f7908f4fca5db961066654736243cf95a31ea41fe28eab5a2c2eaafaa356e88d

Resubmissions

05/09/2024, 09:56

240905-lyltrsyfjb 7

05/09/2024, 09:54

240905-lxcvgayepg 7

Analysis

max time kernel
150s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/09/2024, 09:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.1MB
MD5

3487ada558b8b296d9d36833d8273123
SHA1

58bce514995aa27bc13c303db7ecf30229d7d4b7
SHA256

f7908f4fca5db961066654736243cf95a31ea41fe28eab5a2c2eaafaa356e88d
SHA512

456c2df36a7c6af710a2f41713ab6dee5a9ebd66c8f6accaa85f6bb884e6fa201cb5d68399328f9211edfab2af4092811fdda744a55d1c5d70a1bb1861c3c3aa
SSDEEP

49152:ONEyYYC1hqiJckG38dBFOhg5/6qF3rjb/h4CNcTCP8xphzSNtOSe+aSt:kEP1y3+0hgh6u/ZcTCP8BzONaSt

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
3664	setup.exe
3048	setup.exe
6140	setup.exe
4636	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4876	assistant_installer.exe
5308	assistant_installer.exe

Loads dropped DLL 3 IoCs

pid	Process
3664	setup.exe
3048	setup.exe
6140	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700038149166614"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
5884	chrome.exe
5884	chrome.exe
5884	chrome.exe
5884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3664	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5476 wrote to memory of 3664	5476	OperaGXSetup.exe	81
PID 5476 wrote to memory of 3664	5476	OperaGXSetup.exe	81
PID 5476 wrote to memory of 3664	5476	OperaGXSetup.exe	81
PID 3664 wrote to memory of 3048	3664	setup.exe	82
PID 3664 wrote to memory of 3048	3664	setup.exe	82
PID 3664 wrote to memory of 3048	3664	setup.exe	82
PID 3664 wrote to memory of 6140	3664	setup.exe	83
PID 3664 wrote to memory of 6140	3664	setup.exe	83
PID 3664 wrote to memory of 6140	3664	setup.exe	83
PID 736 wrote to memory of 1136	736	chrome.exe	87
PID 736 wrote to memory of 1136	736	chrome.exe	87
PID 5796 wrote to memory of 5892	5796	chrome.exe	89
PID 5796 wrote to memory of 5892	5796	chrome.exe	89
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 4488	736	chrome.exe	90
PID 736 wrote to memory of 1824	736	chrome.exe	91
PID 736 wrote to memory of 1824	736	chrome.exe	91
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92
PID 736 wrote to memory of 1396	736	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5476
- C:\Users\Admin\AppData\Local\Temp\7zS4654C4A7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4654C4A7\setup.exe --server-tracking-blob=NTM0Nzk4NTYzYmU0M2E5NmY3MDNkMDU4YzJhZWI4ZDA4MTVkMWY5OWY3ZjliNGMyYTAyNTQ5MjBjODZlMzc2YTp7ImNvdW50cnkiOiJJRCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1vcGVyYS5jb20mdXRtX21lZGl1bT1yb2MmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmdXRtX2NvbnRlbnQ9JTJGaWQlMkZneCZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmlkJTJGZ3gmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneCZkbF90b2tlbj05OTA1Mjc3NiIsInRpbWVzdGFtcCI6IjE3MjI5NDI4MzUuMTM1NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImNvbnRlbnQiOiIvaWQvZ3giLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neCIsIm1lZGl1bSI6InJvYyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJvcGVyYS5jb20ifSwidXVpZCI6ImUyYWJkNDllLWM3ZmYtNDdiMS1hNDUwLTFmNDkwMjQ3ZWM4MCJ9
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\7zS4654C4A7\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS4654C4A7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x33c,0x340,0x344,0x338,0x314,0x74951160,0x7495116c,0x74951178
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6140
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0xbd4f48,0xbd4f58,0xbd4f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d13cc40,0x7ffd9d13cc4c,0x7ffd9d13cc58
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2076,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4856,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5176,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5300,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4440,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5292,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5368,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5316,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3360,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3456,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3132,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5440,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3336,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5832,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5896,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3340,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1120,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=212,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5620,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3392,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5664,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5676,i,2651333319661686540,14528319557090295242,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d13cc40,0x7ffd9d13cc4c,0x7ffd9d13cc58
  2⤵
  PID:5892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd9d13cc40,0x7ffd9d13cc4c,0x7ffd9d13cc58
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7476b53072467db7bee17ddd7194838e

