f7908f4fca5db961066654736243cf95a31ea41fe28eab5a2c2eaafaa356e88d

Resubmissions

17/10/2024, 12:12

241017-pc8yyswhkb 7

17/10/2024, 11:59

241017-n5s8jawenb 7

Analysis

max time kernel
182s
max time network
183s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17/10/2024, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.1MB
MD5

3487ada558b8b296d9d36833d8273123
SHA1

58bce514995aa27bc13c303db7ecf30229d7d4b7
SHA256

f7908f4fca5db961066654736243cf95a31ea41fe28eab5a2c2eaafaa356e88d
SHA512

456c2df36a7c6af710a2f41713ab6dee5a9ebd66c8f6accaa85f6bb884e6fa201cb5d68399328f9211edfab2af4092811fdda744a55d1c5d70a1bb1861c3c3aa
SSDEEP

49152:ONEyYYC1hqiJckG38dBFOhg5/6qF3rjb/h4CNcTCP8xphzSNtOSe+aSt:kEP1y3+0hgh6u/ZcTCP8BzONaSt

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
1608	setup.exe
3420	setup.exe
3752	setup.exe
4836	setup.exe
1768	setup.exe
3404	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3516	assistant_installer.exe
772	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
1608	setup.exe
3420	setup.exe
3752	setup.exe
4836	setup.exe
1768	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736407689063041"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1976	msedge.exe
1976	msedge.exe
1708	chrome.exe
1708	chrome.exe
788	chrome.exe
788	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1608	setup.exe
1608	setup.exe
1608	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 1608	5008	OperaGXSetup.exe	80
PID 5008 wrote to memory of 1608	5008	OperaGXSetup.exe	80
PID 5008 wrote to memory of 1608	5008	OperaGXSetup.exe	80
PID 1608 wrote to memory of 3420	1608	setup.exe	82
PID 1608 wrote to memory of 3420	1608	setup.exe	82
PID 1608 wrote to memory of 3420	1608	setup.exe	82
PID 1608 wrote to memory of 3752	1608	setup.exe	83
PID 1608 wrote to memory of 3752	1608	setup.exe	83
PID 1608 wrote to memory of 3752	1608	setup.exe	83
PID 1608 wrote to memory of 4836	1608	setup.exe	85
PID 1608 wrote to memory of 4836	1608	setup.exe	85
PID 1608 wrote to memory of 4836	1608	setup.exe	85
PID 4836 wrote to memory of 1768	4836	setup.exe	86
PID 4836 wrote to memory of 1768	4836	setup.exe	86
PID 4836 wrote to memory of 1768	4836	setup.exe	86
PID 1608 wrote to memory of 1976	1608	setup.exe	87
PID 1608 wrote to memory of 1976	1608	setup.exe	87
PID 1976 wrote to memory of 400	1976	msedge.exe	90
PID 1976 wrote to memory of 400	1976	msedge.exe	90
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1440	1976	msedge.exe	91
PID 1976 wrote to memory of 1844	1976	msedge.exe	92
PID 1976 wrote to memory of 1844	1976	msedge.exe	92
PID 1976 wrote to memory of 2352	1976	msedge.exe	93
PID 1976 wrote to memory of 2352	1976	msedge.exe	93
PID 1976 wrote to memory of 2352	1976	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe --server-tracking-blob=NTM0Nzk4NTYzYmU0M2E5NmY3MDNkMDU4YzJhZWI4ZDA4MTVkMWY5OWY3ZjliNGMyYTAyNTQ5MjBjODZlMzc2YTp7ImNvdW50cnkiOiJJRCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1vcGVyYS5jb20mdXRtX21lZGl1bT1yb2MmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmdXRtX2NvbnRlbnQ9JTJGaWQlMkZneCZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmlkJTJGZ3gmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneCZkbF90b2tlbj05OTA1Mjc3NiIsInRpbWVzdGFtcCI6IjE3MjI5NDI4MzUuMTM1NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImNvbnRlbnQiOiIvaWQvZ3giLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neCIsIm1lZGl1bSI6InJvYyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJvcGVyYS5jb20ifSwidXVpZCI6ImUyYWJkNDllLWM3ZmYtNDdiMS1hNDUwLTFmNDkwMjQ3ZWM4MCJ9
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x340,0x344,0x348,0x314,0x34c,0x74341160,0x7434116c,0x74341178
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1608 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241017121231" --session-guid=4386f168-fc74-4902-b007-45855a0176c9 --server-tracking-blob="M2I0MTI5N2I5ZmJkYzA5ZjQxNjc2YjU2NTE3MzgyN2EyYzYwYzllMDMwN2I1ZWE4ZDE2ZDUxYjMxZTQzNzZjNzp7ImNvdW50cnkiOiJJRCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1vcGVyYS5jb20mdXRtX21lZGl1bT1yb2MmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmdXRtX2NvbnRlbnQ9JTJGaWQlMkZneCZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmlkJTJGZ3gmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneCZkbF90b2tlbj05OTA1Mjc3NiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMjk0MjgzNS4xMzU0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwiY29udGVudCI6Ii9pZC9neCIsImxhc3RwYWdlIjoib3BlcmEuY29tL2d4IiwibWVkaXVtIjoicm9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Im9wZXJhLmNvbSJ9LCJ1dWlkIjoiZTJhYmQ0OWUtYzdmZi00N2IxLWE0NTAtMWY0OTAyNDdlYzgwIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=4009000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x71971160,0x7197116c,0x71971178
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff0e953cb8,0x7fff0e953cc8,0x7fff0e953cd8
      4⤵
      PID:400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,16596865118206863332,8984167047169495541,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
      4⤵
      PID:1440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,16596865118206863332,8984167047169495541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,16596865118206863332,8984167047169495541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
      4⤵
      PID:2352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16596865118206863332,8984167047169495541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16596865118206863332,8984167047169495541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:2592
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xe34f48,0xe34f58,0xe34f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fcccc40,0x7fff1fcccc4c,0x7fff1fcccc58
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5064,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3888,i,7134497444165201808,15502745647312878139,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff1fcccc40,0x7fff1fcccc4c,0x7fff1fcccc58
  2⤵
  PID:4644

