Overview

overview

7

Static

static

1

MuMuInstal...05.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-08-2024 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe

  • Size

    5.3MB

  • MD5

    fbd9ad001bb2719f574c0705c5de05fb

  • SHA1

    d07e77a490ad677935ac8213b88237e94440e791

  • SHA256

    f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

  • SHA512

    5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96

  • SSDEEP

    98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score
7/10
defense_evasiondiscoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Enumerates connected drives 3 TTPs 5 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Enumerates processes with tasklist 1 TTPs 3 IoCs
    discovery
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 59 IoCs
  • Drops file in Windows directory 7 IoCs
  • Executes dropped EXE 22 IoCs
  • Loads dropped DLL 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 47 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 12 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 14 IoCs
  • Modifies system certificate store 2 TTPs 15 IoCs
    evasionspywaretrojan
  • NTFS ADS 3 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
    "C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\nemu-downloader.exe
      C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\nemu-downloader.exe
      2⤵
      • Enumerates connected drives
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4048
      • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\ColaBoxChecker.exe
        "C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\ColaBoxChecker.exe" checker /baseboard
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2004
      • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe
        "C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe"
        3⤵
        • Executes dropped EXE
        PID:928
      • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe
        "C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe"
        3⤵
        • Executes dropped EXE
        PID:4736
      • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe
        "C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe"
        3⤵
        • Executes dropped EXE
        PID:2236
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e426cc40,0x7ff9e426cc4c,0x7ff9e426cc58
      2⤵
        PID:3892
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1852 /prefetch:2
        2⤵
          PID:1196
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
          2⤵
            PID:2380
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
            2⤵
              PID:4484
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:3116
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3304 /prefetch:1
                2⤵
                  PID:920
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3560,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4496 /prefetch:1
                  2⤵
                    PID:2552
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4428 /prefetch:8
                    2⤵
                      PID:1996
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4636 /prefetch:8
                      2⤵
                        PID:1168
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5244,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5336 /prefetch:1
                        2⤵
                          PID:3500
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3760,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:1
                          2⤵
                            PID:1212
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3112,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3344 /prefetch:8
                            2⤵
                              PID:420
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3780 /prefetch:8
                              2⤵
                              • Modifies registry class
                              PID:3880
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5232,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3464 /prefetch:1
                              2⤵
                                PID:4768
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5572,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4292 /prefetch:1
                                2⤵
                                  PID:3792
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4548,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3424 /prefetch:8
                                  2⤵
                                    PID:920
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4932,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:8
                                    2⤵
                                      PID:3896
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:8
                                      2⤵
                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                      • NTFS ADS
                                      PID:2652
                                    • C:\Users\Admin\Downloads\Vega X Windows_04763393.exe
                                      "C:\Users\Admin\Downloads\Vega X Windows_04763393.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1868
                                      • C:\Users\Admin\AppData\Local\setup04763393.exe
                                        C:\Users\Admin\AppData\Local\setup04763393.exe hhwnd=262690 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-rvXoF
                                        3⤵
                                        • Checks for any installed AV software in registry
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        • Modifies system certificate store
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5048
                                        • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
                                          "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
                                          4⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:2552
                                          • C:\Users\Admin\AppData\Local\Temp\4n1lnvmy.ucc.exe
                                            "C:\Users\Admin\AppData\Local\Temp\4n1lnvmy.ucc.exe" /verysilent /ppi=1 /ppinag=2 /ddtime=500 /delay=10 /source=lvstqdu /pixel=LVS5091_LVS4980_RUNT /pubid=ES
                                            5⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:2268
                                            • C:\Users\Admin\AppData\Local\Temp\is-JAR91.tmp\4n1lnvmy.ucc.tmp
                                              "C:\Users\Admin\AppData\Local\Temp\is-JAR91.tmp\4n1lnvmy.ucc.tmp" /SL5="$50106,5773230,1034240,C:\Users\Admin\AppData\Local\Temp\4n1lnvmy.ucc.exe" /verysilent /ppi=1 /ppinag=2 /ddtime=500 /delay=10 /source=lvstqdu /pixel=LVS5091_LVS4980_RUNT /pubid=ES
                                              6⤵
                                              • Drops file in Program Files directory
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3532
                                              • C:\Windows\SysWOW64\schtasks.exe
                                                "C:\Windows\System32\schtasks.exe" /delete /tn "Quick Driver Updater_launcher" /f
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:2104
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                "C:\Windows\System32\taskkill.exe" /f /im "qdu.exe"
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                PID:3148
                                              • C:\Windows\system32\schtasks.exe
                                                "schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Quick Driver Updater skipuac" /TR "'C:\Program Files\Quick Driver Updater\qdu.exe'"
                                                7⤵
                                                • Scheduled Task/Job: Scheduled Task
                                                PID:2400
                                              • C:\Program Files\Quick Driver Updater\qdu.exe
                                                "C:\Program Files\Quick Driver Updater\qdu.exe" cntryphnno
                                                7⤵
                                                • Executes dropped EXE
                                                • Modifies system certificate store
                                                PID:4852
                                              • C:\Program Files\Quick Driver Updater\qdu.exe
                                                "C:\Program Files\Quick Driver Updater\qdu.exe" silentlnch
                                                7⤵
                                                • Drops file in Windows directory
                                                • Executes dropped EXE
                                                • Checks SCSI registry key(s)
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                • Suspicious use of SetWindowsHookEx
                                                PID:464
                                          • C:\Windows\SysWOW64\cmd.exe
                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
                                            5⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4996
                                            • C:\Windows\SysWOW64\tasklist.exe
                                              tasklist /FI "PID eq 2552" /fo csv
                                              6⤵
                                              • Enumerates processes with tasklist
                                              • System Location Discovery: System Language Discovery
                                              PID:872
                                            • C:\Windows\SysWOW64\find.exe
                                              find /I "2552"
                                              6⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:3064
                                            • C:\Windows\SysWOW64\timeout.exe
                                              timeout 1
                                              6⤵
                                              • System Location Discovery: System Language Discovery
                                              • Delays execution with timeout.exe
                                              PID:3540
                                            • C:\Windows\SysWOW64\tasklist.exe
                                              tasklist /FI "PID eq 2552" /fo csv
                                              6⤵
                                              • Enumerates processes with tasklist
                                              • System Location Discovery: System Language Discovery
                                              PID:4120
                                            • C:\Windows\SysWOW64\find.exe
                                              find /I "2552"
                                              6⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:5056
                                            • C:\Windows\SysWOW64\timeout.exe
                                              timeout 5
                                              6⤵
                                              • System Location Discovery: System Language Discovery
                                              • Delays execution with timeout.exe
                                              PID:2780
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:2264
                                          • C:\Windows\SysWOW64\tasklist.exe
                                            tasklist /FI "PID eq 5048" /fo csv
                                            5⤵
                                            • Enumerates processes with tasklist
                                            • System Location Discovery: System Language Discovery
                                            PID:232
                                          • C:\Windows\SysWOW64\find.exe
                                            find /I "5048"
                                            5⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:1928
                                          • C:\Windows\SysWOW64\timeout.exe
                                            timeout 5
                                            5⤵
                                            • System Location Discovery: System Language Discovery
