neshta | 73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038

Resubmissions

28-10-2024 19:24

241028-x4es7atjfy 10

28-10-2024 19:21

241028-x2xafstjal 10

Analysis

max time kernel
149s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-10-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
Size

313KB
MD5

8be423c51b713a3f5ffaba82318cdea0
SHA1

1d6a17cde22086e1618bcc6b8e97bdd44c56de93
SHA256

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038
SHA512

a24d617386466e8a7df4905076dea69a9181d2a4493ca34bf9eea40b2251865ab09e1d5dc36c882e08774f49776ddfb458f4f3b3ba7d63c117ef39877f57e244
SSDEEP

6144:k9w6CHQfzgeC32Uaq2t0EyL+2iaBAO94ruMQd:IzHoRK2ZyiM8

Score

10^/10

neshta defense_evasion discovery persistence spyware stealer

Malware Config

Signatures

Detect Neshta payload 48 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x000700000002782a-41.dat	family_neshta
behavioral1/files/0x000100000001047d-168.dat	family_neshta
behavioral1/files/0x001c00000002ab3e-180.dat	family_neshta
behavioral1/memory/3776-187-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0007000000027839-201.dat	family_neshta
behavioral1/files/0x0005000000027915-200.dat	family_neshta
behavioral1/files/0x000200000002789b-199.dat	family_neshta
behavioral1/files/0x0005000000027954-198.dat	family_neshta
behavioral1/files/0x0003000000027919-204.dat	family_neshta
behavioral1/files/0x0009000000027843-203.dat	family_neshta
behavioral1/files/0x0007000000027841-202.dat	family_neshta
behavioral1/files/0x000100000002a517-210.dat	family_neshta
behavioral1/files/0x000100000001025d-219.dat	family_neshta
behavioral1/files/0x0001000000010471-229.dat	family_neshta
behavioral1/files/0x00010000000105aa-228.dat	family_neshta
behavioral1/files/0x00010000000104c7-227.dat	family_neshta
behavioral1/files/0x0001000000010475-226.dat	family_neshta
behavioral1/files/0x000100000001047b-224.dat	family_neshta
behavioral1/files/0x0001000000010619-222.dat	family_neshta
behavioral1/files/0x000100000001035e-221.dat	family_neshta
behavioral1/files/0x000100000001033f-220.dat	family_neshta
behavioral1/files/0x0001000000010355-218.dat	family_neshta
behavioral1/files/0x000100000002a555-217.dat	family_neshta
behavioral1/files/0x000100000002a557-216.dat	family_neshta
behavioral1/files/0x000100000002a516-215.dat	family_neshta
behavioral1/files/0x000100000002a519-214.dat	family_neshta
behavioral1/files/0x000100000002a556-213.dat	family_neshta
behavioral1/files/0x000100000002a518-211.dat	family_neshta
behavioral1/files/0x0001000000028ae8-209.dat	family_neshta
behavioral1/files/0x0001000000028ae7-208.dat	family_neshta
behavioral1/files/0x0001000000028ae6-207.dat	family_neshta
behavioral1/files/0x0001000000029bd7-206.dat	family_neshta
behavioral1/files/0x0001000000028b3c-205.dat	family_neshta
behavioral1/files/0x00020000000278b3-197.dat	family_neshta
behavioral1/files/0x0005000000027942-196.dat	family_neshta
behavioral1/files/0x00020000000278a0-195.dat	family_neshta
behavioral1/files/0x0002000000027831-194.dat	family_neshta
behavioral1/files/0x0005000000027941-193.dat	family_neshta
behavioral1/files/0x000700000002781e-192.dat	family_neshta
behavioral1/files/0x0007000000027822-190.dat	family_neshta
behavioral1/files/0x000800000002788a-189.dat	family_neshta
behavioral1/files/0x000500000002794f-188.dat	family_neshta
behavioral1/memory/3288-230-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/3692-253-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/3288-268-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/3288-339-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/3288-342-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/2612-1006-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta

Executes dropped EXE 17 IoCs

Processes:

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exeUn_A.exemsedge.exesvchost.commsedge.exesvchost.comsvchost.comDELTAV~1.EXEOperaGX.exesetup.exesetup.exesetup.exesetup.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	Process
2412	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
1088	Un_A.exe
4180	msedge.exe
3776	svchost.com
1576	msedge.exe
3692	svchost.com
2612	svchost.com
4180	DELTAV~1.EXE
4840	OperaGX.exe
4028	setup.exe
2136	setup.exe
3456	setup.exe
1276	setup.exe
4392	setup.exe
4964	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
2904	assistant_installer.exe
1588	assistant_installer.exe

Loads dropped DLL 17 IoCs

Processes:

Un_A.exesetup.exesetup.exesetup.exesetup.exesetup.exe

pid	Process
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
4028	setup.exe
2136	setup.exe
3456	setup.exe
1276	setup.exe
4392	setup.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

Processes:

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

setup.exesetup.exe

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
54	api64.ipify.org
55	api.ipify.org
128	api.ipify.org
129	api64.ipify.org

Drops file in Program Files directory 64 IoCs

Processes:

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exemsedge.exe

description	ioc	Process
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\Installer\setup.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateBroker.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateOnDemand.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateSetup.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe	msedge.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wab.exe	msedge.exe
File opened for modification	C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe	msedge.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\cookie_exporter.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ielowutil.exe	msedge.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedge.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedge_proxy.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\UNINST~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpshare.exe	msedge.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedgewebview2.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\msedge.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\msedge_proxy.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	msedge.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmplayer.exe	msedge.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wab.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\elevation_service.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateCore.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\setup_wm.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\iexplore.exe	msedge.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\setup_wm.exe	msedge.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\notification_helper.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WI8A19~1\ImagingDevices.exe	msedge.exe
File opened for modification	C:\PROGRA~2\Google\Update\DISABL~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\iexplore.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmlaunch.exe	msedge.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\Application\pwahelper.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmprph.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	msedge.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

