0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc

Analysis

max time kernel
327s
max time network
317s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updated traced_83933693.exe
Size

5.7MB
MD5

0aa6945aee17c3eae75f48e715ee5eb7
SHA1

b84977d612d1760f7a682e96dba9f7160cdaf72d
SHA256

0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc
SHA512

8cdb467c92fefe0add78824acc496bf1c70c1eada04a801076073df92497660551c7b3c56a7d97a5ba74eb75879e5323f4b33ee51f94cab8c8afe6515056f5e5
SSDEEP

98304:Vj8ab67Ht6RL8xpH4Tv7wPV6osBsBpPj7cZ+KCojTeEw98rqNkUi+bD:Vj8aatLPV6oPrke8rqN7

Score

6^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	updated traced_83933693.exe

Executes dropped EXE 10 IoCs

pid	Process
4896	opera.exe
2944	setup.exe
3676	setup.exe
2880	setup.exe
912	setup.exe
3816	setup.exe
4988	Assistant_114.0.5282.21_Setup.exe_sfx.exe
1720	assistant_installer.exe
624	assistant_installer.exe
864	ContentI3.exe

Loads dropped DLL 9 IoCs

pid	Process
2944	setup.exe
3676	setup.exe
2880	setup.exe
912	setup.exe
3816	setup.exe
1720	assistant_installer.exe
1720	assistant_installer.exe
624	assistant_installer.exe
624	assistant_installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updated traced_83933693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	opera.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ContentI3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733131798633296"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Opera GXStable	updated traced_83933693.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	updated traced_83933693.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	updated traced_83933693.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3024	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
4608	updated traced_83933693.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
4608	updated traced_83933693.exe
864	ContentI3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4896	4608	updated traced_83933693.exe	93
PID 4608 wrote to memory of 4896	4608	updated traced_83933693.exe	93
PID 4608 wrote to memory of 4896	4608	updated traced_83933693.exe	93
PID 4896 wrote to memory of 2944	4896	opera.exe	94
PID 4896 wrote to memory of 2944	4896	opera.exe	94
PID 4896 wrote to memory of 2944	4896	opera.exe	94
PID 2944 wrote to memory of 3676	2944	setup.exe	95
PID 2944 wrote to memory of 3676	2944	setup.exe	95
PID 2944 wrote to memory of 3676	2944	setup.exe	95
PID 2944 wrote to memory of 2880	2944	setup.exe	96
PID 2944 wrote to memory of 2880	2944	setup.exe	96
PID 2944 wrote to memory of 2880	2944	setup.exe	96
PID 2944 wrote to memory of 912	2944	setup.exe	97
PID 2944 wrote to memory of 912	2944	setup.exe	97
PID 2944 wrote to memory of 912	2944	setup.exe	97
PID 912 wrote to memory of 3816	912	setup.exe	99
PID 912 wrote to memory of 3816	912	setup.exe	99
PID 912 wrote to memory of 3816	912	setup.exe	99
PID 2944 wrote to memory of 4988	2944	setup.exe	100
PID 2944 wrote to memory of 4988	2944	setup.exe	100
PID 2944 wrote to memory of 4988	2944	setup.exe	100
PID 2944 wrote to memory of 1720	2944	setup.exe	101
PID 2944 wrote to memory of 1720	2944	setup.exe	101
PID 2944 wrote to memory of 1720	2944	setup.exe	101
PID 1720 wrote to memory of 624	1720	assistant_installer.exe	102
PID 1720 wrote to memory of 624	1720	assistant_installer.exe	102
PID 1720 wrote to memory of 624	1720	assistant_installer.exe	102
PID 4608 wrote to memory of 864	4608	updated traced_83933693.exe	103
PID 4608 wrote to memory of 864	4608	updated traced_83933693.exe	103
PID 4608 wrote to memory of 864	4608	updated traced_83933693.exe	103
PID 4608 wrote to memory of 3024	4608	updated traced_83933693.exe	107
PID 4608 wrote to memory of 3024	4608	updated traced_83933693.exe	107
PID 4608 wrote to memory of 3024	4608	updated traced_83933693.exe	107
PID 4792 wrote to memory of 2772	4792	chrome.exe	109
PID 4792 wrote to memory of 2772	4792	chrome.exe	109
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110
PID 4792 wrote to memory of 5084	4792	chrome.exe	110