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fcccc40,0x7fff1fcccc4c,0x7fff1fcccc58
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4200 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4296,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5032,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5136,i,1771724839871530297,9170882485648695556,262144 --variations-seed-version=20241016-180655.929000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
22dd1485c40d3984ce4ae22fe2ebab9e

SHA1
4c02bde82dd905c2fd6db5437d2dc57e255152db

SHA256
f0036e9e6729fad4c4cad6561eb99c54f94efd4e09c0fe03e5de2ca01c59738d

SHA512
d1510898430ce2d7e8112ba9e184ef883e38968f01c5e87a235a88760e74b1d964f235f81415349d85cbcfc967196d437d2eaec2499b4d5326a41164e61152c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
aa5984fd75928e9e3ce9667f5e099889

SHA1
f7dac8803402391233a8964b4ee8166f552d04eb

SHA256
db28a84aafa54e972cec7d0b0a9d9da9e0a6b6d54afc56dc332a7d7eabd6132a

SHA512
5fee0f4fcb174ff2b4c40ee67d37d01c4a0491d0c96d49f1a130f4d0852216ada8cd723f0c0914634453f4ab6f2fe669829bb3e3c3554b3d4f75232c4a72c405

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6bd35316-93c9-4495-846c-36c267fa1ade.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5e8dac0d601a7fb977f15da40216ff21

SHA1
80108dd7ec8f713cc134d1c672989c86d29d6596

SHA256
0b60dda38cc8b2c3fdac95a10c018c6c4331a4cdf965b4344084cd74680b1980

SHA512
77fce2bc8deaefbd160ef470617c4571986e676e1f99b323fbbea175059d5530afb6b179dceec0dacb9f920cf590036c9da66efdbaeafe55752413cbd5ff8804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e25bd621d26732edb4551d907189bc0f