Drops file in Windows directory 9 IoCs

Processes:

svchost.comsvchost.com73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exemsedge.exesvchost.comchrome.exe

description	ioc	Process
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
File opened for modification	C:\Windows\svchost.com	msedge.exe
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\directx.sys	svchost.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Delta V3.61 b_14356458.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

setup.exesvchost.comsetup.exesetup.exeUn_A.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeDELTAV~1.EXEOperaGX.exemsedge.exesvchost.comsvchost.comsetup.exeassistant_installer.exe73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Un_A.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DELTAV~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746170904904010"	chrome.exe

Modifies registry class 5 IoCs

Processes:

DELTAV~1.EXE73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exemsedge.exechrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Opera GXStable	DELTAV~1.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	DELTAV~1.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Delta V3.61 b_14356458.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

Un_A.exechrome.exechrome.exe

pid	Process
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1088	Un_A.exe
1708	chrome.exe
1708	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

chrome.exe

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

TextInputHost.exeDELTAV~1.EXE

pid	Process
420	TextInputHost.exe
420	TextInputHost.exe
420	TextInputHost.exe
4180	DELTAV~1.EXE
4180	DELTAV~1.EXE
4180	DELTAV~1.EXE
4180	DELTAV~1.EXE
4180	DELTAV~1.EXE
4180	DELTAV~1.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exeUn_A.exemsedge.exesvchost.comchrome.exe

description	pid	Process	procid_target
PID 3288 wrote to memory of 2412	3288	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	79
PID 3288 wrote to memory of 2412	3288	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	79
PID 3288 wrote to memory of 2412	3288	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	79
PID 2412 wrote to memory of 1088	2412	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	80
PID 2412 wrote to memory of 1088	2412	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	80
PID 2412 wrote to memory of 1088	2412	73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe	80
PID 1088 wrote to memory of 4180	1088	Un_A.exe	83
PID 1088 wrote to memory of 4180	1088	Un_A.exe	83
PID 1088 wrote to memory of 4180	1088	Un_A.exe	83
PID 4180 wrote to memory of 3776	4180	msedge.exe	84
PID 4180 wrote to memory of 3776	4180	msedge.exe	84
PID 4180 wrote to memory of 3776	4180	msedge.exe	84
PID 3692 wrote to memory of 1708	3692	svchost.com	89
PID 3692 wrote to memory of 1708	3692	svchost.com	89
PID 1708 wrote to memory of 3468	1708	chrome.exe	90
PID 1708 wrote to memory of 3468	1708	chrome.exe	90
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 1892	1708	chrome.exe	91
PID 1708 wrote to memory of 2952	1708	chrome.exe	92
PID 1708 wrote to memory of 2952	1708	chrome.exe	92
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93
PID 1708 wrote to memory of 4384	1708	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
"C:\Users\Admin\AppData\Local\Temp\73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe"
1⤵
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Users\Admin\AppData\Local\Temp\3582-490\73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\3582-490\
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.badlion.net/uninstall-feedback
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4180
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument https://www.badlion.net/uninstall-feedback
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe --single-argument https://www.badlion.net/uninstall-feedback
        6⤵
        Executes dropped EXE
        
        PID:1576

C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3692
- C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
  C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9de8cc40,0x7ffa9de8cc4c,0x7ffa9de8cc58
    3⤵
    PID:3468
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:1892
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1656,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
    3⤵
    PID:2952
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2384 /prefetch:8
    3⤵
    PID:4384
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3064 /prefetch:1
    3⤵
    PID:1416
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
    3⤵
    PID:3060
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4356,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4340 /prefetch:1
    3⤵
    PID:2024
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:8
    3⤵
    PID:2852
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
    3⤵
    PID:2276
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
    3⤵
    PID:1576
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
    3⤵
    PID:4576
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4236,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:4920
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5040,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:1
    3⤵
    PID:1776
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4492,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:1
    3⤵
    PID:3712
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3664,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4304 /prefetch:1
    3⤵
    PID:1276
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3048,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:1
    3⤵
    PID:4408
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5020,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
    3⤵
    PID:1552
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4488,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
    3⤵
    PID:2076
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5704,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:1
    3⤵
    PID:3664
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4224,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:4608
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3080,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:1
    3⤵
    PID:2756
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3340,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:1
    3⤵
    PID:1568
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4640,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3056 /prefetch:1
    3⤵
    PID:3292
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4404,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:1
    3⤵
    PID:636
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5860 /prefetch:1
    3⤵
    PID:3440
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5952,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:3912
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4840,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:8
    3⤵
    PID:1120
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4708,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:8
    3⤵
    PID:5032
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6164,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - NTFS ADS
    PID:4396
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\DOWNLO~1\DELTAV~1.EXE"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2612
  - - C:\Users\Admin\DOWNLO~1\DELTAV~1.EXE
      C:\Users\Admin\DOWNLO~1\DELTAV~1.EXE
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4180
    - - C:\Users\Admin\AppData\Local\OperaGX.exe
        