C:\Users\Admin\AppData\Local\Temp\updated traced_83933693.exe
"C:\Users\Admin\AppData\Local\Temp\updated traced_83933693.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Users\Admin\AppData\Local\opera.exe
  C:\Users\Admin\AppData\Local\opera.exe --silent --allusers=0
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe --silent --allusers=0 --server-tracking-blob=MTg5NmNkZjEyYWZiNWRiYjJiMjA4MWQ2ODA1YWU1MTZiOTE3Mzg1ZjE4ZDA1N2I2YWY0MjBiNjdjNjRmNTQyOTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUluc3RhbGx1bmlvbiZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1JQXB5TSIsInRpbWVzdGFtcCI6IjE3Mjg4Mzk1MTAuMzA2NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IklBcHlNIiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJJbnN0YWxsdW5pb24ifSwidXVpZCI6IjhmM2JkZGExLWEyNzYtNGQ1MS1iMjc1LTZkZjlkM2MzYWQ4ZiJ9
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.94 --initial-client-data=0x328,0x330,0x334,0x32c,0x338,0x715c1a74,0x715c1a80,0x715c1a8c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2944 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241013171223" --session-guid=3d9caf3e-53ea-4e3f-97be-cf9638d456d3 --server-tracking-blob="MTQ2MGRkNWE3OTM1N2E4YzYyYjBkMDA2MTRiM2RjNjc2YjQ0NzFlNWE1NzU4YmRlN2E5ZjFjOGZiNzQ0YzJhYjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUluc3RhbGx1bmlvbiZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1JQXB5TSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyODgzOTUxMC4zMDY0IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiSUFweU0iLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ikluc3RhbGx1bmlvbiJ9LCJ1dWlkIjoiOGYzYmRkYTEtYTI3Ni00ZDUxLWIyNzUtNmRmOWQzYzNhZDhmIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C06000000000000
      4⤵
      Enumerates connected drives
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.94 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x32c,0x70a01a74,0x70a01a80,0x70a01a8c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7317a0,0x7317ac,0x7317b8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:624
- C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
  "C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:864
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - System Location Discovery: System Language Discovery
  - Opens file in notepad (likely ransom note)
  PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9a7b8cc40,0x7ff9a7b8cc4c,0x7ff9a7b8cc58
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4304,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5336,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5380,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5324,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5328,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5440,i,2554196844871828352,10281322862895793079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2848

C:\Users\Admin\Downloads\Release\Release\pollll.exe
"C:\Users\Admin\Downloads\Release\Release\pollll.exe"
1⤵
PID:2980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 2
  2⤵
  PID:1900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 4
  2⤵
  PID:4944

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:4760

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:4268

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:1140

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:804

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:404

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:2252

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:1172

C:\Users\Admin\Downloads\Release\Release\mapper\map.exe
"C:\Users\Admin\Downloads\Release\Release\mapper\map.exe"
1⤵
PID:4052

C:\Users\Admin\Downloads\Release\Release\pollll.exe
"C:\Users\Admin\Downloads\Release\Release\pollll.exe"
1⤵
PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 2
  2⤵
  PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 4
  2⤵
  PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9a7b8cc40,0x7ff9a7b8cc4c,0x7ff9a7b8cc58
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3144,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4432,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4348,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4960,i,6467037105714157520,7291546837450311566,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:1652

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6adcd808d1a2a6f9ebac5f805cd220cf

SHA1
0f0e1fea371ce8cbc6cf270c6863f9dcd546e4e5

SHA256
3bed64a9bfe94bc32d7519e6ab1132f4bba27029407c0d710aea073b92b4eb26

SHA512
bb11c7df6fcd3f7a66c3a5c9445084e386e0db6579c5d2b4480f6381e8f41b945279e4c9b2753c134834e5c25663ad6368b3af41ca9a018d7713fd184cafc48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
535fffeca0de0d5ac87ecec742e73f94

SHA1
40571f2e54cc745aa99090b627c8e25fa8df940f

SHA256
1d972a4d07795c3cebdb3b70f9668eb0ef8ee03a48c55fd1ee9cd51393f13274

SHA512
7c145237867fe0190d781cc2d41e354474bde84358b2ff404bb0d58d23a24df7a6091881a4e16552d2a1e720c9f93332d5f58a388d1d08b991da3d0bb0f3f447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f9b65196bd82850f5d7f7f3b436bdaa8