SHA1
005ee38efc701b66c82d4d91a39c3e90f6f0e307

SHA256
6936dad881bd2070cd65103ad02869ba4509abbe059a81d490106dd7e52f593f

SHA512
d5137f35e706702c0587948be2ab5c57550af05140b8eaaaff30d95b5c074efba470fe030117b8b6ade9b542929b8c30b3e50eb283733a1b7e3425faf1a84afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
42b386b591eb7786cc0c80050d3ed8ba

SHA1
62ebf0946cf7811efd39993038cd1cf3200bc515

SHA256
f0c8b08edecc416bb4e0800c5bf6ec1cc11f23287b49cdede8a7c8526ece18d8

SHA512
98dbd73af939fe0392d5a55659c7f34a8538e4b25f74f20fc8c30c5f85a7ca07207e904aebf9d8346ad7b5bf0924738b91ce34910a12fbd9dadf7dfcf27c4423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8a95064f1b1ec301a484a120d4b59646

SHA1
7b34098d8040dceb5471e41af53b45de67a89bdf

SHA256
62eeaf01cc361797d266d84209c175fd810a2986f0f8b7810860dfd859c316cc

SHA512
d474342290b40e678b04044b9a70b73bee390abdd584084747ef502a25fb20bb579f9122bb399a897a5db91e36f9239ae0539f23b9cd8f7f9d7620946a898a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
5799b4d0ac53997f23fb40ce581bfadb

SHA1
e1fdd9342ce25a7be90e4c99d5d6fa7a9ec03fe1

SHA256
201b60adc0e73ace48ae69721fd903459ba777a1e1d9eaaea8b66d878aaab1a9

SHA512
511ab427758e6cb2d4d7bdafd622506eac27a528c3e2ba4ad3fc661f34080e5265f20433db28fb5429744ea68cb9639a8a6b9e31a8a791e3253202f392f5d464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
50c1a7bfbe54367271f77203fd806c5a

SHA1
c224ff0ad20341cffc7a0d5d3cbd131143af902c

SHA256
22c4ba20611acbef25780904e39fe8b610b8f5185aa0c82c60083c03e8da91d6

SHA512
db83429f4641fac4e78156b660d32993b47ccbba2349220cd30a5d1a8058f8afdfb89b9ed854efea96101c35101273bbe2afd144dfd06e3e470820f2240715de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
36KB

MD5
29d911dbef4ddb995da0e5be10301c7b

SHA1
092b553818db5f5402214be7a0ebf6d2dc20ee2b

SHA256
de4e15da6a16e2b30a37855211c1abd32fde7bb4fbfdd5205edb373834cd92cf

SHA512
aa916e32b4b85d747d9485d92e8cf93b301b2db7141640930c6b5f5ceb4e77c1414bbc7599e3c85ac6b4091ec842c356c7d9687b1c47e6ac8a46f64ecb217bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
149KB

MD5
218ef60db63cd07af066d8c10afaeea1

SHA1
f93fc5ae8c4e4765fc2987ab9c4756b6b3c5c585

SHA256
c36634ace47c75472561d5e9224707432e1ef2a1ab6580610c47ed1dc1c10a16

SHA512
74e6883c4731034fc1d008b8a4d59a06aa844e9f8646d4aa93363f6f5b0349776248f18920db08eb92e7881c91b956f7e40896bd2e6e1ad836018464b47929dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
69KB

MD5
a4ee0bb2b60437c50324a4c949c9df34

SHA1
cb56f97901584d963b11319b0a91e7346b7be228

SHA256
d7ef33cb53ade4b69b0af64438c9af094314ff94b8701ec2a5a0868e36fc619c

SHA512
75d6eeb2254b989975dcf005ed43e461ece0c7a75313c2d831c42cbd30ee98c6c9a88cb39ed4affa6b56e0d9b16269a077dc30f3dca0ebc08a7a27d3f0fbc911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
72729d51d70cb4243bda45874e9c84bc

