hxxps://drive[.]google[.]com/file/d/1Smf0YVQQ54EmfC9GAyrcnmnvnba8H7jy/view

Analysis

max time kernel
478s
max time network
479s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-11-2024 17:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Smf0YVQQ54EmfC9GAyrcnmnvnba8H7jy/view

Score

8^/10

defense_evasion discovery persistence phishing privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 13 IoCs

pid	Process
4976	OperaGXSetup.exe
1960	setup.exe
1556	setup.exe
1624	setup.exe
3420	OperaGXSetup.exe
4004	setup.exe
1548	setup.exe
3084	setup.exe
4920	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4468	assistant_installer.exe
1068	assistant_installer.exe
3560	7z2408-x64.exe
5324	winrar-x64-710b1.exe

Loads dropped DLL 6 IoCs

pid	Process
1960	setup.exe
1556	setup.exe
1624	setup.exe
4004	setup.exe
1548	setup.exe
3084	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
6	drive.google.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\rescache\_merged\425634766\734865576.pri	LogonUI.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-710b1.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754759051502281"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "228"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\crosshair_x.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 763800.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 582150.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-710b1.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 295357.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
896	Winword.exe
896	Winword.exe
2548	Winword.exe
2548	Winword.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
2444	msedge.exe
2444	msedge.exe
4648	identity_helper.exe
4648	identity_helper.exe
4720	chrome.exe
4720	chrome.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
3268	msedge.exe
3268	msedge.exe
1352	msedge.exe
1352	msedge.exe
1460	msedge.exe
1460	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2948	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: 33	4164	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4164	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2096	MiniSearchHost.exe
1960	setup.exe
1960	setup.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
896	Winword.exe
1960	setup.exe
2548	Winword.exe
2548	Winword.exe
2548	Winword.exe
2548	Winword.exe
2548	Winword.exe
5324	winrar-x64-710b1.exe
5324	winrar-x64-710b1.exe
5324	winrar-x64-710b1.exe
1180	LogonUI.exe
2548	Winword.exe
2548	Winword.exe
1180	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 3492	3764	msedge.exe	79
PID 3764 wrote to memory of 3492	3764	msedge.exe	79
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3576	3764	msedge.exe	80
PID 3764 wrote to memory of 3892	3764	msedge.exe	81
PID 3764 wrote to memory of 3892	3764	msedge.exe	81
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82
PID 3764 wrote to memory of 1560	3764	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1Smf0YVQQ54EmfC9GAyrcnmnvnba8H7jy/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa87c33cb8,0x7ffa87c33cc8,0x7ffa87c33cd8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8148 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8100 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\7zS0739408A\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0739408A\setup.exe --server-tracking-blob=ZGM4MzYwYmJmYjQwMjNmMmE3M2ZjYmViOGYyNGVhZWFkMzRmZmU2MGQ5YmJlZjQ4MjA4NmEyODVlNmQzNmU5NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTQwZGEwNGY0ZDRjNjRmNzNiNWJlOTU4ZTQyNTQ3NmU0Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9NDBkYTA0ZjRkNGM2NGY3M2I1YmU5NThlNDI1NDc2ZTQmZGxfdG9rZW49NjgwNjM5NTAiLCJ0aW1lc3RhbXAiOiIxNzMxMDAyMzkzLjI5MzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTAuMC40NDMwLjIxMiBTYWZhcmkvNTM3LjM2IEVkZy85MC4wLjgxOC42NiIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9MVlJfT09NIiwiaWQiOiI0MGRhMDRmNGQ0YzY0ZjczYjViZTk1OGU0MjU0NzZlNCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJiNTZmZmIzMy02MGJkLTRlZmQtYTY1My0xNDYwMGQxOTlkMjYifQ==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\7zS0739408A\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0739408A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x340,0x344,0x348,0x320,0x34c,0x73f58c5c,0x73f58c68,0x73f58c74
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0xd14f48,0xd14f58,0xd14f64
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1068
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\7zSC5D6448A\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSC5D6448A\setup.exe --server-tracking-blob=ZGM4MzYwYmJmYjQwMjNmMmE3M2ZjYmViOGYyNGVhZWFkMzRmZmU2MGQ5YmJlZjQ4MjA4NmEyODVlNmQzNmU5NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTQwZGEwNGY0ZDRjNjRmNzNiNWJlOTU4ZTQyNTQ3NmU0Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9NDBkYTA0ZjRkNGM2NGY3M2I1YmU5NThlNDI1NDc2ZTQmZGxfdG9rZW49NjgwNjM5NTAiLCJ0aW1lc3RhbXAiOiIxNzMxMDAyMzkzLjI5MzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTAuMC40NDMwLjIxMiBTYWZhcmkvNTM3LjM2IEVkZy85MC4wLjgxOC42NiIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9MVlJfT09NIiwiaWQiOiI0MGRhMDRmNGQ0YzY0ZjczYjViZTk1OGU0MjU0NzZlNCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJiNTZmZmIzMy02MGJkLTRlZmQtYTY1My0xNDYwMGQxOTlkMjYifQ==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\7zSC5D6448A\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSC5D6448A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x71968c5c,0x71968c68,0x71968c74
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7988 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\crosshair_x.rar"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5358925123018462571,10581026024716518916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5232
- C:\Users\Admin\Downloads\winrar-x64-710b1.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7493cc40,0x7ffa7493cc4c,0x7ffa7493cc58
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,5701977652662739306,10257758857065404202,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:3560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2948
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\crosshair_x.rar"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:896