                                            • Delays execution with timeout.exe
                                            PID:3156
                                      • C:\Users\Admin\AppData\Local\setup04763393.exe
                                        C:\Users\Admin\AppData\Local\setup04763393.exe hready
                                        3⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        PID:240
                                      • C:\Users\Admin\AppData\Local\OperaGX.exe
                                        C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
                                        3⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2804
                                        • C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe
                                          C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe --silent --allusers=0 --server-tracking-blob=ZTI1NzUwMGE0NzBiZDViMGI5ZDc3YzUyZGRjYzM4NzBmODY5NzYyZDQ5NmM0ZDQ3NWQ1MjkzOTEwMzU5YWNkMTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0yZjljYjI4MDBlYTE0ZGY1OTM1MTM1YzE1YjA5Yzc0ZiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MjMwNDc2NzIuMTY5NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMmY5Y2IyODAwZWExNGRmNTkzNTEzNWMxNWIwOWM3NGYiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIwNTFkN2Q3NS05MjU0LTQ3YmEtODlkOS1hMTY1OTc1YzQ5NGEifQ==
                                          4⤵
                                          • Enumerates connected drives
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          • Modifies system certificate store
                                          • Suspicious use of SetWindowsHookEx
                                          PID:1812
                                          • C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe
                                            C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x6c261160,0x6c26116c,0x6c261178
                                            5⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:4156
                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                            5⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:4612
                                          • C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe
                                            "C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1812 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240807162115" --session-guid=1f75165f-82c4-441e-bb1e-5a8a927c3f43 --server-tracking-blob=MGRmMmY0YWEwNDQxOTUzMzNmMWZhYmZhMmYwNWFjNWU2ZDQ4YTIyZGEwMTgxMmMxMzE3MzNhMDlmMmE0NmRkMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0yZjljYjI4MDBlYTE0ZGY1OTM1MTM1YzE1YjA5Yzc0ZiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMzA0NzY3Mi4xNjk0IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIyZjljYjI4MDBlYTE0ZGY1OTM1MTM1YzE1YjA5Yzc0ZiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjA1MWQ3ZDc1LTkyNTQtNDdiYS04OWQ5LWExNjU5NzVjNDk0YSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000
                                            5⤵
                                            • Enumerates connected drives
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:1616
                                            • C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe
                                              C:\Users\Admin\AppData\Local\Temp\7zS4FA86D38\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x6b611160,0x6b61116c,0x6b611178
                                              6⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of SetWindowsHookEx
                                              PID:864
                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                            5⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:3116
                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\assistant_installer.exe
                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\assistant_installer.exe" --version
                                            5⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:3368
                                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\assistant_installer.exe
                                              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x8c4f48,0x8c4f58,0x8c4f64
                                              6⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2352
                                      • C:\Windows\SysWOW64\NOTEPAD.EXE
                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Opens file in notepad (likely ransom note)
                                        PID:2204
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4944 /prefetch:8
                                      2⤵
                                        PID:2248
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6152,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6084 /prefetch:8
                                        2⤵
                                          PID:2924
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5964,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6228 /prefetch:1
                                          2⤵
                                            PID:2556
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5884,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5088 /prefetch:1
                                            2⤵
                                              PID:3160
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=872,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6480 /prefetch:1
                                              2⤵
                                                PID:1888
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6656,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4392 /prefetch:8
                                                2⤵
                                                • NTFS ADS
                                                PID:1600
                                              • C:\Windows\system32\NOTEPAD.EXE
                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Vega X Windows.txt
                                                2⤵
                                                  PID:4548
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6712,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6456 /prefetch:1
                                                  2⤵
                                                    PID:4948
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6524 /prefetch:8
                                                    2⤵
                                                    • NTFS ADS
                                                    PID:3336
                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Vega X Windows (1).txt
                                                    2⤵
                                                      PID:988
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5988,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6020 /prefetch:1
                                                      2⤵
                                                        PID:4684
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6644,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5980 /prefetch:8
                                                        2⤵
                                                          PID:3528
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6680,i,13359611871810944884,17688837301578883429,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6028 /prefetch:8
                                                          2⤵
                                                          • Drops file in System32 directory
                                                          PID:3032
                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                        1⤵
                                                          PID:988
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                          1⤵
                                                            PID:1368
                                                          • C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                                                            C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                                                            1⤵
                                                              PID:3664
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Modifies registry class
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:3064
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Modifies registry class
                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:700
                                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Vega.X.apk"
                                                                2⤵
                                                                • System Location Discovery: System Language Discovery
                                                                • Checks processor information in registry
                                                                • Modifies Internet Explorer settings
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2588
                                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                                  3⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3444
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C76BD28D33937260BAC6DB1216EA29FB --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5032
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C89348F5079E938EC20C1E367BB74B3F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C89348F5079E938EC20C1E367BB74B3F --renderer-client-id=2 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job /prefetch:1
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:2592
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3165EDD6CD7940AF82C6F3307C9A98D7 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:4908
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=671D51E2034CA83B1B8ACCA52B4291CD --mojo-platform-channel-handle=1928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5160
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8904B235B18737F47BE217C4A41C6F6B --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5256
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D8EF0CBFE21A42C49533AD39251B7BE0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D8EF0CBFE21A42C49533AD39251B7BE0 --renderer-client-id=8 --mojo-platform-channel-handle=2592 --allow-no-sandbox-job /prefetch:1
                                                                    4⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5488
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:4720
                                                              • C:\Windows\System32\rundll32.exe
                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                1⤵
                                                                  PID:5996
                                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Vega.X.apk"
                                                                  1⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Checks processor information in registry
                                                                  • Modifies Internet Explorer settings
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:6092
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                                    2⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:6140
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9EA86B5DC9B2E3DB909B7B97EFFE1EA --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5164
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0E7EB33DFD4DE63C2681E2A903988145 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0E7EB33DFD4DE63C2681E2A903988145 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5268
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=77769BA77E5D199DCC71D50C873ED820 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5512
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3413FB8907576DAE6B80FF71E6C32BA --mojo-platform-channel-handle=2524 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5676
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A75068DBAA5499D2A1B918AB2BE56E49 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:1500

