45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

Analysis

max time kernel
1775s
max time network
1792s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

opera.exe
Size

6.9MB
MD5

50d45237c36a226cd10bd2bdc685c049
SHA1

ea0edf24cefd88a0be2ceaf92e1bf44fab817f64
SHA256

45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812
SHA512

4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58
SSDEEP

98304:eNDjWM8JEE1rkZ9VamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhE4:eN0veNTfm/pf+xk4dWRptrbWOjgrK

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
1440	opera.exe
1100	opera.exe
2944	opera.exe
1640	opera.exe
1848	opera.exe
584	opera.exe

Loads dropped DLL 8 IoCs

pid	Process
2032	opera.exe
1548	chrome.exe
876	chrome.exe
2656	chrome.exe
1100	opera.exe
1192	Process not Found
1640	opera.exe
584	opera.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
20	discord.com
21	discord.com
98	discord.com
113	discord.com
19	discord.com

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001939c-21.dat	upx
behavioral1/memory/2032-23-0x000007FEF6210000-0x000007FEF67F8000-memory.dmp	upx
behavioral1/memory/1100-726-0x000007FEF3DF0000-0x000007FEF43D8000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2032	2844	opera.exe	28
PID 2844 wrote to memory of 2032	2844	opera.exe	28
PID 2844 wrote to memory of 2032	2844	opera.exe	28
PID 2656 wrote to memory of 2112	2656	chrome.exe	32
PID 2656 wrote to memory of 2112	2656	chrome.exe	32
PID 2656 wrote to memory of 2112	2656	chrome.exe	32
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2588	2656	chrome.exe	34
PID 2656 wrote to memory of 2492	2656	chrome.exe	35
PID 2656 wrote to memory of 2492	2656	chrome.exe	35
PID 2656 wrote to memory of 2492	2656	chrome.exe	35
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36
PID 2656 wrote to memory of 672	2656	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\opera.exe
"C:\Users\Admin\AppData\Local\Temp\opera.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\opera.exe
  "C:\Users\Admin\AppData\Local\Temp\opera.exe"
  2⤵
  - Loads dropped DLL
  PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7659758,0x7fef7659768,0x7fef7659778
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2936 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3668 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2428 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1940 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4000 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4020 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4092 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4068 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1328,i,7126908001345080471,13920864198791458918,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Users\Admin\Downloads\opera.exe
  "C:\Users\Admin\Downloads\opera.exe"
  2⤵
  - Executes dropped EXE
  PID:1440
- - C:\Users\Admin\Downloads\opera.exe
    "C:\Users\Admin\Downloads\opera.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1100
- C:\Users\Admin\Downloads\opera.exe
  "C:\Users\Admin\Downloads\opera.exe"
  2⤵
  - Executes dropped EXE
  PID:2944
- - C:\Users\Admin\Downloads\opera.exe
    "C:\Users\Admin\Downloads\opera.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1640
- C:\Users\Admin\Downloads\opera.exe
  "C:\Users\Admin\Downloads\opera.exe"
  2⤵
  - Executes dropped EXE
  PID:1848
- - C:\Users\Admin\Downloads\opera.exe
    "C:\Users\Admin\Downloads\opera.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f3b1b8bb9199d1e7439b7c80b49798a

SHA1
fdbe8ac262b647352bcf1aeccfd3dc11a3261a0b

SHA256
061901a8ebfe18cafa3b447d20a71788fc78f431deaf7f8b236c06cce109bd65

SHA512
df286498f1f57ae2bf8d00a39f6b4be1a5b7b74bff85b12db4fc6c891dead67b111b67430e8942b45f510731d0f16fb04adf243ad741f502068fcf372b372dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\61ee3379-8ced-4c9a-8c79-462387dbea0f.tmp

Filesize
6KB

MD5
b3f232f1883c8981f065d99f50cdff3d

SHA1
39ce1d811c329406fcf300d032113a1fbef971fb

SHA256
090b07b003abfb0a40f65d756d0650064f3ae9bca1d7b79705d71f049f6d7d99

SHA512
540f2b22e1d20e1be0eb43656ba46a012c902445071bfdeef3a7e650e47498c7db051778259ffa337dabef6eec63584acf9a97780eb855b635743b96881c9bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9a00f038-47de-4c5a-a142-a7c122ce9f40.tmp