SHA1
c6ccfcef39d26c1f9ab9942a34a56295d063e7c4

SHA256
a08b8b4cdd6b4770c9de2d707c2199908017ab373469d0b1c6ddb9bf7ad02803

SHA512
607a73cbed568654d5ecc5a470902ef86c019fc5806ec541be5e99a1bbe05c0b3e724933eddc475729cc313423c99bdfff027c212fcaa638e3b3248183faae0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c5f17c767ce11883f935d914e1f985d8

SHA1
9d5ce881f3232d50132013e3773280d3e708138d

SHA256
068cc444cc9dd760276b205f11dcd6a1d0dc56ecad8e85d3c8bb7ca335c3063d

SHA512
4678b829e5273591da90af4a9f5802d3e95045dad14b063a01a4e54cbaaa6dcaf9cae8acf943e287dd57f9c73b8b628fbda2870cddb04847cf89108b4cb764f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
2de24460ee738a745af09ef9b9ea21a4

SHA1
c0c61e0547d05869123072bbf4dc6cf154e16210

SHA256
1d7994a3495309f7819868db3c5e6e8ac977e399417c8e1da367b684629fb857

SHA512
f1773658f6004f384af612df21efdfe556dd8d2f42eac7901e74e7f8577fca2269ef7ba4247df65c1bf4122849c1e1bbd5a2c381c51fd16c50865e0663b25dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
eb9cf43056190f2e517f612f51c9b66c

SHA1
e7e207cf48b57f0b173e4c3428b87ffd2bdfe80d

SHA256
1db3889ac8cc84887cd5a735c10860eada21d4bb163f1fdbde33fd807a48e0b3

SHA512
eb9403e72ac6c0ff57667ea7bad86ce1efb465a744e9d035759c8dafd144a9f7a2adb43114134f33e749bc114b0715278f207aec1a780b77e9070b5ab66bfadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
562cd25698aaa5f1fa58e9deb9b0fa19

SHA1
61cceb0dff6a8ed897e642bafaa7ca37fc7b7804

SHA256
e288e051a9173aec932b90ccb7ed1e7d947b92d325678363385208a278de1e20

SHA512
6a8124cf1632b12daa95f62210e0403701fffcc4c8eb043cb51a8f6a76277c844cf3749d08d4757da216126b8b28722c1e42c3462977d18870617e46e243dd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c637096705d15cfb9d3cfffe4adc1504

SHA1
87a7a15b6a647dd8739d840400fa5b9a508dc925

SHA256
48cc548d46ffbb39e046a0ec2e5c4db26cfd1a00b0a6ca6ea4f5b9c4a269aef6

SHA512
b04e0892f941adc9324605958ac021e62ab0c11ed70e6db2d122334876d6dd82913a9186b476be3e1152ce40153e0908672868ff35af4c51558d06061ca0191c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d9bd19927b3efb8c4428089b98b98b60

SHA1
97bd205b6ce77615e333ef7c3a302cc533a5c56e

SHA256
b337e40a4f89b8787fa5be3d63309dfaeff4f1d17aa441fe6a3b000bac9d2d22

SHA512
6c439e6fb840cd748dda89e1990466e7c98154e897f8edea6eb6b561c0e1e698b187027a4ae1674c7cb96b2cd185b16e9a5d52e86d28e8ea3074b5695a2c5989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ca9feee84ad97f5bbe2adc8d821a9fdf

SHA1
9fc3e30e3e40d549456107fd0e9aef6ab51e72ff

SHA256
f4fce850612efdc4529f9fe445b4f862095aa1d2f5be50b458e35b4aeec3d827

SHA512
368aad8cc5222bb09f49fe9cdaed8b4487f71fa13e68e53eae4d157e605717d72196796018540d1a060b6352825e3f4495b698fd60e5f76bf14b5089ed2aff60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7595b651851a7ec2f11295c8fe262583