SHA1
6e5bd209d7567cb97ba5aa2abcf1a04bd4b32220

SHA256
49bb741e01de9ee2977a43c1af7b92d07b7291c20d5fca51001439a43dde80d3

SHA512
a79c62357fb329ab8ca70e18e9c43442a6e575cab0c83f0fa8b9be2071eeb010af0c7747ed67f3a6a9444f35e2ff655fe29980e448ba26f8d3018e03ea4ebb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3afa53cf-7491-4cde-bf94-9bd2da4c27c8.tmp

Filesize
9KB

MD5
ebf4ab80bbe692fa9110f19ef6a93e9a

SHA1
b3268265ee26b5d6740bc072ed9f67467a0faa82

SHA256
0abf40f18f1fc619b854153889b427cca74647b3581926116eee7a6c7184827d

SHA512
2ffee089fd440c1b4f1a96262602fe1da93d3f415da93b659ce81fc5f5fdb7c7c96e077e78382efedd766806e45e925f0874808c48bed92f03ce901cc6440360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
de6eee20333215107c144f62d80a0f11

SHA1
3a87da518d435d2e97c89d200c8fbcd71d6b1b4d

SHA256
de4c82c670901ab247d6ecda5117c738400c369e186ccb73fac8f2112aa626dc

SHA512
7a0693ed016ffe02c614137f65e3c6a749f7202e9413caa9cbf279f9f0523d98c15746cd0e79bdf416e6a9c7ccf57e4209e6992eadaace8cd26624d315e6b9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
17KB

MD5
a1cccad27cff4b247f55c009cf83f052

SHA1
ac1d5ffecb151a5537bc85f626c55f7a9ffd3942

SHA256
a33787130cde19fac259e5ca7899e926fbf291b192425abe8edd8d3711334242

SHA512
63da0c82ee89b234bf4f6a2d01b551c258d113353de7e32d15becd38466a182cc85ed7fe5ec33a83fefbfaf3aa39834146538a120126ba577e988517728a5a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
3b22875593b4c4e198334af427e19c10

SHA1
fbe5b68023ac81743cdd2b10497608c4157c5cf8

SHA256
0653bde4535b248cb5ee73d973530652a77095369ba89ae8eb6e77875d6854cb

SHA512
812d2efc86d51eb6b4f24070f7ad730ffd885b362840b5f0095b62aa384f66d7d0fd8a5ba9b7e77bf0831bf1a54e6466d5cb6d63e583e15c9b04e33a5531f477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf9d5101e93bbbea_0

Filesize
280B

MD5
55d7e3e99f36b2ab08dfc699f2f944aa

SHA1
f4b83b68cd5e81afb3de4e7fc27d5d15401d133e

SHA256
4104435dfb1e46a5d7c4243a16b3d5971030e4ab194b1756b201211890428630

SHA512
9388de0a912c9ec2432b49eec315799113b46353bbbf3554a1605b2a1164e382096671203a8bab7729995e57af3fa1ede4c1be2f673c25de7ff65608cea84cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f1e238929875955b_0

Filesize
370KB

MD5
9db054883b0b119ffbadc2f251530694

SHA1
924c3f7e73310529cc2eac39012c915c5b28c8cb

SHA256
a224a5a5a7ce0ce74b1a927b6c819a51ff69e7417e000adda385fbdab20603d3

SHA512
577df65a3bb26dee04b7ad79ae713d151c798440d39222e2a2120aae848122e27f6b4a6b87b9c69ab8f14c27d8e3e36a845d18fd54019277bbcaaecd13ba81d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
b3653057286cb18bbf266886fb5811cf