        C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe --silent --allusers=0 --server-tracking-blob=MWEzNzMzZWJjMWU4YzZkNTgzNmMyOGQ4ZDE0YmIyMmNiNjJkZGQxYzNlZTE3ODIxYzFkZTU5YzU4NjY5NmI2Nzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0xYzYwYjliZWMwOWE0OGUwOThkOWM2OTA2ZDJiMjYzMiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzAxNDM1OTEuOTYzOSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMWM2MGI5YmVjMDlhNDhlMDk4ZDljNjkwNmQyYjI2MzIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxNGEzNzMwMS05OWUxLTRjNDMtYjU4MS03ZDQ5OTY1NjNkNDUifQ==
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Modifies system certificate store
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x70f38c5c,0x70f38c68,0x70f38c74
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4028 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241028192633" --session-guid=988660d6-51af-465c-9060-8755a9d10a7c --server-tracking-blob=ZjA2YTc0ZmM1NWRmOTg4NTNhZWUwMTM5YjczMTIzZDc5MDk5MGM2OTRiZDg4MDBhOGNjY2YxZWE4MjQ1NTdmMjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0xYzYwYjliZWMwOWE0OGUwOThkOWM2OTA2ZDJiMjYzMiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDE0MzU5MS45NjM5IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIxYzYwYjliZWMwOWE0OGUwOThkOWM2OTA2ZDJiMjYzMiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjE0YTM3MzAxLTk5ZTEtNGM0My1iNTgxLTdkNDk5NjU2M2Q0NSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C06000000000000
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8E207DB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x6fff8c5c,0x6fff8c68,0x6fff8c74
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\assistant_installer.exe" --version
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xbc4f48,0xbc4f58,0xbc4f64
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1588
- - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
    "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,4361788787865925924,17114092065825856665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4148

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:420

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\21ffb8942746472d951ef01f462b6439 /t 1972 /p 4180
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

Filesize
328KB

MD5
39c8a4c2c3984b64b701b85cb724533b

SHA1
c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00

SHA256
888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d

SHA512
f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

Filesize
86KB

MD5
3b73078a714bf61d1c19ebc3afc0e454

SHA1
9abeabd74613a2f533e2244c9ee6f967188e4e7e

SHA256
ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

SHA512
75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE

Filesize
5.7MB

MD5
09acdc5bbec5a47e8ae47f4a348541e2

SHA1
658f64967b2a9372c1c0bdd59c6fb2a18301d891

SHA256
1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403

SHA512
3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

Filesize
175KB

MD5
576410de51e63c3b5442540c8fdacbee

SHA1
8de673b679e0fee6e460cbf4f21ab728e41e0973

SHA256
3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

SHA512
f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

Filesize
9.4MB

MD5
322302633e36360a24252f6291cdfc91

SHA1
238ed62353776c646957efefc0174c545c2afa3d

SHA256
31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c

SHA512
5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

Filesize
2.4MB

MD5
8ffc3bdf4a1903d9e28b99d1643fc9c7

SHA1
919ba8594db0ae245a8abd80f9f3698826fc6fe5

SHA256
8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

SHA512
0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE

Filesize
183KB

MD5
9dfcdd1ab508b26917bb2461488d8605

SHA1
4ba6342bcf4942ade05fb12db83da89dc8c56a21

SHA256
ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

SHA512
1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

Filesize
131KB

MD5
5791075058b526842f4601c46abd59f5

SHA1
b2748f7542e2eebcd0353c3720d92bbffad8678f

SHA256
5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394

SHA512
83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

Filesize
254KB

MD5
4ddc609ae13a777493f3eeda70a81d40

SHA1
8957c390f9b2c136d37190e32bccae3ae671c80a

SHA256
16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950

SHA512
9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE

Filesize
386KB

MD5
8c753d6448183dea5269445738486e01

SHA1
ebbbdc0022ca7487cd6294714cd3fbcb70923af9

SHA256
473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997

SHA512
4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

Filesize
92KB

MD5
176436d406fd1aabebae353963b3ebcf

SHA1
9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a

SHA256
2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f

SHA512
a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE

Filesize
147KB

MD5
3b35b268659965ab93b6ee42f8193395

SHA1
8faefc346e99c9b2488f2414234c9e4740b96d88

SHA256
750824b5f75c91a6c2eeb8c5e60ae28d7a81e323d3762c8652255bfea5cba0bb

SHA512
035259a7598584ddb770db3da4e066b64dc65638501cdd8ff9f8e2646f23b76e3dfffa1fb5ed57c9bd15bb4efa3f7dd33fdc2e769e5cc195c25de0e340eb89ab

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

Filesize
125KB

MD5
cce8964848413b49f18a44da9cb0a79b

SHA1
0b7452100d400acebb1c1887542f322a92cbd7ae

SHA256
fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

SHA512
bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE

Filesize
142KB

MD5
92dc0a5b61c98ac6ca3c9e09711e0a5d

SHA1
f809f50cfdfbc469561bced921d0bad343a0d7b4

SHA256
3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc

SHA512
d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

Filesize
278KB

MD5
12c29dd57aa69f45ddd2e47620e0a8d9

SHA1
ba297aa3fe237ca916257bc46370b360a2db2223

SHA256
22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880

SHA512
255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

Filesize
454KB

MD5
bcd0f32f28d3c2ba8f53d1052d05252d

SHA1
c29b4591df930dabc1a4bd0fa2c0ad91500eafb2

SHA256
bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb

SHA512
79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe

Filesize
1.2MB

MD5
d47ed8961782d9e27f359447fa86c266

SHA1
d37d3f962c8d302b18ec468b4abe94f792f72a3b

SHA256
b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a

SHA512
3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669

Download Submit
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

Filesize
555KB

MD5
ce82862ca68d666d7aa47acc514c3e3d

SHA1
f458c7f43372dbcdac8257b1639e0fe51f592e28

SHA256
c5a99f42100834599e4995d0a178b32b772a6e774a4050a6bb00438af0a6a1f3

SHA512
bca7afd6589c3215c92fdaca552ad3380f53d3db8c4b69329a1fa81528dd952a14bf012321de92ad1d20e5c1888eab3dd512b1ac80a406baccc37ee6ff4a90dc