SHA1
db40e0ca8b872c24474c710e05f9f38b7093ba4e

SHA256
2348e894eabae7aae4e720da4bf89e217a2115e9425d7742b9656825460fb050

SHA512
b36601fb86eba6d9c2cb3c6be846d75d9144a938a760c04c95cc627144b81dce57126103e0851b7a0be4d621381aa131fefbd0b2dc1f99a498c8e2339f250d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
24430a8a6d39fe91b584ea0ff8c973a2

SHA1
202a3396e6c7b78cf2f61472f72be17aa34d039e

SHA256
c9f8249f91a39dfdc1075af9e13413d4a77962bc473af40569e9ef6befe4a73b

SHA512
9ec929e1b81b507856c6ce3918482c83eab83a74515b1e18b84bb219e146be63de5b06f7cc850c09c64164d5f37df2164d89d6c29cbd1d95bfbbe515e6dcc3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
72cca5ad4faa25e71e16a65203f68764

SHA1
0c66eb51202e9559426ef7aaa3915f5ea3c02319

SHA256
dbe01bca7611d641559886f2840dba2fd1f2ba059d689165c937b3266bf62ca5

SHA512
da51931e01204ecadc04e2b067cc69d6dcea0c7d919a4a374bf033c4247e48ae06a18d9a0c8065cf57f5dca4e6367587f9f48dc22693412e4e45ee1f3eca4674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fe382edf6ee9c8db7180bfb5dfe86dc2

SHA1
2715acfcc41879db192b6743d7829ce21941e403

SHA256
1015a126649d570b9f6aeb051131eb0a7db9d2a223bb93ee613e9bafa654febf

SHA512
f25dfc6d580fe519e4e8b7cb0b31884c58fc09a4bf961c2ee1b4ef4e7fdd809f570d7eebab6eadba6add24b25daf3e8723847fe6d0bfe912ca0226e7f210d76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
260604a6a07149bffba0fd5a6e6896db

SHA1
88d9e7541908489037b3230396a1d2afafdec49d

SHA256
6f90930ffdebb4b6439e4042ae73d954b55ce9e627877fac61d55bbe5c3deba8

SHA512
300bdb77190b3dd83748354c0586e77888698dc3f2bd4537dfc9107b934581dfe24a4b5374e5082a372844be4fad9bcb3a414ad9bcc495813881290ca7e2fc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b990c004badf9dc251eff0b537144f8a

SHA1
16b72b5332f46812d041b1b75fec2ce175ad8754

SHA256
7e9df1e6c670646179121b578305396e1ecb5d177095a8b2aff5295c63abfb1f

SHA512
b1e53b6c0f52b3e73438780bcdb43fd50da268b69251a8cc5f5a0d616104f09827efad0efd71d8d8a09a4719a67f6dc1a38758a111366454532120af4fe86c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aab400ea9161de86cb07e0456b5f4ce8

SHA1
47b2ee2b50e770ad2767b3a1ee04796b471184fd

SHA256
9ac844f3ad1b6c573efc81cb7882c10947e01fa26b9148ae47f41772f7eeff2b

SHA512
4e3f0f638ecb2fe3d429f005a8094508f466acc41884c2c95f97b930a6044b80d01f5f14e21c341fc66372b995bcdd069fcec6b0179c019e0b5108ddce7f9ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6769eb43c4daeb28c8ec088ab009e90e

SHA1
8c6c3967e56f3d673eddf2f48004722573675b91

SHA256
da535973e68295fbb73ad7369523f2c18364f5c94bd701e995fca70666a2ea9c

SHA512
ba171545915843e52c5be2833f6c4c8b13f7fd966eb1a9c03f9a0e6ba45152e0a29258b98cf5c2f7a6867538ff4fd80516fd462fb565a2abe7f1a1f4fb61fb1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
506b59fd1729c086ff07883b458d537c