Filesize
5KB

MD5
4d6e0117983178a039e750188149564e

SHA1
8fa06dc44081e258b69b10fc8cfd98dd36891465

SHA256
c91c75569ccc5b2c9da4909426ec01512351f1938eed3c582ee9470d001932a2

SHA512
565f67bc904ba7fd2dec748cac052c357044d91c4327e7712aa5a681031ae749f8e7da316962501741600ba47194faf6cbdab75c895c156055b03d957b43b333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
667cc44eb405584c1b23fb7b16f572cd

SHA1
66b509459cd2a3d47756b4a30009283929fdd74e

SHA256
c89cb5e200bdec1681415811de70fd162d9d2bd2b854c71b60fbbb658d3a4992

SHA512
7c4474779e43bf83e520b92de88e9506c2851452cde67cd564d73a70843872db7b9ecbdbdf8fdf71d25b5f4f4e2ca67587da0be69b9ab6e3e144f7903dbf27b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a913a8ebd946bf1106026fbde23e9ab

SHA1
1ac66f8e15c49619557ddf5e6d6c32e9e32a3bea

SHA256
3e2ed90024a4ddc39cda4a26305efab0d6e9a82818b559602a9bc30105adbfbe

SHA512
4ab669d1e88debf92c75873a7168fb349bbe83043073ee4c9f6c79dcf03091da36f929acbb72b2340ee4390c078c6009d2440afe693682103453cf369bc2b540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b58cce989c789b4fc76b8af68b559e9

SHA1
00e1c1471e01ab107dcea7c3309c5278ab6fd053

SHA256
d62a723668c540d8af8c7533de3fb9650f1e36ca1a38df996ccd5c6f2e7219a4

SHA512
baefeb98f697508788b70b22337d16308fdda361c4882b9b8642066d03adb657d57c958f0022abcc91087a3e361a9dd737051af5ff6139b2cfa4cdf6ae56feea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
858031df0ecffea5c943474a4c92aec1

SHA1
2517471406104d8c2ed9ecee7fa2194ef3af10af

SHA256
14038b2a788fb8a31281069203d86ed2b2ba41d7412fe763f60933eda7734163

SHA512
f9bc97f54db65c999386aec9ed67c8ed5624a1d14d0fccf675ef874247535b50f7b0a07f6b05ba422f56f2c1bbc9b857c3a4054158be934eb2762df79be4cb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2dba8276-a581-4ed4-8a82-ef258be159a7.tmp

Filesize
4KB

MD5
73445f50f99811ab634de5ee8073745e

SHA1
7e5d59fde39e5f9034633331ab4e54e19d9a3f3a

SHA256
2670a7d80037f24f4c56f7036875621d4562f925bd93273839621928af84f176

SHA512
c9eac2205612693ee8c6bccfa68c732b012abcec2240168a9988c1e798e6dd8285e22abc19c954877c154e5debb09f1408b5aa31775032914e42c76d2a2f5abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f18baeda9b2f614bf413ef2e5b1e2119

SHA1
d769db93bbadd6f2bd1fcd12501499a1017ae925

SHA256
a7492f23bbd887f07dc777b0d0b2223a5a53fced50921d5a7000a1a070336878

SHA512
517df84ad771a873fae43288bda35a5d7043185cc1d5111abcb2d6981c09e22d97faea7793d7a9376475cfff47f0cfdf8e2c35e0ed0fac01d0a8e5bfc52b1e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d138ce92b0312a3380b3d2fb287148a

SHA1
0937939ec4272c4fb692be6edc066b3d65400397

SHA256
42419ae110d07babc3d8eb32988c45384014cc2c208bd5248846eb2c0ba961f8

SHA512
879771eec3ebee87d723cb9d5563cab5968878fb1cbb03cd50c4e683e9a451544519fff9df018e7b974b056aacc5d61423557c3a81f1e73db8376dfeb7a64693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8d38177fefddb8ec1bfb50f51313a8ea