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Reconnaissance

                                                                Resource Development

                                                                Initial Access

                                                                Execution

                                                                Scheduled Task/Job

                                                                1
                                                                T1053

                                                                Scheduled Task

                                                                1
                                                                T1053.005

                                                                Persistence

                                                                Scheduled Task/Job

                                                                1
                                                                T1053

                                                                Scheduled Task

                                                                1
                                                                T1053.005

                                                                Privilege Escalation

                                                                Scheduled Task/Job

                                                                1
                                                                T1053

                                                                Scheduled Task

                                                                1
                                                                T1053.005

                                                                Defense Evasion

                                                                Modify Registry

                                                                2
                                                                T1112

                                                                Subvert Trust Controls

                                                                2
                                                                T1553

                                                                Install Root Certificate

                                                                1
                                                                T1553.004

                                                                SIP and Trust Provider Hijacking

                                                                1
                                                                T1553.003

                                                                Credential Access

                                                                Unsecured Credentials

                                                                1
                                                                T1552

                                                                Credentials In Files

                                                                1
                                                                T1552.001

                                                                Discovery

                                                                Browser Information Discovery

                                                                1
                                                                T1217

                                                                Peripheral Device Discovery

                                                                2
                                                                T1120

                                                                Process Discovery

                                                                1
                                                                T1057

                                                                Query Registry

                                                                6
                                                                T1012

                                                                Software Discovery

                                                                1
                                                                T1518

                                                                Security Software Discovery

                                                                1
                                                                T1518.001

                                                                System Information Discovery

                                                                5
                                                                T1082

                                                                System Location Discovery

                                                                1
                                                                T1614

                                                                System Language Discovery

                                                                1
                                                                T1614.001

                                                                Lateral Movement

                                                                Collection

                                                                Data from Local System

                                                                1
                                                                T1005

                                                                Command and Control

                                                                Exfiltration

                                                                Impact

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Program Files\Quick Driver Updater\qdu.exe
                                                                  Filesize

                                                                  4.0MB

                                                                  MD5

                                                                  dfe06df90a37a45b23e33f510dda9554

                                                                  SHA1

                                                                  370edde62c86c1cdae423e966c6e31d5f0bffb58

                                                                  SHA256

                                                                  68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

                                                                  SHA512

                                                                  c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

                                                                  Download Submit

                                                                • C:\Program Files\Quick Driver Updater\unins000.exe
                                                                  Filesize

                                                                  2.7MB

                                                                  MD5

                                                                  348e9aad9e445392ba5c9fe96daf6f8b

                                                                  SHA1

                                                                  e04d450778d05cabb111903892dda0cdb288cd98

                                                                  SHA256

                                                                  5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

                                                                  SHA512

                                                                  c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
                                                                  Filesize

                                                                  528B

                                                                  MD5

                                                                  acd701282939c5aff9df6168d6de390f

                                                                  SHA1

                                                                  b58aa39a2e00a3c7be17077c2b4c5d1128c2c39b

                                                                  SHA256

                                                                  e770b5c517c16a4416fad28273bababb9e2b24a9c5045af47e3ef8f16ac09edb

                                                                  SHA512

                                                                  10657bcec2b9b398b86c20930f24be9a3231204a41477fd92db9eef7ed375eced12880aa4ba59c5441204d3ee753ecf930c1d0143dc756ce8751eb06b5ed1263

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config
                                                                  Filesize

                                                                  798B

                                                                  MD5

                                                                  f3da41e2f01ec12a28efa662df2fa963

                                                                  SHA1

                                                                  9760227f497132829ec34fffec6184969043bba1

                                                                  SHA256

                                                                  a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2

                                                                  SHA512

                                                                  ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
                                                                  Filesize

                                                                  12KB

                                                                  MD5

                                                                  fa46211c2ef37a788345fd6e08030b3b

                                                                  SHA1

                                                                  8993add675de86f62359ee985fbfb5b1f2fa3505

                                                                  SHA256

                                                                  ff57e16bbf6e33e3abde99c7d6ea4c42901e19e48aac8fde15e1116975e2f1a1

                                                                  SHA512

                                                                  acd8e49d8c479b0640ce67015c6285ed8cd5b87bae6b4896b5a80e3fcfe44bb59635a8143ef2c21d6f3db15d8cefa19135d4764e05306b6820e02134c49dbc2c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                  Filesize

                                                                  64KB

                                                                  MD5

                                                                  b5ad5caaaee00cb8cf445427975ae66c

                                                                  SHA1

                                                                  dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                  SHA256

                                                                  b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                  SHA512

                                                                  92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                  Filesize

                                                                  4B

                                                                  MD5

                                                                  f49655f856acb8884cc0ace29216f511

                                                                  SHA1

                                                                  cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                  SHA256

                                                                  7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                  SHA512

                                                                  599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                  Filesize

                                                                  1008B

                                                                  MD5

                                                                  d222b77a61527f2c177b0869e7babc24

                                                                  SHA1

                                                                  3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                  SHA256

                                                                  80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                  SHA512

                                                                  d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  432B

                                                                  MD5

                                                                  41f9224fb0ce73e40b8e369582510625

                                                                  SHA1

                                                                  6b6119595c10128dfb8a59c580d745ef2c0ee345

                                                                  SHA256

                                                                  1d7acd00a00a57f1c816c8bd8137b26f47203c3f7a09e1126490263f741212e0

                                                                  SHA512

                                                                  e8199fa28719657beecccd35c7d2aef58309b80979ce920bbb8af27ab344f81c249029cc8eaeb5a40e33b6ac69f4fa5c20a8e5f0d78f1ee5d381d9a6eb8d7626

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  7a4e29b1a08cb27bd9f0185f51781051

                                                                  SHA1

                                                                  21d3f2062957e7437accb9c73c82410124ef7a4c

                                                                  SHA256

                                                                  9cbdfbbfe82e1cc684bc0b98f34d7c7ebc53a220826b112704387ba6c4a11e40

                                                                  SHA512

                                                                  c29a7fd8f45208059ffbd2e0ea5e0b333392641ce09bd09cdb8ed9426d7488be91a5d70850049aa7aabcb26f7d6d6061230d7ee13637d503e660537960dabd9b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                  Filesize

                                                                  859B

                                                                  MD5

                                                                  d00869878302229578f84e9c45e06743

                                                                  SHA1

                                                                  e86ddf9f438b33432a5b7970aea51d1757334359

                                                                  SHA256

                                                                  2c5628d9697aa434f3393a7fcc8cc000d03a5131c0bdaf998d87d23669cbe2bf

                                                                  SHA512

                                                                  76ab4411cb2d751ceca20353cd6166dd65fc8c164b65094478a57b499f39fe6f22f772d9504b19937f2260fca4eb85b856b2934743242575eaaf7f5dbae07f54

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                  Filesize

                                                                  859B

                                                                  MD5

                                                                  ca7f50f09d5520b571019636b70aa99e

                                                                  SHA1

                                                                  97fc4cabd311a847af5a24fb3d7aec71460cc2dc

                                                                  SHA256

                                                                  7b389ffd57d5b05cfae08b9c6251e186746de446df98b88938592bad6d528f8b

                                                                  SHA512

                                                                  9e995547fe0c92ee0813b22a0a38e8477837b0d82c4e5fedc8f92c0138892b94503ff7a98578aa8a7324a38ed5ead1ffdff22e6bb2df21d1c6bf327f4f712549

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  5055e02cf5eb91c8b979d9120363ddf5