Download Submit
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

Filesize
121KB

MD5
cbd96ba6abe7564cb5980502eec0b5f6

SHA1
74e1fe1429cec3e91f55364e5cb8385a64bb0006

SHA256
405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa

SHA512
a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

Filesize
325KB

MD5
9a8d683f9f884ddd9160a5912ca06995

SHA1
98dc8682a0c44727ee039298665f5d95b057c854

SHA256
5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423

SHA512
6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

Filesize
325KB

MD5
892cf4fc5398e07bf652c50ef2aa3b88

SHA1
c399e55756b23938057a0ecae597bd9dbe481866

SHA256
e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781

SHA512
f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

Filesize
505KB

MD5
452c3ce70edba3c6e358fad9fb47eb4c

SHA1
d24ea3b642f385a666159ef4c39714bec2b08636

SHA256
da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c

SHA512
fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

Filesize
146KB

MD5
cdc455fa95578320bd27e0d89a7c9108

SHA1
60cde78a74e4943f349f1999be3b6fc3c19ab268

SHA256
d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9

SHA512
35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

Filesize
221KB

MD5
87bb2253f977fc3576a01e5cbb61f423

SHA1
5129844b3d8af03e8570a3afcdc5816964ed8ba4

SHA256
3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604

SHA512
7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

Filesize
146KB

MD5
d9a290f7aec8aff3591c189b3cf8610a

SHA1
7558d29fb32018897c25e0ac1c86084116f1956c

SHA256
41bed95cb1101181a97460e2395efebb0594849e6f48b80a2b7c376ddf5ce0ea

SHA512
b55ab687a75c11ba99c64be42ad8471576aa2df10ce1bb61e902e98827e3a38cd922e365751bd485cac089c2bd8bccf939a578da7238506b77fe02a3eb7994c6

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE

Filesize
258KB

MD5
d9186b6dd347f1cf59349b6fc87f0a98

SHA1
6700d12be4bd504c4c2a67e17eea8568416edf93

SHA256
a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4

SHA512
a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE

Filesize
335KB

MD5
e4351f1658eab89bbd70beb15598cf1c

SHA1
e18fbfaee18211fd9e58461145306f9bc4f459ea

SHA256
4c783822b873188a9ced8bd4888e1736e3d4f51f6b3b7a62675b0dc85277e0eb

SHA512
57dbc6418011bcac298e122990b14ed1461c53b5f41cb4986d1d3bbbb516c764a7c205fc4da3722399fdb9122f28e4ec98f39d2af80d4b6a64d7bd7944d1c218

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE

Filesize
433KB

MD5
674eddc440664b8b854bc397e67ee338

SHA1
af9d74243ee3ea5f88638172f592ed89bbbd7e0d

SHA256
20bbf92426732ff7269b4f2f89d404d5fee0fa6a20944004d2eeb3cc2d1fa457

SHA512
5aced0e2235f113e323d6b28be74da5e4da4dc881629461df4644a52bccd717dc6d2632c40ed8190b3ad060b8b62c347757a0bbe82680d892114c1f0529146b7

Download Submit
C:\PROGRA~2\Google\Update\DISABL~1.EXE

Filesize
198KB

MD5
7429ce42ac211cd3aa986faad186cedd

SHA1
b61a57f0f99cfd702be0fbafcb77e9f911223fac

SHA256
d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f

SHA512
ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe

Filesize
537KB

MD5
23622b7d65653e1dd46db1d10c52d933

SHA1
5278e3311ef9adac97bcd572ef4466161deb921d

SHA256
6e872df59c1f0f474f5f2e1bacd84b8570b08195fe5615a7293eecf540f88505

SHA512
8b2a0c9f71baa78fbe30c82a2f530faf106adabe366200555891af3ea5b52ca327f05e8f53c55d73d94c08fc60433218235b638b0ada1617ee57668087966b26

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\Installer\setup.exe

Filesize
3.6MB

MD5
4df2f346ca3852b5dff45c058d22eab3

SHA1
7724a7e7cb09d79a44104e694d06999c225e5f2a

SHA256
59c94097f063a245ebce78f2e63354bb94f12f3faf10a7800381e20a249d0132

SHA512
746dcad9a5febe85202061583d9c241bee8c1375fa01735dcc200050fe685f9e04ba97f4ccc86802bafe5b0b9f56534adb5f4262a5db7b468e8014a3a70af735

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\cookie_exporter.exe

Filesize
138KB

MD5
b9c69481857d7550c5ebd77cc50a1d84

SHA1
a2e18198fd96975f9f3206330af9a933e336ddc1

SHA256
3f3063f7da14b31417aa8dbc0e5242a50a29f7948cd1288e0647d9f927129123

SHA512
cb1c02d0aa19210835ab584bdd49fbb9c446bd793d4c0e68f0a0f04f6a5c7e0f595009d544120e71a641f9776c39b17d7c0c5fea76392581f6aa094cd6fb4647

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\elevation_service.exe

Filesize
1.5MB

MD5
7e37d766247059f57b1749cc981dae75

SHA1
3c97628e79d241dac9c9275ea4137f97c215a142

SHA256
4b681840018519bd755191705a1e0330557a33943f165f80a01fda3641db4cd3

SHA512
a924960c22a5246024ace05c76b54f6db3be3ea6bbb08b4c12fad5379dba7b5c4bb0f5deece37b01f908ef876dbf616dc808d5d2f734867698a24f49c5c1e3f2

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\identity_helper.exe

Filesize
1.0MB

MD5
105512023f579c681bbf55f4f88a2ded

SHA1
2b7e3fb82461924e2afa09cf778da484605cb855

SHA256
bbdb39a2dec157d2a571101338907d3ce6b6b4122ee077644cd1285ccb0515b0

SHA512
0aeacf1bd617722c29dcd763208c20e89d90cff4c43a478f1292ef0964a3172fcc22cc2b1850ec68981c4760674e68f804bf3bba2155d9bbf9c7aa38f7394985