SHA1
e6c9bc86645a149fa4359d80b79d1a0dcb45e0fd

SHA256
9d912606d1b90f0c2e2f9737f26c27deddd56bc057b6edec269f42fa3964d4f4

SHA512
1f9d7a3bd206f458641a189029e0208f3b79fb467031fedee829b36a6553aee531e0d01d5b5a5dc1827cc48a622c32b64e1a80bdeb03873e8e1e899c634e6865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
aa53f2af9984e8a81433f9597c5bcc3a

SHA1
43d0e70418911f9ab45ddbc23cc9b4877b3274c3

SHA256
48e2fd71c108ef671391e9d64265b5e1cf5efdf102421741699012b52d3fd42f

SHA512
7a499bb6df72ee6fae84cb8ebfd72c212efbb2c7d35ee359d8dface93d9ec6be65ed25104481bbaeb3fe961972bcc5f760584d8d1fbd4b9aaad315463daf7237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a5fc6885ce9ce98bba35fb0f3e99f7cb

SHA1
da73110c2de4db5e3c53490c35028e629e1d6558

SHA256
e7b75866d759866acd9909e00106ccbb26f48c31790880a93b70d7bc02c81551

SHA512
2f2e7830f887d832ee735457b2544b9b3b7248e5996c9102e781e07ee4f6db53b050d1d77788e7b12adbf2ffcc9c862b859abf8032565ab57b6808b917d6bf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
33KB

MD5
324b1f46a09f7eb6a156e5287bd29423

SHA1
8885bdcdbf25123bbd6bc14fb7ef27ae6e648de9

SHA256
c488803c5de18a4c0ef6b92ac544bb6a824dc59b052670c9c954eefc376605d1

SHA512
bca6bd2949f17d429be34d7539fdabd0517246ef014ecb32a707d5ae0969edbd8a1f033d2635c69a87fe9ec1559a6c582869188145187d3d9bd370c5479b606f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
2a269f39d847da7bf9b5d6841726b888

SHA1
3e3fbcdcdff5d84a331c0ecb9106637137cd4847

SHA256
f9401bcef77841dc036b71ec058704f10dde85bcef9b7efc42a12fbd0d200515

SHA512
40e14c79501180e5d0a28099b6df83ebe37f8b043cdd9295bffef7c4a376a6226ff330f8a0a15189d361fef1ca2bc661907c0e7b141c72257dcfcecec22719c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
70KB

MD5
ae39e6a0e158c4074fa132171f8c87ef

SHA1
6bfdd679e2772e8b60a43c3db7f818165da91e62

SHA256
79f68c1daf8d59716f8c512a4a9e493f3fb337d9486025e066bd0771d365f34e

SHA512
45f6d1d6b3194b8915b5aab8c698958c5130de346d66973f5127130ed4622ab02947ceb0d790a0feadd9e2fe7780e77f0bd0e8d1bbf1e620cb564fc988307b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
92KB

MD5
9b8ebaf711cf52e51b6b080f9e655caa

SHA1
5449d3a28e8b2d24eea41e6dfe65266dcba23338

SHA256
29a3511fb57ad69b185da0d7d0696b8d887518b81f122e0adf1ee5b7b24a7744

SHA512
413d97aec40cbf53daec22d3324b11ffa06af2860471f545e063f358b4bc244e7e64b087c0ce799346b489d40d10138d9a88f17586d12cb959ae9a2d54c489b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
137KB

MD5
eb7895ba582fa7cba9531ab42d9ed8c2

SHA1
740b43a2997f24d6859896bb46541ba2ce208f8a

SHA256
4966326cb66eba65e26b589887981530eeb795373529563244f4f29f18cab78f

SHA512
b405fe99fff3f9fbbc2849f4deac45cb3cd252a66e7f11fb20ed16e93aa0d63c752569bf42961910adebf0915388725fdba531283c9fc963b7b4221e066a357f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1215b06d3a45705f2b9d074e398e5ac7

SHA1
d031a887d1d0ece062d2f80291e8c9412a8b16de

SHA256
7167cec48d34a50504ac0ad14758a45469f5c656adbd664c2cebf6007ba9ad82

SHA512
021b87042320f3d94f1ce1fb21b2c96a3d0bca667f6cb87a30e64f1e00da4c97361f28720eb11f130e55d5ba8b376095d4d1957ad6185cbff8c3fda350e81387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d0744dcb8e29438b68053cfdbf3bdff9