SHA1
55a21398f270829e9ced7c4022e01d845d3b1171

SHA256
f107b869239f7c21797b206466f12508d0d636d9cc24710a79efdf0316a27189

SHA512
02db7a88319bef1df51458ed01c09c0ffac842d8c1d9ceb92dd19cc81264b4a03d4d5154306797cc0291466206c6b0eea5fcd76277f2df534158cee415d8bec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4e685638ee5b8704c259df3bd158cef5

SHA1
d46a52039c58a29c6ed42eee133c2f371951752f

SHA256
53d2f8a3f47c9931fda08515ee3645579a2bf7857fa5f11549c3ca45f1a79538

SHA512
ab784eaa62e9b51ac7c095a12b705580172eda06a4f700aa267dc50ceb1a24cdf3ed0b4921c799277df7073ded9a240d5c76294901107e31ddeb42131d784b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
7f46987d216c8183735e94e365353c41

SHA1
a99a3ff57aa7515c89610c67dd39723d3c22ef63

SHA256
e0c21db0cd269b810d7e7000ca64e2d59c39b3e4e2f15b37703c669732d4b44f

SHA512
9afa1060f13905779947bf242f3a32f473266f56083fc10bb8e6322c35fa0c269689e36b48ad49f3413669d3727f3f8a5be6145ce89bd8b0a34047fd31b63dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8d22084b02d8df296e1a8a3e0c227e48

SHA1
e3f6d463440ef5eae32c176b5fc04b9ee4ba7c5d

SHA256
72928b15c7413a85224521334758ad7856311964685fcbe64076bcda224368dc

SHA512
8018c3fb9e6a2988b90c647b0a6dac2c5ef90c2d7c95efb3d36d0415fbdee312124da0001554faa7b2023cb03ca97346f40b02ee9a4b68c2a43ff206e8fb82a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3c114fe616f4d415d4af00c1ae72e1f4

SHA1
a4a552f1f8845390aea1b79d298c9254cddd277d

SHA256
607fa9c87edafcb9745014846289b09e7615efced424af4ce882d68b708525e4

SHA512
0a17f8c76ea7a1c789d7e7f53270522a4eaacdfd530bab11d01c7653cc875c78f280c850bd09407c35adbf1c0deaf1d51f3767bd37fd88a17597759b4d72d38b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4a1cc8012ed4a684c1ac859082ed4ac4

SHA1
5431d52081acb6adac11fd7f3f16ab6aee086168

SHA256
aefe4df8065906e40bdd948f705cf9792d0b65ed58e28fa36f17a12905a5d084

SHA512
dc1343c6ec0a94a9f094d7f85f4efdd41402805ea3cef660c2cd98ad6de15250cd2d3d25b49fa4f2d4d5c5184a4c375e07a7b789688fc1a9dd622232079229b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
90f8ad59f9c350318f5c39844e0772be

SHA1
8a659575b2ca754e5de70222177c7f9f0ef9e5d6

SHA256
36f3f027f1626fea8d8d2035998d04b9c855affb1751d91098e1491a686801e8

SHA512
0c931c2420979c23064824157c0ddee1c91234067d0cfd85de21ae98c9f017a8e6f3678538047880706c364464334ebf159fb83b6e14a8af276f0b6ca6c2f8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
880ae449367f8d00d1dac458344a9deb

SHA1
f66a26a603812789791eaeec3029d5ce727d8ae1

SHA256
bbda2919831c7d9910be311c92eaf76ae7a6763a50da2d83359a5c2f103e0e72

SHA512
36cf8a0ac82977ad9b049e6d7e0095b430ea400f5f2075a82c1b1194b1893b590af39a90bbbeafec541911c6c84b01d071d4bbe961be5c18eb50f586b79ec24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
00573b5f923ec754a85152b9226cd16b

SHA1
940b90913bdf9a8f4b88e57d8f938de99101d115

SHA256
daf3d4d3dc81176ab02cf726ff5c0a33c2203edf959adb38ba656f10ff10270f

SHA512
ed307a052b81e756a8599d13a116bcb5c96feaa4f86a06f8835830a92d9a07d0cc103ebfac6239fccf32d01f21f26710b37b3af03f355f970e2e3d771fd6bd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
39950775d77bb1b03c8729396591e0fc