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedge_pwa_launcher.exe

Filesize
1.5MB

MD5
34d0a4d388738301876a910823dfcb8a

SHA1
46849a3f21432aceb23b403ce4a3625a45d1b7d2

SHA256
dbb4397b616325e5484d4d26836d4e1da826e83be51b1ebf59c758bf5bd58a34

SHA512
ed65ecca79d99824d289bba7e77dd714087ad34536aaf95648b31d93d28d5ecb8b42c776332651c98ffb02c18a9b9e792f0293ded46051ff4def050efeb95c3e

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\msedgewebview2.exe

Filesize
2.8MB

MD5
fccf74c2b9b3e8af2814e8b6493eeb93

SHA1
74ea75ba393e718e802e84060c74780d5e38bae5

SHA256
8c2ffa56077b4d79db8118b544f095faf4803dbe5676af3f0d9ac52b15d73724

SHA512
909f02d7f14e08078275f492ae5df978d6e81e57d15e95083d8bc23631aa6d720088eefdbe60173db6dca3485d00c599937b42262f2c8e395a4fce84222c9dcb

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\notification_helper.exe

Filesize
1.2MB

MD5
40309a97594ecfed9e8cd0368b51f002

SHA1
8a1ca73a3ee107c1f172877a21f2e8b6a5c30f54

SHA256
48e26052483e4981461c09644924f28464019919cc740cece6069adb71c3be48

SHA512
359d44547d0cb2c5fa403cc2e1e860bd502db6066a6e09871a047edfaa4ee9449415cbe6ce32a13eb3276fa7f13bd4397572a4439989b080aa4c3ff1c8adcbca

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\90.0.818.66\pwahelper.exe

Filesize
1013KB

MD5
ae233c9a94ac29078a9b84a0e2f21d0e

SHA1
74352f8a9f95dac8d4149592f2ca5cafa3f22df5

SHA256
d351a76537354ee30c5c229ce5ad7684befc6aeac30dbf8c38c03f7780c9ab87

SHA512
4985561bd596b002849f3c840b04b5443385f3eb6ba3e1016090a6623b61b0143c4cc928f2b5aa95a70fda8363359ebbdcdd89a5521e90e93aa1c17903ac4109

Download Submit
C:\PROGRA~2\MICROS~1\Edge\Application\msedge_proxy.exe

Filesize
1.0MB

MD5
a504bdfc2f71c8040cb5b6c743d32f34

SHA1
e693d0844f6a6c7d82a70e289f99c62a216dd13a

SHA256
8ba67958788de5da6de9288f1bb6d2b73f57cc88534359a9a627063e86fcb076

SHA512
0ac11251e930ffb1ca965c7f584fcd64d9a2432e248b6d98847e10b67c80482a0591f663f046b7d6add34160bc2deedaf89313a5a6f2cccfa395264c193c4f89

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.2MB

MD5
88bec53e56a6b3121e0574d1c663d067

SHA1
681608f0cadf80ba96652b9c488516caf70e7b0f

SHA256
c6fbfeeee15a2fe7302a80fd5e679cec3212f4eb1a92ef14dd7f19a19a107299

SHA512
c60926f095fb4bd4ddd351d61e412eca97246f8dce14c655c9a54741c078fcb1380730758ca4d35a84da968b4284c8787ab10dc3884adf5e5f8cba58db2adde3

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\64ebe23472f6a3af\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2ce91c0aa49dee56fb797346b2cfb25

SHA1
a0eb00bac2e3719ce71697f01fb82e1d0354a95f

SHA256
79eb4d1baad1e7b5215d41def2c9eb1f890d8695920f0ce84f09b69d1bab6562

SHA512
771b237deb970b3788c2ec728798495241c86ba5c2ba76b7f452744e33c62d9ecedb8bc2fccf543e60a7b6d0eecf79620f0ce1f09b659236ce6d440955eec74c

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\64ebe23472f6a3af\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\64ebe23472f6a3af\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
992B

MD5
0fa924f38b8bd3832028cc630081bd14

SHA1
bf2d0d6ed3bdd91f456770e298191c4218e31d70

SHA256
318dd21d5869100497ae4e433d6edd29803338312bd962a8412773e84682e5a9

SHA512
c92cd49e09891ca29b4ded4a72b2510231f763a0f497714f55f30ae10fd25a5cdb534a73cf34a5437e15365727c149db1840f0f05968222aca3809071b9d4891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\17d5ada4-1672-42c0-9788-0411eb153320.tmp

Filesize
231KB

MD5
54a47e1188a068bbe9cbbecd03a3c910

SHA1
0c70c9501d651573bcc97ae144d2337c5e7183d7

SHA256
78d7bdef09cf39653d7c84517546c92c5804e98137f7462282071d02ed34f963

SHA512
797f7f47727e6b806cbb973e9abac8bb65aa751b82c3a4a607968ab35d65b5375f129f6e374bc6c9a602208c73a93d9a8b4730839fd099afb3706207ba4e3b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
39ce347fc31e7b150fcb012439120260

SHA1
fed0ee2fe2b5ce5f629ae7561ff49512ac3d4bc9

SHA256
62d7d172f1fc23fc57cc6b2553fd79fae0482a88b6acf6b16bdc401101a2baa0

SHA512
31160479e7ce6a7b40d74fc9906e335088488ec09cf1f448f8ca2461cb5ea6da4dcfc33bebdd715b26579426a00a1cdc707389cfdcb670dae86a6abb1f3b0e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
106KB

MD5
39f76304d42673f8139640465f5cb56d

SHA1
5b88ea55dc76b583e03f216c6e8558688283c284

SHA256
0072a065a3a7865cfe3c2a6cab912f8144d4bbbbb8ad0f96259da8caf7acf6f1

SHA512
c7d7d16731184a676e444067c711385cbb11dd4d4a6d5bab3c7ad2f85bb483fffbb1b9ccf4548c4d567c174640c60d132e3fc509d5a003de81c200bc8ef3905d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
56128d3d073359500055032007e6f716