SHA1
f7f301622aaa1dee167a25e62d595d2bca6e66d7

SHA256
e2e79a63a71274c137b59522079d283e315d0d6209ac72f29be7911bb961f0cf

SHA512
168d2b6e7cbf68b3f8000b6962ccc1cdf8a7570abab2d826d80b164177d42286648cad9fab4a3f362116121e4691568086b4b4336f697a78a0046ee25b0b3558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
36d7b16eaef6c1920a4ff0dbf39777a5

SHA1
09fa92f69f95fbfc10f5b7d5105d814a9314a05d

SHA256
fbb322a85af370dd207de1373262e5f11838cc38b70d8f1bc06d4f329cdbca66

SHA512
8c2c9189d8baab18bcf8dbf8d3ffe5d6f92cc5654532330add40026e4e54f9c701ca90d3b592db408d8afe70e5a8337375eac818fe67d954b0cd2015e255c8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
8f2e5d17bbca1d8c61e6782ce9cc0dcc

SHA1
b0630425988734e234fc9cefc1e441c48565792c

SHA256
4e9705bed45a388ec79272dab944690836377db7dc64834bccc368b52e8d4e39

SHA512
b6596539e6f69e7f05b273e4d21f05fa82f8003c8d1a8de048aa63387c20b9524773169f222ca3eb60d3ccc8ee9ddff8f98373fdee27651eaaede6ff06c83709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
58ef834a67f9d7c3a34fece7ddd243c2

SHA1
3daa09416ac98b61753f4913a96687e5902ab90d

SHA256
f2ac1491ba90de98a7352a07177454b1394fd7760366d6a92bb551ef0438a337

SHA512
c38db0909042935b7c12476396c83ba637b25f0fdc52595f5f671a2a3bc16a52573ff21576143d0135036d772a37f3e2f1fb2082d88be03b8938e98bc63d61cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dee005d0fd72e1c4d6266be9cb65e29f

SHA1
870379a2c3a744ee04bb05e9d2268deda46dcb9c

SHA256
45deecfd199aeaedea01b7d29fe871e65277ae11d01879ce163d68e85c0bfe50

SHA512
3bf72cc29f2b87844843076baad93faa53fffcf0450e291260213f6aa7eea1b4e9f7d151bee62002486ecd1472402b7340572d70da62ff1fdc7ea9ea2b78dbc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7557e239560b0b4a7daf4b91fb2cbaff

SHA1
25561db3e3b53be04131be6512098b1518771b40

SHA256
e35341829da53358599397d039df0f62605165339bd02ffec693a74f07cc4ab1

SHA512
e64c5748c36ae2f3dbbdc7de45ce4d09e1f657761a7cf83847cb2cd14d1ec72faa1725f3f4a17ef7414fabda891b265931f00c06838132e5c5a7e23350390946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
da6b981bedce970337fe544d2bd2e06c

SHA1
a217dec3cde1baa43b91186256b78390da76a337

SHA256
fc5e6faf99d90d3999b5b8e608ccc9c9c9d7f9aab6fdc9c013a43eaa752be682

SHA512
2480091b4bdb566531cfd6989fb8b27fa39bd729b9ae65b6177e71dd8e6398403cefa2db369c5461c917adf6504e9d04927797c0703f9cd03bdfe6a5fbe6f469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dde31b8ffd62fcdb79b749ee706f94fe

SHA1
19fb599da3a41aab69f8775d966737dd1b635f29

SHA256
56a40c7a23741a83a817981f4b7d93902d68bcbe7d64a1e91b496424f23398ba

SHA512
0cd8f25adbcab90a2d6c3b2330fcbe581e9f76eadacef4e788140389e27784a6f2c05f7272c362f3d8a6c6cc79a33b98fe77e73f0b24e514f8b36764f36433df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee53c607ba98afa169303e59301b36dd

SHA1
e4989fc65805a93907719cf16c89bea8c523ff49

SHA256
f7e5f87d61d5b846c4ec44c79ec51c73ad582f7e6f12e740b7c328911ba509b0

SHA512
049f66a7f103de7662092437f262f3b48ba38f3681db67d4b68eec40cb0b04b0540faae787f58bba6edb7869cfe0881bf7b9f81a23cf4604d1615e4b83c4c0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a490d16cdbb45dd919068d64b8984872