SHA1
5da95ef4c873058f6a84b552b460d2d72e08797a

SHA256
a4c9bdb34ff047aed4daa5d1468d700a9bbb2893165e2d77263907089b9f4e4f

SHA512
b961bb179e5dce772f4b6dc455486536a8f1c5541dbdc8167f5bcf7a63deaa37419b5b17dc37509acc068d0b41c10cfecf1dacbd1ab47faf799f8a5d1b4b50fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2e27d1db09c11bd01e2a5b6642c1813

SHA1
b1e80a714c7c403b3d29a074cf02f2c2981e2ae5

SHA256
449b2b176f453994f9842d9c1ef5870ef2ce2fcd9119ff5e5cec4b8309e87dd2

SHA512
982ac0d703ee06997107ede16aa18a4b5ac6b9faeac06e2fa24bab43135895592781b508db76734e7b0cfe2ae6f673e423aa9481e1a474f54dc9bf75e9409e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2dc2c638877595b158f634487f8d41e5

SHA1
4bff8bf09bcebbdbadb498f1d8fe11f2604582e0

SHA256
86200b3825643124492aa0b2e46075fcdb2735047960e305e6d24e0980abe015

SHA512
dea9683138cb1e6294a8057ec45fb1d31bc7d6525d2035a2e50df47eb93f37ead866ac9d137d7f1b8dc0d4acb97b3d693728cadc2622174327201a74dc855a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ac98fef1c8d37dd8ab28a1a849ead10

SHA1
57a7b024163435cc356864ff8c0d684d470cd6db

SHA256
65f69a665f57cad9127aabf00a027376f55fea63bf67d5e65863cd458677ae42

SHA512
b42aa9eb9a9923b55473934fd4cf6b5e2b3e1f2ec18c67199787ac0574f59157a7588d99f30a7eddac98267cc1a0ee0e9417da8c40ad0cdb1de46063894e0bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
47e97626337748ae9a46a5e8b2b14336

SHA1
2df33e6b040ccf3ece16d5e2c29a24b1cc2feccb

SHA256
ff4cfaf95ae6e20e2734e40a937517fe6dce979e27c71ac8e528f0f213548be8

SHA512
4735e0c38d3029803d28e1f51c11b1ed260911d1722f7fa5da573408f8f3cab504136ae96ed0debc72d3a3f774e2cafd87d02d2b915dd88eb2dfdd14dc7c5de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee277cb421cf7f61dca6f66619d1d437

SHA1
fca746a394e2448a5aa039cd625f382de3adddd6

SHA256
ae6601eac0253d54a0b28b44400a4a6206b75f54e9c76c0a885c17253363c960

SHA512
39f95283f88df264ab10d1332ead86d4e1e877516092e8ec2aa5d47995bfcce60f38831aaefc36d68d3480719106b01187be5e8591cc2311173de9e4f3384fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a0d5c2904722b1e6f9f1c9ea2d4b0ed

SHA1
1afef32892c5cadb3471b1efc809caed22528f95

SHA256
c66a104e5425cd71dabc88e58f9f47eb85c13d4847ea23e0ba5f12b69f6268f5

SHA512
23e845211907bfbb5d363b0678a6c8c5cd79b52cba2b4a13b58abf7345b397ae630c4271ac93e3d5dab3d38cfaff095f099db94ed7548f19f1ad771f7a6a1389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4994387ed581eff06433ba456a05bd0

SHA1
071db58e63efd49c7e6f1d5a1994377c6a9ab57c

SHA256
8c6baadd6b9787dc667f98a3ffc17f09f1f57d7ab2da0bdd9fd7cf970e2f90ef

SHA512
469a1fcb62da2ec26414307289730b81aca66205ac9c39829c2339068224b4f2bbd2d456c0e49673fe9e48a52c851626e5421addd681bbcb07bb01cbde89a45a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fef77608ac4ad3c01b7e916a086e682d

SHA1
4386aaed1c5f0efa57796d32b392ad799a84869d

SHA256
7dfa9bd632ec3abb50f5d01cb4f21cef36c9e67b060c52975c92715698dba071

SHA512
525fd3412d437dc0deaae65433301de4ed9d4d39a38e57b5a3f0a8cd6468287c3265c53b29400e1af9e52c92a6af40682254b2e09ae7f3ab2677a8d2ec3a8a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a062716799dbca7ab255e7c59bb140b5