SHA1
59c8ec4413deb246a84beb08cdf71df370298085

SHA256
ab3645dc55e56091356c0ff7fcdd44c8a62b2e0a5fe034b8836ee3dd44858113

SHA512
dc7b702fd84a5bf721c93575fac1a1d70757215ec6d094763b6006779810e6da46de351e1351cd766c909af3fdc9773e0b38e600311a610ca727f250d8f0fd84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
8f65389d7b8d7b3a2a77005ffa035834

SHA1
10f8e14b9eeb24b4934db56d126586b612472f9e

SHA256
b8a30c5d21a4b9cc35ba79a5b09a5a6fd7f8692ec29a6e0faeb29f6e01fd8427

SHA512
ac6894b54af4b6892acddca9f416e1b8482950233fa0dc922c54874d206c357e5585eec7dc4abf4acc544ed4333478e7f9d2247289a4a7e96f2bbccf0654a111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4baf3dbc5f64f28c4f028cfb816db37

SHA1
f9f9d2902b4d040cde3b4402bd70a9e8dc11b53b

SHA256
08dbd4c9f60b019a6080cf63742ecabc772a19a2d7b6f26b1d7dafda860def40

SHA512
1aebec40a6799163372655c08eeaaeadc623f047ba533a00f4fcede1bbaf12a00300bfaa32061731859f66b3a093782cec4c21f58a4ccdbec5d1f79f85cded27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b308bb0597546b6062a0c8c11e823ef9

SHA1
878ab575b8c07f7d3193c6b09c5bd45718504d6b

SHA256
e95235a5f6e0dae5f21770871521b9e9a7b3b42555ff88d861d47d17116b4307

SHA512
a062e7cd51fcf657460214b33d6f1ab1eda882e3070d83a8c7ea42f12fd5e261562c079f7ae927e8460e4ef0155a8a78b89a583bbb843f26313ae16c7089a0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc4ba003a4a70d749749d18a332748bc

SHA1
34cbbd0e57f52d394075520a4f4ee4357b4e1a6b

SHA256
4748ef5623163f9c712721ae6472956a14fb2a57110e022e6f8b547112b56195

SHA512
c92e9c964dde3f91742ed606065eeb823bee6f3786d787ca2f2176c7e9294a697cf317ceed5c36ede627c1a4900c9a5226f9db3583a98bd8b06970b2b5761f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db278344a58351ca7f400c1ce840e614

SHA1
29c56675a2bf5fce06efa1c15aedf59979a8886f

SHA256
8b6f48080e0c2b346d208f6fce7ee2d3039e781991ff00b4cb8d143ecca34b30

SHA512
1a8f4ee9aad3e36cfb4e01f86a006b69b736b54c9162cd068e4ff03928401a43f687c1c4561054adfb210c3b30386eeef19c93a26282a65441f38d63c2b76db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2629d5253bdb60acabedb6a4f94e381b

SHA1
883fcf89a0b2f49a1e7cf8e77c7b3a586f2d0b2c

SHA256
8e1307eeb4a551791e8b9116b3f42ff46db0fc52ab0799dc588cb30f4fa07112

SHA512
1628b9524d0b41c5bc31ae56653bc0cfdf481b7c41c2992f860655449919661ee09d7fe38a953addcf8b432accf1a754c822f85742299ed3a992dd31df4b2d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
640b2c1363371574b97c848ddb30a39b

SHA1
514a42a46c9887050dcb333f03f9f67ee9d30936

SHA256
bc389cc43cdcc937bdd78e96bd9e952b6aac8330397c90c75205d78395dc1a8a

SHA512
335319782f3285d55831d50d111afb95a35cedf0471b95a8554c3de653e36d769ef24bd64af5d645d1689889a0306496a474d6c6d16741c0d3191997262d1747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7eb77d2888acbb8d46c5d77124078ffc