                                                                  SHA1

                                                                  8489127e81dd936a966ca631b0833bb198706178

                                                                  SHA256

                                                                  8f3b32c918e2c29adf42cbf9e0ab13e5f3c089b65369817f1fa08b66b2df7173

                                                                  SHA512

                                                                  af8596abfd9dda65f7f34ef048d9dd0d7b170803a3f5d755412070c754e74be531ad03c0b22a43ed73bc46de347d5a937c2bb1b87999ce46bae40a8a7bfb7168

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                  Filesize

                                                                  859B

                                                                  MD5

                                                                  90d18480e6ff6f8b588cc2e96d76af1b

                                                                  SHA1

                                                                  a3d2d71f7a257802c58280731658e49897574743

                                                                  SHA256

                                                                  d9d5a547d520b11a976d93110fcdfd8f7a893da6b0d81ae7a861b604815e9e62

                                                                  SHA512

                                                                  308169896214a586e02df95f7a21baac8e682986e5477a7670c38541aab216aec0cf68fa53761fb1cecef4eb485e93f0c37f39a7ef0dd94d3c52dcc8b0f13dca

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  c9e6028a04ec367920c83f1fa7953646

                                                                  SHA1

                                                                  446f92eae4398b96839a1c7458f611b614f4c013

                                                                  SHA256

                                                                  4f97cec24e94beca3bc760e59b42794b5b88b10371c1c8e4702ec06b18d72523

                                                                  SHA512

                                                                  19212a2b88f27e475ccb956e1488a3e0f509baecf18766b5a2276abfc9f0f22d44a14ec6cda5c9e8f06ee0197b759c15c75b451caa06dd2dcdead12285eda5f5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  69c514b39882fc380f1320098d507154

                                                                  SHA1

                                                                  9183ee53cdd6ae7c84b1445c1cd4fb003b782b3d

                                                                  SHA256

                                                                  d711f8e6676c9e737993ff1ce67d4cd15d945aa936c054d939b4b4f76875b4c9

                                                                  SHA512

                                                                  729417c761eebf1ad8c13aa8e16774a8900310058ea7d9e6be002fdc3c622672befdd9450dd91aee97b02e0700876702e8062aa18da599d178d9b519b9d62200

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  76338d55342cf6165754064f84f054b4

                                                                  SHA1

                                                                  82fa26cf14eb83bd020f418ff127acb195899ed9

                                                                  SHA256

                                                                  5ff3fdef1896c621aa209898c9b3d0f99422ac7e0329db9c621240ed83a57c08

                                                                  SHA512

                                                                  192d89411ccf6e112d8e99e96cc45a557d04a2f3405ef314bbeb19cf22b0e8bfa814a37f391429b88ec38a8bdac4447b69eadf4b90d98be7b2066da46487e0b8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  c0fe204dbf91937cb504f530df04e1a1

                                                                  SHA1

                                                                  eb953ecfd3704d1fb8f59a5a6b0c3e1988393faa

                                                                  SHA256

                                                                  1d24d0adf7b634c1691a0e09ebcb07bf2aa4a9d0304c667fdb9f4bc03ff09faf

                                                                  SHA512

                                                                  5ad5589a086d63fe0adc6ebb07f2c3f0d54680d22d2f967ace920cf51cee52fec0279ae1214cdd0976f6046a5e115be638953997a7b11c3d59aa5736209937a9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  4e62cd42a3790e2e3b2a6381a9160480

                                                                  SHA1

                                                                  6932d47a2dfd9f589e1ad37e44be584116ff51af

                                                                  SHA256

                                                                  1e24041455ad19f46ce00c2070c2f98ca2f394955ea39e11fcc64b91fba356a5

                                                                  SHA512

                                                                  d33203b91dfd6f8483969482ffab5f8c41dcc4bec9ec693c2e0bee966be9f001e2761a14bdbabba3f5836140a23780cf8e5daf012fe23c1e5450a76f365819ee

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  d71b2016e849387625c5c6ec90291d9d

                                                                  SHA1

                                                                  d12b901510b46f69dbe96392c537f50ff790d000

                                                                  SHA256

                                                                  de4cd1c398c401057c1efdd744a34cb8856a8dc703aae194f5a3b027fb91fc84

                                                                  SHA512

                                                                  68d22152e7fd0ac787e2c47f7d6ed3f14ad6bd73b4edf7af3c345e4d9a6114d45c44971b127a8aa99b6f9a1bf76f3e724f0c8c2697892076a7866fa14f88c26b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  1a3dc0ebda87be7f6687a1e2af217997

                                                                  SHA1

                                                                  b845f3efc3abefd9d8abb4ff11b0c14edb1f5f48

                                                                  SHA256

                                                                  39175c46ddbb1f4fe445116e03c2451b671db30cf2bcbd82b909559e9476f0b9

                                                                  SHA512

                                                                  c6a5c11894d72082c767f018acce30630f0f893b74dc7f49765067f609202a6704568fe6a3af919e74a2cf1df7394eecb8cd2977edb87e4db732e15c06f63ae3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  0e9fea21eab1fa5d29e4e168270e287d

                                                                  SHA1

                                                                  18b832149685add92cc5692f98486a78196259a9

                                                                  SHA256

                                                                  22ae1cc74f4ec3d9e12b0d74a75c64e56d225056f109361fc4fdef7d51f464e2

                                                                  SHA512

                                                                  deebb4856027e6b9f11a68e2c693320c11b00818a48369e6cb7db07dd8dff4520b4be1f7cf70f798ec6903a5a4436a353cb348036127c368f5e93991e57dfa60

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  bf8e717e31fc189f11628913e1822d55

                                                                  SHA1

                                                                  2a46f6b6610561d22243866e0e2f95e395d20660

                                                                  SHA256

                                                                  bb00451fcc89e2a2d22aad818f2f61c79bd797ecbfedc0733a84b48a7c33a51c

                                                                  SHA512

                                                                  b91e108ff788a1b3d7b9e9a6e9dd5c54c3dd26d759ce5c8ef14826b60b926bd6d80281c28d109875dcff6b5594201bb40c966161b375daaf65ec8dd67a365b53

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  1e79b94735e85d202fa92838f8a757c5

                                                                  SHA1

                                                                  da32f37f408992edbfe6df9290541b44f1f97106

                                                                  SHA256

                                                                  31c62c1d44640737084cc853d4c6052d6babd67d60a0ccd0f2c520fb2e9eab4f

                                                                  SHA512

                                                                  1bfabeed094b781125269f421d2fa526c71bb41536ed5ad3a687f1863d1f162d66e93c4b23e707e0d55d630bbace42c356b990192582dc6bdeebbe9f95d2898a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                  Filesize

                                                                  15KB

                                                                  MD5

                                                                  7b1a43253fbb5d5599e30a67a4752897

                                                                  SHA1

                                                                  15fbf19494897109a6c66abb61d3f706d0ff69aa

                                                                  SHA256

                                                                  688b67b6d4451d6754ac83ff7b29f8a3f4dcfd8cc2eef99f980ef29095919dcc

                                                                  SHA512

                                                                  11fd5791822c114799df469ab6dc05ae4c5a81f37d735d3408eb6b951749f102f9891b60ae9f9a9aaacfbb628f47c98471994a3fa937a807138a2024a4954ba3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
                                                                  Filesize