SHA1
14624dfe78994471c6219d5083fbe474bafb3b13

SHA256
43adb6208426c9176d7c44e3fdc689bb8e07de53134eb8dbd1622c1eca67d999

SHA512
5bbd40fe9fbb22c3343aa70490f75be3eee6c85bfe067d2ae412abbb34298f17b69f1749dd88731f596b9748cbec80d3545742ad679a82e3da9e8c719a1e43e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56a2e1f502ea42cf2ef730f715019a80

SHA1
f77d9fe9b8f5bfe46f7bd73199f8ebfb328503fc

SHA256
f49d2a96ddc89b66cbac794460fb9adfd889458796615cb06a2abe4affac981b

SHA512
fcae7fcb46ff7fe762696acc0436d10624d77551d9c655a00559b2349f876c4e1f36bb5a68739f8b9c52348652f7e764cc8ec284232b8400352b34a0c6d60da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50dfb88bf7bfb7614dc1056ee44d13ec

SHA1
9dce22aa1c5f11fdfc873782ace8d97a9859ebf8

SHA256
47af867b8b544b3993c81bcb2854ce87eb50b4b06c17d775a1916179038daf64

SHA512
14ea81f0fc0a00be21152baf8f7f38cfed1463a6e1d62a33ce83d050f8b1362d51968d5f3b8e8b7103e70727c5a183b2b9da20dd0cf4084b31b88fd63fdafe0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b55ea8cce6b78d59bf6bf02873b37377

SHA1
35743c4738dc83e4bcfbb692787ce50e45b653bd

SHA256
4bf28a455d87f2a4441511ff418a7c7cded022481df8a8b420aac89d15790dca

SHA512
bf516e884174bd6f840f4a32e7dd88ebea0a764987c5715f89afff6b7bf4dfb62fe35ec2eb161ae543e9eac4e09d8244b1ebf26ed64b6cb0d460abd540f4ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
53ffc2da393666173e639560f40cc6de

SHA1
037fe81c120fbb66e28fd109ef36c32ebdb4da12

SHA256
78c793f2b212a2b76dbf5605f18caf7d4bd89c2eac30aaddf77d11030e9a45ce

SHA512
2409dcb7890b3adc113c999ffdbc5a21b1e8e3e0a4307f186140bc459c435be0845d179e6bedb79b43c049a8030270bce876b3c180fa271bb1ca8c6cc7b62d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eeef8cf676e8fd2e85bf9bfc5837d309

SHA1
a6592e529b96cde073053c4e1de714172e47a48f

SHA256
f34e056c2819fdc76d8c1fa9b73f38fd28b69d7e8228bbdbf546ed1c572b9ef3

SHA512
3dbd4021c3c63b9092e007490e48433cfa8a60105be1cb4a3be71a1fdd5c1118448d952ebd4e971997bc10299dd1b91aeb55692781cbb73cd0c0afcd16b45239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdb0aad4177d21859166d1500b5e2e3c

SHA1
925b41891616ee0c5090ddd1db92a0673417cffd

SHA256
6af818c189bc882804ca2da3ab8088e03ca6d1c519a9fa6b3d70c1e07807e8a7

SHA512
83872b1856a090526d24e41b4c0435e73fb032b35619e5412d272300275aa4078a2c95c0dae2ec5107882ac05d6b551bb3bf2f5db6a1bd11a759c45d02b64711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9b095af3130cbcdb3a8d25a21050268

SHA1
e21e0bfa246aff034f566bf52f12e01b9079770f

SHA256
d86256c6d73838fd79b1f0ee915690f2b05f3a13beb778639a5e7ef8c23fc799

SHA512
3e56f2599061da451aaf8242df1964cf5ba6b26b0ffe8443037e9ed80c745239f8cbc96567505a0f25e8bbaca8fe9164da0a8925554c24e3cd46f43e988efdc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71253a16d9caef0962cb2ce174350901