SHA1
72e00fb8fa735df799e6b3c1148c90dee7ebe8ec

SHA256
119423976ea2db78b6cadb4afd699bf097389eaad8ce61bef1378711602abcd8

SHA512
bd87a3ffe892572ca6db7ae7e8498b06276a1bed5822246f0ac65dc72292aefda5af9809e75f942d24e09d36a82511d91f11b267c5c2914d0b7d5b8d78ba872c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
52KB

MD5
a3beb0c86cd16759dd972049236faa18

SHA1
3788409b771dde15e02ee3edba822f1be4e078f0

SHA256
ee0e5bc725a7a3e68b371905a791e1f1e5e81f2f58bcfd39450c753397e0e152

SHA512
58274332898032f2bdaba6af99d68fa0fb09432e8d2c7edf59e58feb4e7a01cf3c977895c93511de1971cd0cdf3f446432070d665f2ce0a096a36b762485eecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
149KB

MD5
2e629ba879ede19b9bf37d2e2bc1d3cf

SHA1
26dc7132239d460b4066d6eae248187c89873817

SHA256
6bcf63d120376bb75e419989acd93f5244bf6c59587a178fc8ef55a60659706a

SHA512
d8df18cd68581c057e887d58dc6fee5a0a990e068fc4921beb1b220b76a6d8f689df426168497ea32aaaad1a9cae19d573942d545be4591ecea0ab075c4f6a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
16KB

MD5
5830feed3e34072f13cdbb9c3d433a5a

SHA1
f2f9f9b1912cedb68aca907f320abecdf8303513

SHA256
1e6d79f76ccab623a4f200df039f9f70c02a61f41fd9475f5dbda5a4fc2ff96a

SHA512
009536aeddbb09f2e21cd8c0adaa4bece6c96399f73f93e0cb73919f80c79c959d6c0184636afc56ee197cade57d7d02b9f19a59e18d8b94618dd6c141720515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
20KB

MD5
1d19fd6aa4ec2f288c8aea91ff64557a

SHA1
32d8112d84f551e18bb889fd84ea4b7ef8ada911

SHA256
92eba48a0b3d5d0f2742cfee45003c7090269b38ba235c5ef7ed13c42d9f1fcf

SHA512
c06277b8ee538c14889a7c8ec2002ce8f276d982976c5ae3a47ebd85e5c25f06b6a56cd13b0b6e2f850257b9836d57eafdb562111f55926b8fb10ff92981c21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
52KB

MD5
13ac5d25975854f43a8b85423c171b6d

SHA1
5bb989782d838bf809b0559979ed8ac565777400

SHA256
93b445cfa8bf48d5083869b248871d63377da35015e366998fde98cffcbc3524

SHA512
1a04ef8793be99d925d7511e9ebd64abd07035181b1c925ebcb19e04be2f59895a6e7817a349ed758a51ff964798c1020632012490af269df702d855ed93bce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
63KB

MD5
54f20de8a9081fccaa118be5bf3aa347

SHA1
9a6f5952bca06500c4df3f5a26a54955e55ccc14

SHA256
b47847a633f51ffc2135e83796b686532acbb5876025eac6d20a083502315834

SHA512
488522b5d5dc119f11e33f295fc3a2537cfe8360287ba619eae02d70629d6bacf7ea9f8e85a05a1b9d84a0688922e97c7d754c42d5428363253765fee35f6d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
93491c846408f59127bc243803ddc9d9

SHA1
48b93723cd497b2afc5efd104ba9a743c5a1d2dd

SHA256
31af9e60b2380bb0d9dc042e12c6dbe0d52a3516a12d7fe6817eb838bbb95c67

SHA512
fdea8d6684a838b8c737b7fd75c55c70ba092dc8412f10030591d7f7dc528ca929eb02df626ff5640c82333cf2b2eeb8b7c57e687ba3d945b547a03d47f97659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bdddf2077e8544fe8d79603d60aa7134

SHA1
e1ff2564b6606317ffaa7472b26397e6ab8e1ab3

SHA256
b5390774fcda518d12d2a17dd9ba635638301b40c5d9c26cf2ed6c864660d1cb

SHA512
38cbebd4b1983143204b8cc89529aafb17bdb28361860ed7fcf08cde5ee09726796b86a3652d1e2c6196dd339f2b750df7cc0f29ed3ac08c9df990f5e3b3ed28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
485b908571f3ce0f1880b6bc14cb2b6c

SHA1
d62cecdd1708d234083d465a7ecf0d10ae6ec116

SHA256
c5f1efd163b8225ef0504d478b11f36fb7272d9c149133693e52ec31ef9150bb

SHA512
136461c0bedec93a73b0b4f458324197ae187f952f2a5e870c0060dbe2584262ba28313fedf89e28d914dc3801bd640c820e1d2ae53311d09b3511b5c836e098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b5329e4504ac1aa1c1c7b9ec5663991e

SHA1
5fc8727c16b956b2e6796c69b4636c6ebdce5357

SHA256
dd531ee527a672a6f7afc65311803d81e06a1afe915fb88322d81afc4940ecc9

SHA512
037e2320513860c9a13a287d6e164578a912301e5585d964d486830687dd4e2428adb76b2f382a3d7869e86d621240b75f0401aed4bb3a222430dc48cdfb138b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
45fe6f1542ad3bd60948fe14822827d8