SHA1
4b401daa49096d4bc56bc14f78342b0b744f3cfd

SHA256
402a7abbed8939d0bf853872d8fb2bb0c805e51738b3523d9b616e964bc4d1d3

SHA512
93ca3a8883c3e7f56700406d961f9990e3f224f3ffd4df30ea4224ab04fd1daa0da3bc0d418a045c270e7fd30fd9edd89ca823f13185f4606828de7471b08bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd5cb5b2f23511101c7c8487bc442f0c

SHA1
ed6cb9b552d8dbdc1c77c53761ec780bd3d49fd3

SHA256
c43f93ac2418926d3256719569b71d24150e7feb37ab7aa7209368058b23d914

SHA512
25d77afc46db277b2391f2419a2fc279d413cb22cea77d42ff718c9ae7be680ab495ec2ebac7e22422fe4876640137229f6143ca4a28cc5a4b2c78fefddca23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ba220f1a983d8b49445e45b95071098

SHA1
d555fd8bfa81eb4f63990d4eda929a97d470dd91

SHA256
739a7741345611a8dc92e3436814299e9308b703fb42d1a0a2d3e2aec668e966

SHA512
405eee9816ae39b162cd4d0aa509da9e921dc56216f6445dda085ee6c757f79c9027d2926596567a93ac07d957ab86085306b54101aca31a86a4b2b971df7495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1554fb94bc60d2c35f6945ff31bd4065

SHA1
d60bb5977a317959a01778a5ebe837d05e9fe86f

SHA256
babf35c53c543f3df8fe181c92d2848c9b5322f80265c553f9d4e81227424323

SHA512
bb44976a7cc67f8b33eb7d35d9a61ad9f9a2bb1510b0e1beed115b471f1f4e9ff3febd998869436e7b06472578095c9d00d62476414baf9fa648386001c28e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3cac6bba54de2c28ee6443ab33ef0b4e

SHA1
647bc38c3f0ba54cb15d1b6faaba3ff68b20ced2

SHA256
f4c984265ede4e14e963b838451820890e1e0617f219a0aa5873c388a44d95bb

SHA512
5dab339253d3bb62508e128619d0c4d9aa55f566d40c43b32a10fcc7395e703fe129464569d159c2461d4ea26b5c9cd7464a03af26be8f0ee39e48aa67933cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
2b34bc4460591af061283724f4cad9ba

SHA1
e0f8a0c4f57eeb834f9dc54842de736c3574739f

SHA256
73ec050c43b2b8e4aaaa33531651823b6ff791fcfa419f8f156dc9131535ada2

SHA512
f4fc88fe739c5e0e06553c11b2d92f1494583ee2c5aeb0f4ca3075bb8bcf01b270a714ad58e8d4247397d3528555d0b7cb3564dff276e31c23232c69b1f8f10a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
4cdd029924a86513ae89e2d8cd27cdfd

SHA1
84d2104c395093f733dd2573ff23c6a310b0f994

SHA256
a69e5eeddd18bcb1b777447d500df295105ed36c3bd3cecf4db8d3820a703df7

SHA512
edc6da5f081675d7b968565fef8591cde8889320cae63e8cbf6f1e71ab307ebb40bcd94ca41976dd9ef0a2709d120247c9f31ce505a01cfc1f45fc23337fa5a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
9a0e5aed2647790d1b7c30a98c31eea2

SHA1
7a0f924a8944f07c43c5a8eb1e5feaaf8935573d

SHA256
1f98205c3dc9344aab706b4a4988793f9fb1eb38ff9331556005fd3e60e694f1

SHA512
716f46ed478d8cf7bbf749e4373d6082f17f3db6662efa9b23c3ab902e97bbb36445fdf4f63a7089c8482cff1b68c902d6c4e41e0a5c39a96a3abd1920b18597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
1de07fb4ebe74412acbeac726a4ce016