                                                                  74B

                                                                  MD5

                                                                  645a226475c55a5d7c06800c43d21893

                                                                  SHA1

                                                                  f04b2ac9ddcf1f07b7c909289425c5d0978a53ad

                                                                  SHA256

                                                                  6e567f47764a214b8f0ad800564e7183a8a14a3b3bca4002bdb9be18a71dfc30

                                                                  SHA512

                                                                  cde948b24a612fa240de43716b5fb3bb962ca6d68cae422f18c0b79bed1587d442819219c74dc036942be56b0e39d668c3a7a1487fd93918647feb4f58532ae4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57d476.TMP
                                                                  Filesize

                                                                  138B

                                                                  MD5

                                                                  29495c9fc9675f645feea307895ca4db

                                                                  SHA1

                                                                  390d890d228283a81df65543a995074b0163a60a

                                                                  SHA256

                                                                  f22fd475beeca6626b08544bbd34cc0d429e7964c123e0bdd4665dbc448efbd2

                                                                  SHA512

                                                                  408d1ab4f751efcbd6a701d662efd31cf38f2b3398e09bcf0423c5c46613f3485bc95bc581a495d0c36e3a56e58c04029a6a1dadcb956a3bfb492b3a6ad045f0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
                                                                  Filesize

                                                                  264KB

                                                                  MD5

                                                                  e7dc934a1cb385ec1fdaa206c4de5d76

                                                                  SHA1

                                                                  21e3ff6b782e66abc67f1a454d53600d4ac91110

                                                                  SHA256

                                                                  3292b54fa27571b694f4fa70ab36c663bc2311c544fb2dd4e15a8881e1100b63

                                                                  SHA512

                                                                  40c89d98eabdd69a099e384b96dbcf843c6674adad24f08ee60900deb815b615a1d89a12b74a3980857c906f54f26d99fd4b9a6a41187d1a839eb23c2cccddb1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  101KB

                                                                  MD5

                                                                  5b1ec45b966b6f29db10a576740815c5

                                                                  SHA1

                                                                  497afe41f73c4782d506c1ca96f03c70afff63fb

                                                                  SHA256

                                                                  53f4ed923d274284e56c8627aa552ba77be838141684c615cf43608bd2c70fea

                                                                  SHA512

                                                                  b29c84e869a1974653fd809f17d803b7443518a187daedf038532a1c8a8b162826789b7c5cf37263562515db96e065e941851adb67968b6c319d2b248390796b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  197KB

                                                                  MD5

                                                                  50e662894e222fa5a5b9c862296569fc

                                                                  SHA1

                                                                  513cb2b966dcf537b5b6e9c682758801dce27451

                                                                  SHA256

                                                                  f4b3e6dbec428fe0469d4a9bea572f169d80120214ae0c972787ff9671bcaff7

                                                                  SHA512

                                                                  2d28ab15e48fbaced0328d06026c8f62f1da938240121d2571973acb4b20eb548ee0648c45f66354ebd44db588f89d6726e7d1f8594b30ae6e95649d48b09ff0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  197KB

                                                                  MD5

                                                                  36740f4b976078c215e0c202cc1119f9

                                                                  SHA1

                                                                  52b3d5ae9abcfc6e8ec07a1c41f74c238b9f72da

                                                                  SHA256

                                                                  e3c305e05ac27d38d90bff6d732f41e85a0cbdc05e0c954c60bc1d6b6c523122

                                                                  SHA512

                                                                  256bef52ffa55f4152bfe902733018bd20e58b704582c4a6a86713078aa0b0d38336b5a6062da79db03a32bb4724cea5a7046c0b968ab1f2f40d3b709e4eeed7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  197KB

                                                                  MD5

                                                                  9ac8c57b7da67cd841f0ec0ad6eccccf

                                                                  SHA1

                                                                  3e0c9cac007283403154be694e4947a37c930239

                                                                  SHA256

                                                                  f61d4b9de02797a85c74fe934b4a14938ad8a79d867aedc50d6eb14e9b8ef921

                                                                  SHA512

                                                                  baf42ccbca10db0160d58e198f7a2f549123c50ae185763032eb62eb9752aeb0072096534c75a9ae8a01fc75f491c8daf4e418bd3622fde5d07d6f8298d44cc3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  197KB

                                                                  MD5

                                                                  7a772ee16a5f15fd9dfbe5f226cc7775

                                                                  SHA1

                                                                  34f60ccc4ab39636f961d9349d414907eeddf5eb

                                                                  SHA256

                                                                  5081911b98a1d7ec7277187d326a01cfb717c9b3d62d871476ee2878e696ef48

                                                                  SHA512

                                                                  405a5366ccb370409d556f909aa5e091ba3919a4730e97f17d0619bbc409255828c5afd33dcf2089103e56adbaf99dada3668c4c1ef7695a6650a5e8d7063c0d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  216KB

                                                                  MD5

                                                                  5c03a763935ea05bcee87438fd7998b8

                                                                  SHA1

                                                                  4c6b16c5416aa001bce9cd81a3d5552001bc70dd

                                                                  SHA256

                                                                  8066c38972a8fe4ac78f87f871cfa7af68b1d8b11f0600d4371f1e783bf4cbd5

                                                                  SHA512

                                                                  0a3de585b550e2a7db085a3a1a18cb192b3ff4c776fc2b212365a1333b1d1f31145f3f62ec095095112e559d5c484245719629c1658743f4da9fba3941f8771c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  197KB

                                                                  MD5

                                                                  bc4de0601f54860fe93df56567238745

                                                                  SHA1

                                                                  d8d872b090255bd07f82ea5ecad913d85c37dfc4

                                                                  SHA256

                                                                  9883c8b3120114ddc4d5b1af9d447df530759de69a38d6907c4ae10aba642f7c

                                                                  SHA512

                                                                  af48e2f85939379adeb884867b01d75e4957fc561f08c7f53ad741a09a571149a73b36129da96ebde86211a9626ad845987970c2456ebc8092c6c6050ff382df

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                  Filesize

                                                                  226KB

                                                                  MD5

                                                                  79a60db4d2ff2477da340cc236321d03

                                                                  SHA1

                                                                  d2533c77652cd0b494903a3fdde2bc9e4e8ba4b6

                                                                  SHA256

                                                                  b11e0b62eb4375afa395da1509e700b607981c57e398c4fdcf0ebc338da97dcf

                                                                  SHA512

                                                                  b7cc998b3dc48c6860aef55270c65472028557d600a5f2114a696dbc90241c529c8733993da86d4578b23d3566de00c6474c50b6d71875fa48edc24fd8aee44c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\OperaGX.exe
                                                                  Filesize