SHA1
bbb87123d396f9bb33c9f7b66ad1975ccdfe27d7

SHA256
c3b864009a3fa7cb029e030c6acba4c89ca3233037f8d83288c8bf7df5e23f7d

SHA512
4b3d4f34efebe6f2c0a769597f921d2ab6d389f41de4e0c54d61ed9aa81a61a5a85c3ef1469a25aa667f07ead3443f8e220bcd1c706a038e812c1b3996dcfbfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c59872f5922583c436f575d6c8fb9931

SHA1
41bad8c8783fe584fbc895ee794eee4f7c0850f7

SHA256
da22ae3b701d7fe59236633798fa665af9f461db25c4855b1f4554034face532

SHA512
b690da0147fa83f8877b218520ea8b5f6151cace6317b614df032efc76ab93b04621b9cdedd6ed048206e3ebba6f6b65177c404d17ef6c0a2254ba5c14e81038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
29a2c90e8052aad0663f2602bf9218ee

SHA1
19d6a8e718554b2c2a04e355eb07c9b00f1f41aa

SHA256
fa6a8d0a1e3d19d2e735366c8d98a1aa0c13892ed77eca98c44c2977b2482a04

SHA512
0357d55349f7017447a8f6bb8d951a4274eac469ffba0ba7382e29214060d5122b87e0350871a3f2705c2e1d5b5565cc1cb4701bbebfaac645d51b5ce5b0e146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
285f77ddea2582aff59ab9099905aeb9

SHA1
1f3efc9db56413abc0810af86b7b21d2bd9743f6

SHA256
34efa8d8429f8e8e32114c7424bc00166aa01a2c3c5e4336698f444ded786e6f

SHA512
00a08402580f7f69d625d09c7f259e14786954b71101e9b07e5f107dae2a945704f78abd097e93ca0878327a99750dbbfb02b64b9ecca88a0607b029152d54a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0060a3be1d856f382bfcde52543fcd05

SHA1
8847a8e31624f474632a24793fe5b0a2c68cd7d5

SHA256
9fa82c5a256307f13fbb7ced11a9ea5b914121b2cf9d2d0d4604bca3a5bc487d

SHA512
22c327cbe2934e4e8f451536472f97cc33f7717bcac6aca5be42d67738be0e6238ed9760be5bdd979477f60d793cf1ee02c8c68959ecba38fd057ab86f5d42de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb2039089708f64cf2eceebc5beb7ca0

SHA1
58cf09615175e6d6e5934c79df286d94885126cf

SHA256
dcebfbba3485bb389bc987451417aedb3cdcd8aa0318cc3e6afd548b3b86d95a

SHA512
4d3f31972c48d5d1b13d1b3fe892221c4d42ff61a45c50eb98d9a66b6ba9407a61afeeb54458624d4a4bb782bacc3f9c98b0ab7e7333cc6f6f8a02197a4b73ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
05e131640f0f817c0610aa7054534e87

SHA1
d65b4f9eca475323dcef7c7936f2150a951d1797

SHA256
fce7c323c201a4f7ee653675d1fbe69adce10137d2b716eb180f2b9cac2d95a3

SHA512
3376aa985aebe601c5e57e4442cf0089c84a9401fee7028d64c06e21809a635681d34a5e24add90e00286d5b7ac4a713038ac8889332d62e8987f2b7c406c053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a8179c72f171857f0983e0b7d8b9c69

SHA1
b7b1a13a8441f07824ed937676a661d1c3277926

SHA256
df9692dbd482435f3c79b10977b80f0191f14b6269b6df19b899d9d41f78f1dc

SHA512
0b2328765b9afde20c4526da6e9a8f212ca1f93572690c7946479804686684b4743b4040fbd44d29c7b4ee4bf764121784ba519c0cd1bb46df4cc417daa5c3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36242ac7e42cc8816072b827d73ac286

SHA1
d8f1ed79d4c787e78b1dce30277b178d50f4d082

SHA256
778bc58f8e7d312415ecbc17c4ab6d584bd31060c837f9800ca8a6041b0e8a25

SHA512
37e5e4b1eeb269b34db7279368c6f3077cbf920c373fa88ad37857d7dfd1131bbad9fdfea2ead8e47dc0ec5703c7addb0f48ff5a8b7ebbdcfa632c6da8f0e64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa4a4f841d8c7c83879c7370afbf3365