SHA1
c22c9563eb06586d9ffe5be6cd4415aee5c5023e

SHA256
1f8ddfc8a3a3072bf1482cdf1e2d0111fd6166dcd45d7ac30a1674011932e71d

SHA512
c3018b874f29ea357b5ff501aaa042f428e8633ecbd202db7165e36cdf991cdf62697f38475bd104e5d5bc9894e16bc53d4cbae4cc3733d10f3ea0ca7070cd70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e44ee0e2-f010-4338-ac92-5c4bf894431f.tmp

Filesize
6KB

MD5
3bae1a188e11d7bcdc7478ab19a0bc0b

SHA1
26b81a15ccf78c0929b01ce22125b06d823d0a3c

SHA256
7ed79d392202a08e60cddf8bbbdd972067c29f31d5921c930eac45813018b99d

SHA512
4a4ef9a346ea519b154c7bb0bc49e8dcb702797c3ece27383e0616549cde498aa8b52ac85002def1110490540ea97f3249c2853bd78ce1ca2195329befca5ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
350KB

MD5
1016cbec0cf04c1ed5369bec4f64f546

SHA1
e795ee426ddfeac66afb06e48990e13e342a6e21

SHA256
e174f974218f3a7bef8d9a453249ebedaa6ec64543e80de485894107b9f94cb4

SHA512
5342a2e4f08b55d8f85f7542fe0427ee65cf90743db56f70f3125ccdc5782b5f27feaafa72924071a0f8e977a22bb5b39fe1a0d5540be9a10361664e23b27e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
368KB

MD5
737dd1d7c2c339a269a1e0c8564a8201

SHA1
0a2e0761c592192c97cd338dbc32d11495bf1fa6

SHA256
5c4b86715dfc80b86f0e8ce62c516e3284cb04edf282e7873feb8e0e9ff0feb1

SHA512
4afac48026abd68e0afc06ad5f0980ada2920a403d8761c0d50669df84332fc6149b323ef3e2ddc354454882ac1c14192f1c77b1dbbbc0dde38c494d8c2b0883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
64ad4b4c5d493e802c901857f96e3f0b

SHA1
9034fd9276ca8338edd6715c8dbc16402015c7cb

SHA256
a9d84c2abd94a58e164d35ad110e29a23ba2003dbb130667f87b29075550db13

SHA512
7e1659a125026d544e58cc6438c97d3942672dd808e02d557908780ec02bc468677b1c316d1851e229a4e500e08ba0008374ffd435ed93283cdc8738356fbc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
e0096ec4f9186dc7b9dcd223f0d52c7e

SHA1
67abc4c945236efbc9d456606d65ee7ece9a112e

SHA256
10be9eaca96286d757a52f89487f5f1421521f3d2ebd431c9521cf845b57b325

SHA512
7b686251fa06aab29baf2e98e6c6f895ada63ebc689c8630017a6ca25a948940ce66e2cbee0718c123d708941b4df68317f2ddbd9bde978493e26b984a9523a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f66a396f-3932-434e-9c99-0ab3a195d7c8.tmp

Filesize
351KB

MD5
0a1f8ad064894e00592bdfe83c86541a

SHA1
2d56d65d9c92369b0c4f98bc43cd6db1d8451ef9

SHA256
62333844204344f149b27e6706fadcc1c02722f55cb5b069c4d26569b8385d41

SHA512
b2eb230b0e0f80f9d68a6c97613adc80eea4dbf4ae644b6802115e9aec308bee0bcf3f04ee4e4e8caca6e37f28c83892b18bddaf855b1fc0ff92b36bea840935

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F8C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9FBE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\Downloads\opera.exe

Filesize
6.9MB

MD5
50d45237c36a226cd10bd2bdc685c049

SHA1
ea0edf24cefd88a0be2ceaf92e1bf44fab817f64

SHA256
45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

SHA512
4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58

Download Submit
memory/1100-726-0x000007FEF3DF0000-0x000007FEF43D8000-memory.dmp

Filesize
5.9MB

Download
memory/2032-23-0x000007FEF6210000-0x000007FEF67F8000-memory.dmp

Filesize
5.9MB

Download