SHA1
3ad3801d67f7f24a23d9ba4dfd0ca52ef6398d07

SHA256
46652ccf0e2701eb486fe095595ca3d5eb93b2c0e5418f873d056d390edb5a2b

SHA512
62553b9f95eecfa6d9c15140b6dddecf8c7e7d315b17e10460d6708aa1bc027dd34bc99b7e886bdab3839770d7bbe4c27683fa2456995a6771188b38dc49cb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3f2b6819a9f1c39df78dd255c975859

SHA1
328f95380b40090b6a339e595b6787dffa6bdd33

SHA256
3d7ff4b06dc77d129a7bd16c6de83f3fa051f511a6d8b84dd5a5ecb5c482e3d3

SHA512
a688714e6117f1ba9fd154a0dd7bbc1532c0cbff91cdc172930369961e52937e0c9d8ce6d9756e3434ae232874c158589b50ed8beb5062fdc787cf36e01f29ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8ce3ab2889713e588dadbf78264545f

SHA1
d7a58d1053f249c21c9573905c2f6bb0351608b4

SHA256
df2ff4757ad52fd1bc95bce48cdecf2321a5ebd3a541d52c50f2b9b0f4f08693

SHA512
bde8017ba495238512d236d830d40707b246ddf8af667d6f894b856c3d63a28ce9562a5c832a6443736487687c15460014608324f4a94cfc9b79141b45054714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c992266d00067f18e298c16505832f3

SHA1
d19500fa8d0258e14441461c0df77043e801236b

SHA256
caed03bf43fa99d2e6903bd756dd64878ccb215b7397d027e89656ffbf379707

SHA512
89c73e2370fdc014d817c6354f39435e8008ac00a18451f19704c1206b0a1f06399fca3c46b9064bb9028d42040f12adc06258f17bc7a0539497b0e0799fe4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1146b87a6042518cbe6e2419141ccae4

SHA1
d04f332a3a49a8de651ea717307f95aff449e320

SHA256
dce0a1a86320e0b56c22d23e275eb140dd18bb12a3ef8016d6e018318643cf92

SHA512
72294290b4e2bfe209c5ea23d0586bcb9aa5fcb63eb5145b9a22b81c33e59b3368e1f4db27232e4e543d3921d33981914ccf246604379d835a72bf9e51896bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
26ea61dc3730e3d46e21f46cdc948e56

SHA1
52ff54e64ac516594962fb44c69e2e97aa8d883e

SHA256
1a472dea34f0a3154dd88798b9585d78a94af53d68a0ad5a9a71e314275dea4f

SHA512
7cbd1ee305f36ca7b535ce804210aa478e2bbc6615058e105b1988a118bcbcddf8625c38fd86bf96d3e1180aca8ca208b5f0a03a9389761189697653434a7e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b2414b514965924d48cbfa6dfbe7aa3

SHA1
4dd69bef31ca2d89f0becd3efe2f8717837e8e2b

SHA256
8b47bfa821d388def8ddee26df12f2a0c0b7b65d84f9652c508fcafd0556af4b

SHA512
59e74f0bbad589835260081ab6f48f3877b53ce3123849ebef1cf3b0ca4ce07e406f3f3dc9401bbced0f16d4ff867197a3eb5b1a1781c59e21321122f73e6f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fea3bbf7e7e6b96c00fba44c007072be

SHA1
b5d8f56fedc449131b80c001486f3ed07fd5bb9f

SHA256
76162537364981557d8cbd456473ffde5410c8072a15114a234afbc673ae02e3

SHA512
6146b4b8f6ab0951a059f5e803344ddf4793ab29a05e2f39a8ccd62413cf0cc27d5cacdaf233b8d54911e705df224258ca0436594be95e090357a1528bf261db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
13a5a747597c8f361b4e33c70a2c40d7

SHA1
ab75b6494baa7e3f4f03311d0565d57a810050c4

SHA256
92e124a280a75c75a9c8523e993a602ffe08d2974ec0a1b13df6e4a8ed16cbcb

SHA512
61f03e6bc029ef797f5e36937227ccc3955257994fd6fc45e9041ab1080e27acd6c6be00ed952edd1e99305d9d69cb9f6e152d499bdbb83c18a34ef4f1774302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
88df275c254dc919a769fa2c4594ad01

SHA1
3969f90783ed30aea230e1f4cb2fba240fd0207f

SHA256
b3ec3b641eee5ec860b66cb64678891ff441e23f575f1c3d07a66f38f6e2fa77

SHA512
fc3d9601582b7aa19f4a7760540254f7326c23eaa5b962a29376c52e09c223bfa894e720e478d7b4c0993bc6bd3e197fd202b3c1d033c537d02917c90156e769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e81f088c6906a282c7db01495f00d7df

SHA1
2a50bd653a80d7dc81e6c650bc4d8d78da2d1f2e

SHA256
4f205d4b7f9de4c6ebdc446727e4ac5218cb229c7057236a2917f7e90a43080e

SHA512
681dde4dd31fc6406576a4df8e2f243aaed695cbb1bd4d20c3a3e99eafc06c5e45010e5d742845d28553d216ae97a007308d05fbcfce1d6dd240d2d04425e63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84927f5a6c9da9aeb34d0190cc11f5b7

SHA1
41960ef52946b5b6f24824bf065395a0674de138

SHA256
2afe29c923d23439c509dbd724d8f1ef586b02d4e3b58484140668a96e1f0883

SHA512
da793a4f0b64a5160dbfd8b7caa0c1e6908859dcd67f8759ba8b31a47e43d63ca620941ff920c91cbbf7cb442f46b5e522f47094e121e96010b81ac7d98a147f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ef0dce57-31ce-4ea8-924f-d1a4c665242a.tmp