SHA1
0d21a853c6ef7f7686374460cc78cbc05d917d92

SHA256
aede7a0bc606feaf1849562bd610d60b9b322ad9cc83019a4ad3618f03b5f3c6

SHA512
30f37fe7cb1864576adcd14f66cf5ffc0bd44ab6f09162892cb4c6fc3afb83e78aac715e77b923b0a92405cf05fad7f660dafc877198b471782b30b796637a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79d69ac6c5d454eef07ff5812b46ac2c

SHA1
9a0922a8a0777bdeaf2b1674f8e8df1a4910d8fe

SHA256
673f9033258237ef554269b7fd36c9171cfafe7ee4a7fb1915d9b6d85e106809

SHA512
d09a1db140deb6a9c5138b3002fd76fdf0931d7898b5923d737e543aad607aac7ebfc951a4c55ccec414d8c1f1dd871dfe116c305d8a2a96671cef68f7ad965d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f1d6c16bae00bec76cd3398ca2b920a9

SHA1
039926eda6e2be9285092205f6856390c876c1c6

SHA256
de9bfa8c81744f0b2cde667dd22c8e77ea4c004727f0d9823f58091955f4b7ce

SHA512
14823fabff50621098a23e52a645f2400c155cbb0616853e625d15087225f7a5235341fb33e21835a4cabfba1f056183b3d87eea8b30ff3f9e4b912be598ea66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cc0285ef950aa2b65062077103a3e79c

SHA1
2c48ef8d47013adb7c47832e15a599ca282f71d9

SHA256
04995f32d97f59b4eb470fa2ba3b32d5bca616f73fb321c0765a715a7ab9da55

SHA512
aeb0bedd58c104e0c6fee838acb44f9c4fa9b23aac2e1ed7a346c18f2c50065beacbdfadaacd5ac87683e63b07054c3ff03b7fa847884e51b105cdf9af61842e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\91c504622e8cffd20b3cb2eb48fbb0159e9a1ee8\index.txt

Filesize
118B

MD5
2c17128dd8e5e3306b7c3180882fc4ea

SHA1
b5aff27f6a427879f7ba4cdbd5f3ce4556d58192

SHA256
5aea5d2db621ba8e66c0ed7693bba85bc483ade7e5b848e5eae10bb7ae5b1943

SHA512
a983e1ce28ca5927c1843e43ed3ad9202add71f45980133e40a52dd693628baaaf57c927e2fb53681a6ebc4ef1c9f921aeb72bc5ce1c1a45719602040bb0454d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\91c504622e8cffd20b3cb2eb48fbb0159e9a1ee8\index.txt~RFe58cb79.TMP

Filesize
125B

MD5
060743cf45dd9395d40eb970118d05ff

SHA1
dfa390b9312d1ad1a6b9df3d5a3b116bd347034c

SHA256
e719409cf7a444a585a542b384e12f8db76fb74636a4f56b5b10b1811248e252

SHA512
e7d2b0c47845104fb9813f996ec54330bd7e270ee8ddad035186138e8a6a16b24951c94f2746793b573c126527ce554e42e3d4609b67d27fda26135852ebb577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4b645759876fb942a50e3ee489cb8614

SHA1
4aef56ddacfc2f57e25b7b0caf9ae14fbcbefcbf

SHA256
29d6b93649c97d59a56b9c859be30076993a0a3efa772d5f0db6280afcc61cb2

SHA512
d6501ef1defe8d1a562f2900abcf07535f1820dae81a770db58c75ecdb916e956a4e85d4ef42db8273010f7c9d2f380354dace99fe88167d37a6ca1b0443f23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
055c550495939e2baaaa7992aac454fe

SHA1
5a442a98edb6634dfb6ff590ebd899f6a8465d42

SHA256
1e6b30d828dabab4710727a19d2a972e978d2f7bc38f1a6dd79142d223db91d5

SHA512
6404e8ea151c095a5cf953bcdf2231910aba5b3f98899628231576dea927b5928f755755628d1107ea745461cd9c32483a3c6111c565da62069004f504268e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
1bea439abfc91a91a96b1362d9246f13

