771cef

SHA1
75a4c4b2d1d91f772d010848bd07ead2be2c3996

SHA256
a2ade27ad86e8c569d682e73d0c179570e88e188b8875e4ae9abfbcc21bc8ed4

SHA512
811f764e1376775d60d10707c8002c9af64feca488c93252b7e954190245209cdb3841d8004c8d92fd1cb15d77e1deaa62c202712bef76c5a147f1d1dedc828e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b42bcc5c419d9f75f0ee3f7ecd8a387

SHA1
fd886655636089f6f09455508823cf3e78ec7fe9

SHA256
58d0de89244593f7df16096a901d006253e0a4be536ed1c8db05d2f99de89c37

SHA512
def59f346a7b9c3b004721575dc6a47047bd6bb83835b19b7dd749fc84f483c1cfa736bd7c427c24247eedac7475c800b76a38dcb7467038d094188ca37ea08f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e85247e8f6b311ef0067e23599be22f

SHA1
5b9f71951455d70077533269d4b2c78dc04277de

SHA256
3bff3b07b05ddea9ac5cc0a4d3d14ea7e3a1ae2939dffd0e979a1f748e04acb3

SHA512
17f3108d1900913be9bdc83dd9b642519d8ebee43a318f154d22aef44848b95d52c9be049088f5abb4fb4769578b5dd9e77cdede71617c4c805e636dff9e45e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
088bf990e1f5e3da503ed77ea0d6331c

SHA1
75c4701279833f18c40a7be85f2e2d5de99fb4c0

SHA256
7de46cbc5bb4750176af79934d8d862cf24b51c90a591cc70dc82da570857093

SHA512
7f0352cdf93f8782c792e7d70200885235abbe3f847fd681da3916cc8e5eb279e4245a46a32a29d0c0bbb5010a9039d37b84b601fce66664caa4e1b8ae0827de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
956e6145837484c2c426d17a4e4292ee

SHA1
f7cf910a758b159fcdc09825d85d3b18a5cb9304

SHA256
65aff87172d6b2ab6f70bf6de41c7b4662fda6ae137c334b2b87c90d84fe3579

SHA512
cbc25543765eed7e30be10ee49a9b9acfa62c2153f1c7654f2bd372d952e4c4627dd11dbe43b9c30dccf047c774d03b70446ed17bd8c3ceac755931c1ecc4d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fbb4fe35aff5f0c9b8939875f4e637a

SHA1
4a5a65910ba76782f92ce9e0e7b741bffc0eef0c

SHA256
b9bfa0ecd71bfbc69b0b614a3c567d2553e66f36f6e20c7c02175d1b94b0bea8

SHA512
9eb1a74ed93c515adf7f0fb443cf2c07ed72c809319611b48e78da7dc62d7f3c25a92b785018d94c66af01b8296cdadc3a305e2da5ea127e6ae32b267e8d3e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93bb1b9ca072cec4cb81c13d878452d4

SHA1
b025c6aa3c9f71bad39f1b600b9e6c5b3151dcdd

SHA256
86a7a08859d77171cd27f38e2f3273ba76ab9bc275777a6b653a41b68942a70f

SHA512
b0a2b4365a99edeef3de0a0efffea2892ac7ed2f5061f5f33c189565fc06e2c2da1d32eb9b572b91ecce07f4452bc6de67a909c2711ea77c273f5d467f9f15f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9c3f30682af926b4f911b4e94eb10413

SHA1
e50fe99fcb93d3fa23823eee0d799fab693291b0

SHA256
2f8e7574adfae6809766577a006d48ba09a446de5e1c7b3fd5cc1100c70feaaa

SHA512
b008b7d5713ca7d43305e79cdedd9ba0234206460a6290146857b8e2a835360bc3178d73927b419a002a899dcaa54725f000528230901382ce44a6205b6e8010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
b32d10420565dd4447da8783915ba190

SHA1
6eb553a0a936dec933416d85a707a7dcafe6ce4f

SHA256
a88e2fca89669a959ac11348e2d42acd620587c4b20720ad8eb95239f6e16f32

SHA512
813f606b5e4ba87e4c88f6f17cd04f7ff8cdc3f49feaa9e970061c25b466e6c1f2a45f5caceeb6e6dc4e1cf2d5a05c198d73911f8de74dc614d06eed7e0fc883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
bba0c8e503ffefadf94dd67f409a0b27

SHA1
574cbc1e9904760d30f771dd21c9f922b9d3ad2a

SHA256
db8b1a1561234da4cf0490cb4c7c35b5be08434186ff93440862427eba283f20

SHA512
d7e3feddb7433c50d890be23b01813cda199cbd1c7d0637764240caade13b01cbbd1b69cd0ac00a9e9112b7086fd704cbb6a23bbbcdf39786e3be8d13f644802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
d49cfa98bfdea03013458ae5cb7b2bbf

SHA1
997316b5b10798750b67afb3851ddd3e78198fe7

SHA256
4c1abff3535d09ec4d803de8edccf135e229f33801a1b777fc05a553e4a65b6e

SHA512
55595bcc79cf26a6682b746ff7919f27fbf7d5a6e0a937e8112ce4a18af2c8209f275cfa00b157279e1f483a6b30349dce1cef2b368026474116602223d3fdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
30e4efd98917e98802ef201cdcf57287