SHA1
e56ec074fc7ec628e3a5af14b7bcdfb018f7f619

SHA256
d34f73293d1f9b46a437f2b909235e156f9833c35bb9ac2db2a41f4e2b65a26b

SHA512
131dd931436e5cedf57f9987cae0edf08f798c84175d79f393e41bf7984825bd1d033d3cf1466a2a31e66f81a6b79a11f55dd9acd1431f3e38866676160680f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bbf5881637575d77a27f38211fce49ca

SHA1
4df0493bf10fc3d695d1f400c59fff1e3d162081

SHA256
515ae28ea174195af41fe7290012a10d3e279aea2830478140f9faa8309370ec

SHA512
599fdae04e2f46828bdbc09824c6bb1edf9210bf6c0b8b7cf5df0ce954a495b911f0b3eda769a36e66aa92b34a3fedcd3b0259988bd0067e277756f5be4e4193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
f822bea5d98cce08a4df2b81b24c5e52

SHA1
36d8ba8d12cde57a855aef5f4aea41bf55230adc

SHA256
eb98f6be3f56fb2c2ca1a914cf3f5b3fafa57d5a4e5555063f4e5861b815a588

SHA512
53e2062778595dd034c54fbccd1875de22d8004fc771609e4ee1eeee21d1f25a0215dc27b07a59fcd63c22908e62e25bfadbbb57f968d748727e8c038ea0d69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
d865083bd63f97140aeb7147abd5ed6e

SHA1
e1a22301ab403d337b7a46117f31014fa2d40f4e

SHA256
bf7c393906703422944ec3c72fb7bb9943085f05388a52bd15e63ff459a60f00

SHA512
1858aefc962922d174aaf15e531158bd20b808d1e41859a75d2fa6ebefd96e04518aecbf2f1e5d641375531717edc8b8b0fc94e2edab7513d13f84951100bfa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4cfe61b2523e8e47b69dfcfea2720841

SHA1
6ed4e0051f9b3c9f329692056ffa09ccd2a89b9e

SHA256
037b6fe340fbbdf383a314aee888506c7be3541930a16b865462a22653df81d2

SHA512
27516310b6458c1259d5bd80782142d7ba9681752e83a92d0b685384413a0959e2213100225af521bb49ebecfe8c49838142a5d0d2910b21ac05afc2ef10e31b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4569cca4369c9538c2d8816c6b26f618

SHA1
87125766d5da22b81d36bafe9a3abe497e19fcbe

SHA256
2216b9762be29f97cd47bfbf4fdd3507520371401f2fb907191ea337bfc67dca

SHA512
92e3a79059327669703b825ab76277cf895454102e2a26b1bfe20e3960d3cf35f55d8733a16b1c3e913daaba68f57db70de6155b3baca9347cbf7de52ce62e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a785f6f896d2e4d207105a33ab55c5fc

SHA1
ff7c5ddf4f0c4fcd7125a6cd4da0fe1218e2716b

SHA256
358d1faa3379fa0b5e74bf952a4793f809f39608aa54cc68bd6300626be206b6

SHA512
0cbab64f0a9c2db03a7276fbbf82ef85493f43466f01a81402830da6afa4a1801153d86a7ac788a834ace946c8e891440c84109cc668604c7d15b60da196574e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
908d8d3d18ef2a928edc3d4a08404006

SHA1
1c2a3387b6646fd7a7cb72f5c12c53696b5188f7

SHA256
3c49cce7d5db5edcc85b3d024a88d935fbbf334ae4939d5bdf27112aeb14a3f1

SHA512
186d65566978144efc87842d996a46c67d0a5c68fca741c92d59cc4ad8a773bc5a9ef54d8239f904242b896eb2955820f63afa2852bcff4901e086186e00367e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
193f4c0c56811df18343c246fb05cc49

SHA1
e36ebed1ce79dacad2d50b766018f0e76de195da

SHA256
28965a0378d460384e6f3e2e602156388d5e854dcc1bcd44433ca4f26eeae3a6

SHA512
048ba6c85fcda565c655ae6916517b27b116ef34e24fa5a7f43eb76384256812190b386643fe038c8f045e9eacd8d605b639a90e56dc6fc53362b300435ef1a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3b103a9ba068fb4f932d272d19f5619f