Filesize
15KB

MD5
cf80173d0a91a91afa59e9fe7f8b3e20

SHA1
83ac6e84f77152c3a47525964dc74a23bacb8fc2

SHA256
2b8551c196481fa26015ae1357f0a27eb713efb6bc2e4fd1d30946d6eb3dc071

SHA512
9b3446e5566e29bfff0f7da707ddcb0a5ebd899d13fa533e836b2bf90c8dea076b406caaeb3e5a1a1c1afcc08ae534ba09b324b2c3e00d6acd17f3f540bfcfb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bf367f4d0233f9b630a4b27b5806ca72

SHA1
6b9973d22fa556d0916720cd60b8f9350212358d

SHA256
0fd408701b3f33782dea69d1bcc44672b4b22529d5263e8814cc8b71eb18ab35

SHA512
839da564428f3a017e42a2ae89f264e0e6e93cfd8fd6f9da812b7c9156d1ef1acffb783ca7bebded32ca39e2a98c3bcff40c0a4566cf4fdc00fc851c228d89c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
63a6b49c93f071db90d3a2acb6e9bc37

SHA1
708ad9aae6c71384ebc4a78d363667fcc8132acf

SHA256
a4d892169a47d95df813d5837732486cb4619ebb7b19ac07c0ec617c5490271a

SHA512
7d3406634e7fb6f50298d49c82ccdf30084686a9b11225640ca0c95c36a5b2f36fb464684f2959e1c1cee57c88a84a16a4f308b95a6dab533efcc6170d577b52

Download Submit
C:\Users\Admin\AppData\Local\OperaGX.exe

Filesize
3.2MB

MD5
539076860a16934675d2be081744be38

SHA1
6b90ea9353d93625613d5e6d2fc18bed7fc9ea4b

SHA256
ad10272d644eecb67949e6edd682cad70aab1533c0bf62e40e6a54549c755f77

SHA512
fed103d84b365a722794392017453baf6cc3a1c976ed8e91a3faa5d56d8d719c29ef93ca5d5f4317b4d1443f5e4054ece9b5650c57f645951e5888c69f9386be

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410281926331\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

Filesize
6.5MB

MD5
a910474aad1eea96921d359e1763d2fd

SHA1
8f663c05861ce93a1418607bd208c21dc7263237

SHA256
5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e

SHA512
8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N.exe

Filesize
273KB

MD5
bc2d67828f4a062ba8e6255577490b3b

SHA1
22d9b8f17e2d3cc4b6ec2228f28c3942f0f5fe32

SHA256
9434928e99c5c9797984f3ac943ba1258e84452b64583ad05450978507683e57

SHA512
de0a4988a9c793a6364df643e87c159686cb17991938386fc283b3193940c8813e4c62328c53375bef73fcbefc59cc3fd3294ae6a00bde05bd1087d1055514d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe

Filesize
3.2MB

MD5
7faa5ffa86c7629b995db9db9de5840e

SHA1
a5b83fe6745288cb6fa18450b3f9ad918fe90970

SHA256
ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3

SHA512
7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410281926335242136.dll

Filesize
6.0MB

MD5
94a99783bf5a9aeb8a0c8adcbb144ac8

SHA1
f5682606d1a3774a44d58a42391533899578897b

SHA256
5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9

SHA512
f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\modern-wizard.bmp

Filesize
150KB

MD5
52ff52eee3b944b862c11c268a02c196

SHA1
8d041966e6fba10aa5e10ce5dc1dc5175f11b2fe

SHA256
2079f7a3eba60e0d9ee827a7208aa052a71b384873b641de5e299aeb8e733109

SHA512
2861ae5a06f8413810947c08994f4c0da54a1acee8c4df72cd8b03a9503b26e5512809f8d70fd584239b04a651e7329a701bf7ddcee2dec2c2e14d05ae74f220

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB14F.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Windows\directx.sys

Filesize
47B

MD5
4f4d924d2584d145b5b6b9b4bad44fdb

SHA1
9ada6b02192a14219601e5f9d862dee7779083a4

SHA256
7293d0a3c14173bb9ca7f33ca33387b2e774980aadf6865ab315bc756d1f9432

SHA512
e0fb71d6c2f0d6cfa2647ebc3ba3aa7777c1a6f398da4d670a0853f26b0942590c00bd49f647a4ee6403b42fbba87f603dc12c047ab37b66dcecb40e39b08abf

Download Submit
C:\Windows\directx.sys

Filesize
38B

MD5
7f85ea96dee6a893396140c8d7611b2f

SHA1
036e11d2194866e615699eef431a94eadfffbedf

SHA256
65ce922abdeb897a295417743b65281150ec7ba00dd87b92f4915662468ecd7c

SHA512
1e7498f9710ebe86c27f1b295944afba471a14243a07d34cb62023dc4505ddac230fb9e6b7af967357628260e6aa835b1bbc295e7eb69d41e7dc650fd8b7f6b5

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
e020543ba69daefb67506b7055fe938b

SHA1
e85963a1221c026d38c2d248cebdb96d1d268ed4

SHA256
82d95a7455948b58a8af3c7a30f18f9c5ca94b908d32264e8dc3727f95ec25bd

SHA512
7d8ac8192512c7a9e4659af6a8eb5c95d76422aed7866e508212ea4d1324eceb7d8606bdc5af2b4f3821cfb123f68a0064c8a14e38d5edc8000b95a764c09ed7

Download Submit
memory/2612-1006-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3288-268-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3288-339-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3288-230-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3288-342-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3692-253-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3700-1087-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1081-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1093-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1092-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1091-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1090-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1089-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1088-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1083-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3700-1082-0x000001D60C5E0000-0x000001D60C5E1000-memory.dmp

Filesize
4KB

Download
memory/3776-187-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4384-258-0x00007FFAACAD0000-0x00007FFAACAD1000-memory.dmp

Filesize
4KB

Download
memory/4384-259-0x00007FFAAB960000-0x00007FFAAB961000-memory.dmp

Filesize
4KB

Download