SHA1
e427bfd6c66771fe5ccf50cf5f57597178a44ec9

SHA256
80f25491c033a8d80aa958908d8c651cb09a0e2d8b8f6f09e9da7509890f321e

SHA512
b124717a98200aec6bb5592e096b7c22821269231d3b5207c2f7a51de3364f2654802509487823a1761ed7373ea45b9e6fcb3887e22c15ea65a60e3bdea7cce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
7c1db20768882a15be3a1b5fc121d528

SHA1
7f00f91d5a90de48a91f257ab01073ce2f68459c

SHA256
a0f5a56a874854a9d9ea35fa7df02e40064e32244bc3002460d216d716ea6fce

SHA512
c53829b8d19ce8204ba972bf990edc42737f9dde7ab11749ace31c92bcc1fec993ef43da7e4e61025c901bdbc2d982a864167be3a56dc4ff7d9ce2e58406c465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
780552903bdfa9af5e79b8870b20c91e

SHA1
fbb00e9c5474f041d7dcd75169e8c2d0b5478963

SHA256
bc3a3fec5de5088fb43b96a4f95572546faba5420a938022688a7dafeab3b7e4

SHA512
03597bdbe66c41c3d235d815f575ac8327dcf62bf3266ea926fba54b34c6fac7f889d674c1737e11f536bafa96ea95b9579fac9777492306156dc5b4f868953a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fad16155-73c0-4039-a853-c81acf9510ab.tmp

Filesize
205KB

MD5
cbce50a40b61369067e8794d56d32927

SHA1
e6246cb371ec418844a8148d5d7c10d9c3fddd1e

SHA256
fc83039cfc62ab5a95a04cefaa7013e89bacb1f887cabeaee06d98d228415cc7

SHA512
33a400ecfea7e9f7b4b983376534916858d62f52fd48a14bb163ef6c5618eb1ddc51b08b0add922cc2ed0a1fdc762944155eeaf4eadebe812e59148dadd2ed47

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409050956501\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4654C4A7\setup.exe

Filesize
6.4MB

MD5
241331bede4cd250aeead156de3225c0

SHA1
4e6ebbfda62706203c7f3016d136560854841358

SHA256
b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86

SHA512
9eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2409050956490873664.dll

Filesize
5.9MB

MD5
4510a03cd9a85d34ad47ed84097ed4a4

SHA1
a1a761249bbbe8dffcb3fac37ed570c89e130379

SHA256
cafaa2ac106c340ca91acbbd483379cd3c2273d2cb795349db6b07c7272c0433

SHA512
95b4b9de8818e025608f7a77b3281e879bbaed5bbde6cfcbbd4bcb1b6c6cf09706b68061b7264d90c3374c2a0072f91afffc5b617fec12921407c72b63b2be62

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
4c44ead693337d0d6a01dd170e693c07

SHA1
21861df194c30a7ec0f9c46a4f1b387b12463d3f

SHA256
511b8c782e6c53442ca343f92a6af66434d1df70a09ace44ef5fc1609fb5e252

SHA512
b4a050f819a16ebe9f63a8558fd50882f4dc4f7eab68b4cec7e2bba536d07db38633e5eb4379ec7aab8e608d48734df092b537bb0a5eb8eb7b5e93ce5cec04d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
15KB

MD5
44400044369f55be6d4af2c288eb7989

SHA1
29ee8885d6feb0d277151108d9473cb193d42362

SHA256
339065957e60f4ee214d00dfaa2af23072181076b435d19d34f5cf3d165a343a

SHA512
d8e09effb3a9e81fb71d58787f29ceaaed90db4f79aacc0a7e92d2eb9a7bb7a6f9bf14ada407c2c03e85280e3bbfdd1438e529ed01f579d8e43ed9000cc769e6

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
c043fd2c1a72f427e52baa16612b62ad

SHA1
3806171328e238f3c4ec4d13b4799b39416c21d8

SHA256
93154ebfd07882fe27b985d851de212112ed6266b61b6046f0e4e44a1ad64a9a

SHA512
88faacf4e83b658eaf6706d319bb252b982695e6c358221108cb1f3a8cceae46a4a86eb30190710caa7141e8c13dda34b3e81febf0178beebf1bf0716aa63d32

Download Submit