SHA1
69da0042f0a8a8d1a624e9ad867a3362b365d103

SHA256
d9675aa566e5a469baab155a33541632069a193bd6e00f99f762a5674ced7526

SHA512
042b7568f6096ab19ebab9002963a2c24413d8888f6fd1f549ea6f18b23ac5314ae2bd5ea185c6a4e3efaf1acd30eaae8cc50980443cc38ee2d57f3e179d5722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0b491cb0e20913efbc7f78d74642f7cd

SHA1
758fa417a5452de29f34c41f9d8e9bc0737fe686

SHA256
ec0c9990f5e9c2dd1116c48a386c4f274fca4275afb9056c9486f4e6d6a5f443

SHA512
fe357f6ba59ed4cc231a9ac1bd6d8d5981de493237d81523eb6c1b4bae1402f95df9b1da882d2ce31a2dd04df5b63d4dce7b0c2dc3a54c53539d5cb2ffd8dc71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
aed59cf56d8c5c0345268211700149b2

SHA1
d0c3e63473b6438a9c9c1f261467a0ae7c256ab3

SHA256
83638a6b96a9bd10953c0f70b2b171a94ac50f9828eb9bd3956277dbb209ce4e

SHA512
54bba1ba39dc7f5d85685b254528dafb9cff2b7c001c82cb457f10a6d1caa2d5d9d810e4bb0a712bdb2ddb8c3c01c78786996a40681f712e2e10b7ccc7f17f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fcf77ef01b945f33b0242ec9aa257b5a

SHA1
682ac300cbcfab1baed7ac94b855516d94a9a041

SHA256
1d7a38ee39350c0703eda1f36d194bcb8cdd2ee03c7b026e631bfd178cfeac01

SHA512
9fc58d08919b08e6347d2e9cc1860ba875c008c97df077969c10843831f191f67d02a24e0ce50f1bc07f469c684af1d9638bae059b02881372b2d27a4e00a949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e7010445d1684a12fbae3ae17161d211

SHA1
95de5f9271f623c4084044181f807aa1a993d3b3

SHA256
9c5feea92c3b4d18234eac4c1f9d5145315cd38664244754c1336bec2b25ce78

SHA512
e6fd5c4839ae96d6f712e2870d462916da6d4a1a676d752a5cdbd9fa5b75bc24be9660cae39098908a87953f453612f44eb6b0db05ea4104c698940c3e17d633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
4e39f5d15516994c1182fbafe103c1b0

SHA1
c037e649b470ba0152bc16f0562e85d41bfacedf

SHA256
2219cde2d2a58dd436da7d659e3cbf0b4c4710ca559aff8ef485858741d40a1a

SHA512
1149307e5ee92a7d4f2dbbf7a7465bd50e64513093dbc5361390018521735fd61433d514fa5588e74e9a2b02b1126b141127213ce683d4fa78dc6a1279f5052f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
11973badeb7ab5884634f13b7fc27bb7

SHA1
f3e1211f159f76ee6f5db2a3a6cf83af64f8b749

SHA256
cee75ceafa3e247cd91f0d2d5670bc6016312db2e595a98e03c79858ec46970a

SHA512
ce725de108f84d23b3380286e7ab83e0a51d480a48c64f6f20e15739569118bbc500d3187ba29da375a74da3be17076c7852e66ae6e9c15be743ae83841d2ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.4MB

MD5
bd56f3bd19bbf9eb406b6a235362806f

SHA1
73d086046896e22b2cc2c0a1e783a3917afc3d80

SHA256
18d2d16e3ad07b9f59296e3357c5fe33b431c38f5c8658e77b5cba587124c563

SHA512
a5457940beb20d9df7e91a5923b3c1f498100ad55ddb143e8e94e65f65382793e26022994d8c87ce22aa76743eed5a0aa4dc29d8419a76793aed7f3dfe212a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408050824171\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408050824163512028.dll

Filesize
5.2MB

MD5
3b60f0a8ad54d51f30bd2748faa14c3d

SHA1
831259caa00ac546b76fc21ea2f6b4dd7c26aeaf

SHA256
0047bf9db605d0cc7fe247834f3faae5f026fae9cbe0848984e801c64a6e513d

SHA512
c352453424792204182fb334c95c5679a5b8f6448e616ad1552922b7bf061451787f17dd62ade11055585684022e53a9864671ace51a114157087042fc9da42a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
5e36c86e21e4c6dd439e9335da06e391

SHA1
ecd7271af842a71e6e02771fb595394966c3a5eb

SHA256
1f19f43c90dda07cf8d29293aab23d0f778901f81e687add79aa45f690342368

SHA512
77160afbb9caf69788726333fddd4f99f55a5d5544410246ca3f6cd5c551d1469089c44a4bb4242eda98d1bbb006a7e6f488a4777a4f77955d23a31d0c96a3cf

Download Submit
memory/1376-4-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/1376-77-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/2028-76-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/2028-0-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/4884-19-0x0000000000BF0000-0x00000000011B0000-memory.dmp

Filesize
5.8MB

Download
memory/4884-13-0x0000000000BF0000-0x00000000011B0000-memory.dmp

Filesize
5.8MB

Download
memory/6084-590-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/6084-651-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/6128-597-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download
memory/6128-652-0x00000000006F0000-0x0000000000CB0000-memory.dmp

Filesize
5.8MB

Download