                                                                  3.1MB

                                                                  MD5

                                                                  88a57e3acc92ee3a7d925a0d8cc8fb05

                                                                  SHA1

                                                                  ba24941db38c882254be68366b35569245de774d

                                                                  SHA256

                                                                  f7e42f2e0de5a16c9dd20acb7e6ace61b6fd84ed0ffd69fbfbf28765b500bf36

                                                                  SHA512

                                                                  abc0668779f102d9e43d1bf764362ab393c421cd7d2371b652f841ece91056d31c8ea278f20ffb01534e5c1b9a2d8b07ea27d641c7514f14b0d622163a685759

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408071621151\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                  Filesize

                                                                  1.4MB

                                                                  MD5

                                                                  e9a2209b61f4be34f25069a6e54affea

                                                                  SHA1

                                                                  6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                                  SHA256

                                                                  e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                                  SHA512

                                                                  59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                  Filesize

                                                                  6.4MB

                                                                  MD5

                                                                  241331bede4cd250aeead156de3225c0

                                                                  SHA1

                                                                  4e6ebbfda62706203c7f3016d136560854841358

                                                                  SHA256

                                                                  b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86

                                                                  SHA512

                                                                  9eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\ColaBoxChecker.exe
                                                                  Filesize

                                                                  4.0MB

                                                                  MD5

                                                                  839708e3f96cf055436fa08d6205263c

                                                                  SHA1

                                                                  a4579f8cb6b80fe3fd50099794f63eb51be3292f

                                                                  SHA256

                                                                  1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

                                                                  SHA512

                                                                  ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\HyperVChecker.exe
                                                                  Filesize

                                                                  117KB

                                                                  MD5

                                                                  dbd84c6083e4badf4741d95ba3c9b5f8

                                                                  SHA1

                                                                  4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

                                                                  SHA256

                                                                  9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

                                                                  SHA512

                                                                  fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\baseboard
                                                                  Filesize

                                                                  114B

                                                                  MD5

                                                                  b04607897f0cc2ca03cfc1adc62d3982

                                                                  SHA1

                                                                  e6f2b414a7a70b6c8debddc5e088f02af406e4a4

                                                                  SHA256

                                                                  2c81b3ce7fa3729503ecc4f72ee19d6152ec504f90e546b5ce7899b4efc9617d

                                                                  SHA512

                                                                  38671d5c0f62e72c672c7e9855fb853902465b757fa29f306b396ad7c86db34be172bd2d6669b4720fc5d37e9266567e8eef9543ac8f81ee0d4d55189f7637d1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\config.ini
                                                                  Filesize

                                                                  346B

                                                                  MD5

                                                                  d00fb4c61a255b58ff09886c6c72461b

                                                                  SHA1

                                                                  4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

                                                                  SHA256

                                                                  77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

                                                                  SHA512

                                                                  8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\nemu-downloader.exe
                                                                  Filesize

                                                                  3.2MB

                                                                  MD5

                                                                  cdf8047ceae80d9cd9eb798a57bf6084

                                                                  SHA1

                                                                  8e7971401fada3099aed61849745fda37e1c0d32

                                                                  SHA256

                                                                  1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

                                                                  SHA512

                                                                  ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\7z7ED2229C\skin.zip
                                                                  Filesize

                                                                  509KB

                                                                  MD5

                                                                  ecb43530caf9566c1b76d5af8d2097f1

                                                                  SHA1

                                                                  34562ada66cd1501fcb7411a1e1d86729fd7fdc0

                                                                  SHA256

                                                                  a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

                                                                  SHA512

                                                                  4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408071621150604156.dll
                                                                  Filesize

                                                                  5.9MB

                                                                  MD5

                                                                  4510a03cd9a85d34ad47ed84097ed4a4

                                                                  SHA1

                                                                  a1a761249bbbe8dffcb3fac37ed570c89e130379

                                                                  SHA256

                                                                  cafaa2ac106c340ca91acbbd483379cd3c2273d2cb795349db6b07c7272c0433

                                                                  SHA512

                                                                  95b4b9de8818e025608f7a77b3281e879bbaed5bbde6cfcbbd4bcb1b6c6cf09706b68061b7264d90c3374c2a0072f91afffc5b617fec12921407c72b63b2be62

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll
                                                                  Filesize

                                                                  57KB

                                                                  MD5

                                                                  6e001f8d0ee4f09a6673a9e8168836b6

                                                                  SHA1

                                                                  334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

                                                                  SHA256

                                                                  6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

                                                                  SHA512

                                                                  0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll
                                                                  Filesize

                                                                  117KB

                                                                  MD5

                                                                  08112f27dcd8f1d779231a7a3e944cb1

                                                                  SHA1

                                                                  39a98a95feb1b6295ad762e22aa47854f57c226f

                                                                  SHA256

                                                                  11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

                                                                  SHA512

                                                                  afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll
                                                                  Filesize

                                                                  5.7MB

                                                                  MD5

                                                                  38cc1b5c2a4c510b8d4930a3821d7e0b

                                                                  SHA1

                                                                  f06d1d695012ace0aef7a45e340b70981ca023ba

                                                                  SHA256

                                                                  c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

                                                                  SHA512

                                                                  99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll
                                                                  Filesize

                                                                  15KB

                                                                  MD5

                                                                  422be1a0c08185b107050fcf32f8fa40

                                                                  SHA1

                                                                  c8746a8dad7b4bf18380207b0c7c848362567a92

                                                                  SHA256

                                                                  723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

                                                                  SHA512

                                                                  dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll
                                                                  Filesize

                                                                  75KB

                                                                  MD5

                                                                  c06ac6dcfa7780cd781fc9af269e33c0

                                                                  SHA1

                                                                  f6b69337b369df50427f6d5968eb75b6283c199d

                                                                  SHA256

                                                                  b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

                                                                  SHA512

                                                                  ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll
                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  554c3e1d68c8b5d04ca7a2264ca44e71

                                                                  SHA1

                                                                  ef749e325f52179e6875e9b2dd397bee2ca41bb4

                                                                  SHA256

                                                                  1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

                                                                  SHA512

                                                                  58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll
                                                                  Filesize

                                                                  160KB

                                                                  MD5

                                                                  6df226bda27d26ce4523b80dbf57a9ea

                                                                  SHA1

                                                                  615f9aba84856026460dc54b581711dad63da469

                                                                  SHA256

                                                                  17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

                                                                  SHA512

                                                                  988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll
                                                                  Filesize

                                                                  119KB

                                                                  MD5

                                                                  9d2c520bfa294a6aa0c5cbc6d87caeec

                                                                  SHA1

                                                                  20b390db533153e4bf84f3d17225384b924b391f

                                                                  SHA256

                                                                  669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

                                                                  SHA512

                                                                  7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  be4c2b0862d2fc399c393fca163094df

                                                                  SHA1

                                                                  7c03c84b2871c27fa0f1914825e504a090c2a550

                                                                  SHA256

                                                                  c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

                                                                  SHA512

                                                                  d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll
                                                                  Filesize

                                                                  154KB

                                                                  MD5

                                                                  17220f65bd242b6a491423d5bb7940c1

                                                                  SHA1

                                                                  a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

                                                                  SHA256

                                                                  23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

                                                                  SHA512

                                                                  bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll
                                                                  Filesize