SHA1
ffb0ece7a5ef6dc697e2d291225ea37f263913a9

SHA256
242676c2571fba597512f1733054c38e2454d908a26f156cbfbe549d2b662335

SHA512
47a2ca766fafd8246aee0c093511ade9423a9085c4552a1cea83bfa849168be570cb34158ecb776be9a9840ec6360fdb13b532fa64fd192a3bedbc75fe5ef8aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58b65b.TMP

Filesize
140B

MD5
4bd021582cc2636ab477b115e235a9e4

SHA1
1036c39c7cac7c88b411a69949a7f1da68245466

SHA256
4e7906800772694ecc2aa058ce89cea7d403f80f3b9d49c6660180ff862c6c90

SHA512
c3c7826215d2f73737f6c73e644fc7677e00044c8fc0ef085a84360986574f74f22c2a4a574b46ff2de9e1ad91a694d91b02f561677b17b27086122fec3845a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
280b4576db2ebac272584f9e7c788f6a

SHA1
6b2b20d7637d2e4f859c5e912ef8cbf4d2216797

SHA256
80521b9dfa9ec28c2321c9ecb1e34fcc92a04a09379f220e2dc19d908ad7e52e

SHA512
d7293f48b300c70462ed1962d73cc9262fd00d7d580a92ff0554fd1ffaf94bc04b405603439474c20a03b4e33952590e24cb13001807ade1bf000c1ae24c3192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
12ff685ef80eadd61d1db569fb1b3d4c

SHA1
51b5b5afc4baf50e51bfefbeddb90708579d3229

SHA256
965611ba822f252f229677a9967c24d94b9100b025fa6d845558170b195663e0

SHA512
0d373c671e5fe7cbffd51df84a0d6a2337c09ed13eb8d113595c9466a899429ac6f968c637e825bf8ac8fff572847c835abaa17081cb9dd02841efb3371528fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
1fa2ed3f1f5a19588a85e465880f8e6c

SHA1
7462f792670208cc700b1d90b1158e8dd5d569fa

SHA256
a0c4b98ce13edfddcad1898a018c6fecce3ad58f296e9c490521f8082c3b4966

SHA512
5eb5182daf6f89a05c2bca72d087c38ab9b528fcb0d6c4d999acbb8272b1541ae652c8d74bc810f0c5edbe7ccfe6120f0a4a8ea1e916f992fcaa45f7f8f385e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0fa10ded2e42a838fe1bcf3679c33d7c

SHA1
2b5806532905c60713633a8a59eccf91c2c80795

SHA256
beca742c430a4b73c06fd10c63e23262f9e7af486dfa04da050ce579dc65bb03

SHA512
cf8cd6296679b583441c3e4cd9701c274c874a3813cb3efce685209a090fb6a37c9c4a5f4c83bf31fc6660e69d6cf69e19eec0d3f1a28e35e5d92b094e623da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a7a25d9a2b4009b8e5a60672f0ed8ee6

SHA1
05a99e1a93731bdd4744c53366aa655c0e145030

SHA256
665298029b8d1793f68769ac7acb364c407904f10fe1d1641175dd0bfe1a0eaf

SHA512
a504cffb3094f3a502e7e5b410f2e0893fa87347330f1040f25143cc7e9bf6c7133feb837b040a01dc4414288ae71f5b092bab7999d6378ea04249ce7b2e2991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
890202a6a6f13c91353f14e900a8c87b

SHA1
01e28db28dbdd9568aaef1ba9cc26b1c42fa32ac

SHA256
d5f7ed6bb878c72e53f94a39c5e997b5d55958b628fc2dd91f31330d33ba7e2a

SHA512
f87f085b54c156d14650921b942f9e0e5044daf00f29af30478fe02dfd5c6bd64a3b7d2a779f9a1ab03a56666d184cb4c94aba2e4f973ed0ae8be47fb2ac031c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ace08be3dbbbe28ac79370460c0f3253