SHA1
8270adf6a18d0101ce54afb77179d55a78a35fc7

SHA256
7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15

SHA512
83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\dbgcore.DLL

Filesize
166KB

MD5
612a3bebcf72256296103e034ace0236

SHA1
4e722e00e3294194224ae348477e3898c01b47b3

SHA256
3e20d38b7f1ab5dcbb1057f06f4dabf64e57b71d12a7335b4c5601b5b4a6047c

SHA512
dde0aabbe0905408c8df74fb51232b322e233dc43fc34f4ddac9a5e626359d7e4948d41f3fcbb95f0a635cbd229953757ba456a095b2b3523bb7a851663e6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410131712231\assistant\dbghelp.dll

Filesize
1.7MB

MD5
3f68b6ab3dcfd45911952ed4f5d75197

SHA1
c24c63d36a26f2320ae1c70b282769fae1e18b48

SHA256
e2f7ff92d8b959239e535b1824eac0bcf21b3134418a7b0411fa0c92ab6259e4

SHA512
5e6e031c5b802f667dc846f5dddd3c3ff5ad810b6274633bf519aa07d6a4eb7cd1c810b04f9fd552e0f6c7bb7285db0d3dc64b7a5690899583ae30bdc4e3c09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0238C3A9\setup.exe

Filesize
5.3MB

MD5
d2b32d2ca95b09c440db5f37788a3829

SHA1
d0f5f06b9050ee2cc9202e6eae18349ab1257d70

SHA256
6cab004538645353524008c307f897f76a1b46282ea6761cc88fdd4b6fe3e9ca

SHA512
cc091d48ff9abf5add640bfdf99148b466cfded3cafc8451f87cf3723fd4b7f096e4b518216fbf7482f34167dc8deea5de251fe369bccd28ce2bf56b09163a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410131712214622944.dll

Filesize
4.8MB

MD5
a0a086eadb30b33d556ace427e6fe3b5

SHA1
ccd76ed307469d0e2ec59a57f4b9ef5f6db42123

SHA256
99ad2bef393791036eb600f35cd5ba5c7d9cdb28676ceb5fb6fbb748515e2f16

SHA512
f2208b5ad4180d7bfb1b6eab3f18f52692505d5fc84ef34118e16659421a099f11fad1ea49233951057bbdfcf173c13d9927fb2ea984629b8fe60cd91c8c14a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

Filesize
3.8MB

MD5
bf6eed6cdc17a0130189a33a55ef5209

SHA1
e337f5a0931f69c464f162385f1330b4d27b372f

SHA256
ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168

SHA512
90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

Download Submit
C:\Users\Admin\AppData\Local\link.txt

Filesize
57B

MD5
9642e2f91aa9d190b6cd8a8f13184bc7

SHA1
d27017072f2c5a5bbbdf1e340094220d3dda48f1

SHA256
fafc658d7b056a6aad98b4a85031c878ff7e4e052168571986b6431424228b36

SHA512
4c4c8a409b92b5353e11b57f72e65fadb2d5d76fc00dbcc9a18eba19ce6412695a589c62baece7f797afbdac01a34d2b95327c22ce61558da8ce990b680276cd

Download Submit
C:\Users\Admin\AppData\Local\opera.exe

Filesize
2.1MB

MD5
975955278cfe80bc0491e3fac981a9de

SHA1
bcef024d26bfdefd625882fe976530c9143eeda3

SHA256
3f289102b761789ef62e2191c49737db3c9d82dbed8f2679b2f987554b696500

SHA512
61cedf1fab8ff9c3bee744d2fa132c3f4c3cec54f7cf06aa39014045d78b625702ca373f8f518e8714e03b49b18926352a0bb25b28ee8ed8fad18f7a06cb4c38

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
010c29826fd69bf129ffc488b9889ac9

SHA1
527a78af7312db39a760d8480c1a4b92c792032a

SHA256
6eb2fccd922fba4ab4ed9952cdefd308948bc437f523de9cf7c8f58c09209b63

SHA512
860c46f857bd5ecb57f8a3bcad63f84082c5eb70414b9be7051db4114de42d92ce1c8990954b72a04d682dcefa4563d9bb3e467487877ac4dbf647d390f8b354

Download Submit