                                                                  56KB

                                                                  MD5

                                                                  f931e960cc4ed0d2f392376525ff44db

                                                                  SHA1

                                                                  1895aaa8f5b8314d8a4c5938d1405775d3837109

                                                                  SHA256

                                                                  1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

                                                                  SHA512

                                                                  7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll
                                                                  Filesize

                                                                  168KB

                                                                  MD5

                                                                  28f1996059e79df241388bd9f89cf0b1

                                                                  SHA1

                                                                  6ad6f7cde374686a42d9c0fcebadaf00adf21c76

                                                                  SHA256

                                                                  c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

                                                                  SHA512

                                                                  9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll
                                                                  Filesize

                                                                  541KB

                                                                  MD5

                                                                  9de86cdf74a30602d6baa7affc8c4a0f

                                                                  SHA1

                                                                  9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

                                                                  SHA256

                                                                  56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

                                                                  SHA512

                                                                  dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll
                                                                  Filesize

                                                                  133KB

                                                                  MD5

                                                                  8db691813a26e7d0f1db5e2f4d0d05e3

                                                                  SHA1

                                                                  7c7a33553dd0b50b78bf0ca6974c77088da253eb

                                                                  SHA256

                                                                  3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

                                                                  SHA512

                                                                  d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
                                                                  Filesize

                                                                  26KB

                                                                  MD5

                                                                  cef027c3341afbcdb83c72080df7f002

                                                                  SHA1

                                                                  e538f1dd4aee8544d888a616a6ebe4aeecaf1661

                                                                  SHA256

                                                                  e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

                                                                  SHA512

                                                                  71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll
                                                                  Filesize

                                                                  172KB

                                                                  MD5

                                                                  b199dcd6824a02522a4d29a69ab65058

                                                                  SHA1

                                                                  f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

                                                                  SHA256

                                                                  9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

                                                                  SHA512

                                                                  1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  9ba0a91b564e22c876e58a8a5921b528

                                                                  SHA1

                                                                  8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

                                                                  SHA256

                                                                  2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

                                                                  SHA512

                                                                  38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis
                                                                  Filesize

                                                                  291B

                                                                  MD5

                                                                  bf5328e51e8ab1211c509b5a65ab9972

                                                                  SHA1

                                                                  480dfb920e926d81bce67113576781815fbd1ea4

                                                                  SHA256

                                                                  98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

                                                                  SHA512

                                                                  92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll
                                                                  Filesize

                                                                  134KB

                                                                  MD5

                                                                  105a9e404f7ac841c46380063cc27f50

                                                                  SHA1

                                                                  ec27d9e1c3b546848324096283797a8644516ee3

                                                                  SHA256

                                                                  69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

                                                                  SHA512

                                                                  6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll
                                                                  Filesize

                                                                  101KB

                                                                  MD5

                                                                  83d37fb4f754c7f4e41605ec3c8608ea

                                                                  SHA1

                                                                  70401de8ce89f809c6e601834d48768c0d65159f

                                                                  SHA256

                                                                  56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

                                                                  SHA512

                                                                  f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll
                                                                  Filesize

                                                                  151KB

                                                                  MD5

                                                                  72990c7e32ee6c811ea3d2ea64523234

                                                                  SHA1

                                                                  a7fcbf83ec6eefb2235d40f51d0d6172d364b822

                                                                  SHA256

                                                                  e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

                                                                  SHA512

                                                                  2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico
                                                                  Filesize

                                                                  766B

                                                                  MD5

                                                                  4003efa6e7d44e2cbd3d7486e2e0451a

                                                                  SHA1

                                                                  a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

                                                                  SHA256

                                                                  effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

                                                                  SHA512

                                                                  86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll
                                                                  Filesize

                                                                  426KB

                                                                  MD5

                                                                  8ff1898897f3f4391803c7253366a87b

                                                                  SHA1

                                                                  9bdbeed8f75a892b6b630ef9e634667f4c620fa0

                                                                  SHA256

                                                                  51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

                                                                  SHA512

                                                                  cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll
                                                                  Filesize

                                                                  74KB

                                                                  MD5

                                                                  1a84957b6e681fca057160cd04e26b27

                                                                  SHA1

                                                                  8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

                                                                  SHA256

                                                                  9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

                                                                  SHA512

                                                                  5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\setup04763393.exe
                                                                  Filesize

                                                                  3.8MB

                                                                  MD5

                                                                  29d3a70cec060614e1691e64162a6c1e

                                                                  SHA1

                                                                  ce4daf2b1d39a1a881635b393450e435bfb7f7d1

                                                                  SHA256

                                                                  cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

                                                                  SHA512

                                                                  69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Vega X Windows (1).txt.crdownload
                                                                  Filesize

                                                                  986B

                                                                  MD5

                                                                  e2dba5cd1c8456af3490e6e2ba4c2ef1

                                                                  SHA1

                                                                  2ae56d2992eb5d8410392b8e7e79c6def9878b12

                                                                  SHA256

                                                                  31e1ccbc7cfe31d68c90623c79b13401272ccd2739e0e06f18d679e7a0c8fee1

                                                                  SHA512

                                                                  60aa30b6316590416b358e57bb5aa032132a5f8ed22e2e955f9c0b636f2400fff7dcb59877979f8ce4cfd020e663f163eb8c585bbeda264cc843afabe2eaa467

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Vega X Windows_04763393.exe
                                                                  Filesize

                                                                  9.5MB

                                                                  MD5

                                                                  3d50042e3e3991be509f56a2951a2183

                                                                  SHA1

                                                                  f027790afe9d7ce2ddf17973f0778fb9e983ded1

                                                                  SHA256

                                                                  76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2

                                                                  SHA512

                                                                  120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Vega X Windows_04763393.exe:Zone.Identifier
                                                                  Filesize

                                                                  26B

                                                                  MD5

                                                                  fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                  SHA1

                                                                  d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                  SHA256

                                                                  eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                  SHA512

                                                                  aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                  Download Submit

                                                                • C:\Windows\INF\c_volume.PNF
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  b51be19095bc72c0d98992d49662ea60

                                                                  SHA1

                                                                  eb70d3d6311e5d6556079c3d6c628b37d5bc8b17

                                                                  SHA256

                                                                  f69d9f1301921bc5dad0ecb69adb6eab0d9d10382351a8375bb35179fdbce7a0

                                                                  SHA512

                                                                  d995833caa7e09babb4222d339ea7bdfb04d411a44faac5a4ce1e5451b482e086eff354c5bb175ea1a65d1d0a425c51cdf57d027a535a6e23337b4a6e566cbd6