SHA1
afcd8c4eaf8027c5f267bd7ca9eb54017b40b3ea

SHA256
2e042b77ed119115c82a9e7a007cedb2f2aee997635412f0fea9aa4d4f18b581

SHA512
646168dd3a07a8164e95ec8dc24a29b9bb2078d0e5b61415e7901a610eb815875fc7fa85ffe53d2ddf7ec3a9176ea40c4d82f622b646593ab3514a74a2dadf17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
269b9c22510174a4f5d8e399c6ff85bf

SHA1
bb5bfd58da1039ed72d98ce742534797f0dbcefc

SHA256
0ac8038e65924abbaf7f308b35a9b14b427fbfa2c2ae7207119e07bfc26ed5e7

SHA512
ebe1c6fa3bf0c6d31e9a3cc31ba62e1f306cbf9f5f498cb27b16698dece82993a81e915e26e9b938dafb093571354e5800d13509548071f31a1a3ee729875683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
e1d5ce0f314a350d34b5f6c7fb44f316

SHA1
27a6445853223ad692f41e7058fda06a5332916c

SHA256
b2d63062741c5d1f7ebba49132ac260e8f88e349343dfd7f7cb578f879398a2e

SHA512
e2fd4d5da83cc9697007ee4a51d3942f23d8be1681b14fae1f248ee46640175658c2e75d17ddb365ee2fa3694032b321edd688b6d4989770b03d5b9e77804a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14439be4662173e44a30f201231379e3

SHA1
bbcbd914ced323d55ad8d1931e76fd944e0766c6

SHA256
6c3ea9b1bf80467b2540208830cc659fb14395f68ae301e225a8c3672aa71043

SHA512
2a89b698c635aa6d451820d29caf15efc0477719547942b039b062762b7b2745bb365acc03d2640b0b2e6298d94221ebb1d3882e0fc19ad3b354962d1512d5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4f0958d8f399e657b764ca9f6a58fd18

SHA1
5b123b48a223bbe427461963ee2b722e1a6c2e24

SHA256
c6c874aa39429b9770edd23318beb35badd263b2a22dc7306dbcba652952f362

SHA512
902f683c7810c748594375daefcec02c292b202d5b3f62cc72b518d679f71b54f5aa09f5144ff60e12538229121c609ae8428359b98f88e9f6af82b4d1d81c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410171212311\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS093618B7\setup.exe

Filesize
6.4MB

MD5
241331bede4cd250aeead156de3225c0

SHA1
4e6ebbfda62706203c7f3016d136560854841358

SHA256
b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86

SHA512
9eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410171212297621608.dll

Filesize
5.9MB

MD5
4510a03cd9a85d34ad47ed84097ed4a4

SHA1
a1a761249bbbe8dffcb3fac37ed570c89e130379

SHA256
cafaa2ac106c340ca91acbbd483379cd3c2273d2cb795349db6b07c7272c0433

SHA512
95b4b9de8818e025608f7a77b3281e879bbaed5bbde6cfcbbd4bcb1b6c6cf09706b68061b7264d90c3374c2a0072f91afffc5b617fec12921407c72b63b2be62

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
81941842c7913b713092b0e593c7ebcc

SHA1
79b3bb61c1746a00d45280e0d13ddb290a7e9cd8

SHA256
7819f408a1cc4eead7b79761f552555cc8cc896a0955c9c9300c33be63096189

SHA512
0143334d0dff3a1e60fddf362e7eb604d03fc11b4ae639699fa0a6eddc6555f00fe3e9a6d5e9d735b1bbca2967bfb4be5e579e61c4484417d245e51797f0d885

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
b2801bb8a4e076b19fdc29a5a80af84d

SHA1
88a6759f8f7e5a5a56b72c5b0e1ccffc0aee5fc0

SHA256
e7f46c25c9f6f2ed40dd8cd03e8deb9ceba198f7a6a43c883d12c893ec71dfa5

SHA512
1f7a510cfabd8d4726d9482de46764c0547179fa83b308e76e1068f45c9a801271bf69644799ad66631dd90d91b08247338a0e4b32b186788b6b3ead087d4da6

Download Submit