                                                                  Download Submit

                                                                • memory/464-847-0x0000000027940000-0x0000000027E50000-memory.dmp

                                                                  Filesize

                                                                  5.1MB

                                                                  Download

                                                                • memory/464-793-0x0000000021C80000-0x000000002223A000-memory.dmp

                                                                  Filesize

                                                                  5.7MB

                                                                  Download

                                                                • memory/464-753-0x000000001F560000-0x000000001F5BE000-memory.dmp

                                                                  Filesize

                                                                  376KB

                                                                  Download

                                                                • memory/464-755-0x000000001FD40000-0x000000001FD89000-memory.dmp

                                                                  Filesize

                                                                  292KB

                                                                  Download

                                                                • memory/464-765-0x000000001FD90000-0x000000001FDC0000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/464-848-0x0000000026F90000-0x0000000026F98000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/464-841-0x0000000027180000-0x000000002722C000-memory.dmp

                                                                  Filesize

                                                                  688KB

                                                                  Download

                                                                • memory/464-831-0x0000000026F60000-0x0000000026F79000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/464-812-0x00000000246A0000-0x00000000246C6000-memory.dmp

                                                                  Filesize

                                                                  152KB

                                                                  Download

                                                                • memory/464-811-0x00000000233B0000-0x00000000233CC000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/464-810-0x0000000021110000-0x000000002111E000-memory.dmp

                                                                  Filesize

                                                                  56KB

                                                                  Download

                                                                • memory/464-754-0x000000001FA30000-0x000000001FD40000-memory.dmp

                                                                  Filesize

                                                                  3.1MB

                                                                  Download

                                                                • memory/464-794-0x00000000216E0000-0x00000000216FE000-memory.dmp

                                                                  Filesize

                                                                  120KB

                                                                  Download

                                                                • memory/464-791-0x00000000211C0000-0x000000002124E000-memory.dmp

                                                                  Filesize

                                                                  568KB

                                                                  Download

                                                                • memory/464-769-0x000000001FE40000-0x000000001FE7E000-memory.dmp

                                                                  Filesize

                                                                  248KB

                                                                  Download

                                                                • memory/464-766-0x0000000020C40000-0x0000000020D30000-memory.dmp

                                                                  Filesize

                                                                  960KB

                                                                  Download

                                                                • memory/2268-697-0x0000000000400000-0x000000000050A000-memory.dmp

                                                                  Filesize

                                                                  1.0MB

                                                                  Download

                                                                • memory/2268-721-0x0000000000400000-0x000000000050A000-memory.dmp

                                                                  Filesize

                                                                  1.0MB

                                                                  Download

                                                                • memory/2268-534-0x0000000000400000-0x000000000050A000-memory.dmp

                                                                  Filesize

                                                                  1.0MB

                                                                  Download

                                                                • memory/2552-531-0x0000000007280000-0x000000000728A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/2552-523-0x0000000000F30000-0x0000000000F3C000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/3532-698-0x0000000000400000-0x00000000006C5000-memory.dmp

                                                                  Filesize

                                                                  2.8MB

                                                                  Download

                                                                • memory/3532-720-0x0000000000400000-0x00000000006C5000-memory.dmp

                                                                  Filesize

                                                                  2.8MB

                                                                  Download

                                                                • memory/3664-685-0x0000000001520000-0x0000000001540000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/4852-641-0x000000001E4E0000-0x000000001E542000-memory.dmp

                                                                  Filesize

                                                                  392KB

                                                                  Download

                                                                • memory/4852-636-0x000000001D090000-0x000000001D1C6000-memory.dmp

                                                                  Filesize

                                                                  1.2MB

                                                                  Download

                                                                • memory/4852-637-0x000000001D5B0000-0x000000001D984000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/4852-696-0x000000001F540000-0x000000001F574000-memory.dmp

                                                                  Filesize

                                                                  208KB

                                                                  Download

                                                                • memory/4852-695-0x0000000020070000-0x00000000200E8000-memory.dmp

                                                                  Filesize

                                                                  480KB

                                                                  Download

                                                                • memory/4852-638-0x000000001D9E0000-0x000000001DA2C000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/4852-635-0x000000001CA40000-0x000000001CF4E000-memory.dmp

                                                                  Filesize

                                                                  5.1MB

                                                                  Download

                                                                • memory/4852-676-0x000000001F370000-0x000000001F416000-memory.dmp

                                                                  Filesize

                                                                  664KB

                                                                  Download

                                                                • memory/4852-639-0x000000001DF00000-0x000000001DF9C000-memory.dmp

                                                                  Filesize

                                                                  624KB

                                                                  Download

                                                                • memory/4852-640-0x000000001EB70000-0x000000001F03E000-memory.dmp

                                                                  Filesize

                                                                  4.8MB

                                                                  Download

                                                                • memory/5048-450-0x0000000008820000-0x000000000884E000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/5048-298-0x0000000005970000-0x0000000005998000-memory.dmp

                                                                  Filesize

                                                                  160KB

                                                                  Download

                                                                • memory/5048-338-0x0000000005B00000-0x0000000005B24000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/5048-411-0x0000000006860000-0x000000000686A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/5048-362-0x0000000005B90000-0x0000000005BBC000-memory.dmp

                                                                  Filesize

                                                                  176KB

                                                                  Download

                                                                • memory/5048-346-0x0000000005A70000-0x0000000005A7A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/5048-322-0x0000000005A90000-0x0000000005AC2000-memory.dmp

                                                                  Filesize

                                                                  200KB

                                                                  Download

                                                                • memory/5048-412-0x00000000069A0000-0x00000000069C2000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/5048-330-0x0000000005A50000-0x0000000005A6A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                  Download

                                                                • memory/5048-306-0x00000000059A0000-0x00000000059CE000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/5048-314-0x0000000005A20000-0x0000000005A48000-memory.dmp

                                                                  Filesize

                                                                  160KB

                                                                  Download

                                                                • memory/5048-406-0x00000000068E0000-0x000000000696C000-memory.dmp

                                                                  Filesize

                                                                  560KB

                                                                  Download

                                                                • memory/5048-413-0x00000000069D0000-0x0000000006D27000-memory.dmp

                                                                  Filesize

                                                                  3.3MB

                                                                  Download

                                                                • memory/5048-290-0x0000000005940000-0x0000000005964000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/5048-282-0x00000000058F0000-0x0000000005904000-memory.dmp

                                                                  Filesize

                                                                  80KB

                                                                  Download

                                                                • memory/5048-354-0x0000000005B40000-0x0000000005B48000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/5048-394-0x0000000006200000-0x0000000006212000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                  Download

                                                                • memory/5048-417-0x0000000006E90000-0x0000000006E9C000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/5048-260-0x0000000000AB0000-0x0000000000E88000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/5048-377-0x0000000005B60000-0x0000000005B7D000-memory.dmp

                                                                  Filesize

                                                                  116KB

                                                                  Download

                                                                • memory/5048-420-0x0000000007470000-0x0000000007A16000-memory.dmp

                                                                  Filesize

                                                                  5.6MB

                                                                  Download

                                                                • memory/5048-424-0x0000000007FE0000-0x0000000008594000-memory.dmp

                                                                  Filesize

                                                                  5.7MB

                                                                  Download

                                                                • memory/5048-429-0x00000000070E0000-0x0000000007172000-memory.dmp

                                                                  Filesize

                                                                  584KB

                                                                  Download