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f1ee73f513a84d409b9c56a3429e4d8b /t 5328 /p 5324
1⤵
PID:5652

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39e6855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
12ce4be56fb029e375ffdc36b5c9d34f

SHA1
8db2b2c2f364c7064ffd7c743c64a981ed5ed0e8

SHA256
172f6bbbe4dc52269d77f1ea120171030fe4bb4d915e6f980b62ce4096c2dbc5

SHA512
59db776c49bf60d25537448bdc4d74ff3845f15e8f1f6dfa87573bffe0e08390e7300c057d29421f00f5ed3e20aef0dc5d6edede84ae6e9d9bce9551afb5f234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1d99f85613231287ba9c0a1e09155b57

SHA1
68c9cadfc7d8479123e6eed311b29eeedf827dd1

SHA256
8d41d59506147a523dcea1b9105eabdf54211256d872ca118da14bc3d7d749d2

SHA512
f8bdc1f68068d220409bc041e7c1184a656c1d32387203a2dbe4fc355cca6db0a3fab498663c978319835a09a2eaabbbae0714b9331d8f6fa985e858c292ac16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
14a0f3b326bd873198868960db34440a

SHA1
529ce90c68ae5f0fcd043fcda7452f361d2deb0e

SHA256
b828d46d4c259d8908dc70664e5bc653e1d32ceedca2a31e69bc26bc74fef737

SHA512
648c58321abe6ea4457e1ecad008b82dda08aeecd6fff595d59d60cc55b03f61ef51029aa43b6896a3d210030ce186c7c06fb55823cac440fb4f690b78a626cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9dfb19f99e20e79c0537c003371c37f9

SHA1
dbfa22eab17e141d5161be6913e4ae9c51eaa0f2

SHA256
5ef7c6fad2ea3c8fce80860baf0695cb516bf87e9944f25216579bf9a6582e74

SHA512
af87d476a90ffc0ba4a9cb61a808a457c223dc82c527c1305c92639b83f798097114e4c573299270df9cd39eb4822dc02da7c4bcff91e2af5ddbfa08e5e3ca9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ebd7d33f6cf6e104b5e6ba4e1719b4b3

SHA1
f1d90197c8dd98ce74be19a06f799414fb956fb1

SHA256
8fe14ea134b5b9a1e656c6de1e6e0d68df5556fdd51c274b23a979963fccc253

SHA512
bed716cc18d21b28217ea29b5deb2a083d50688c88d460bad59be2b84e05eb8431c30354d974d51779d4f475e5184fbf3374ecd4de068118485282106de09f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
d81d52a7a2de9189891eeb3753aac042

SHA1
057b7068214f3af00ecf73677798979175192062

SHA256
5d59969951587d02ccf8e5b8b08b16f8b8b3110e26dd195cfdbaaaae99674230

SHA512
62a5c49989be283cc69609bedeba3e1a6f5d3a02edfdfda9baaaae7d55edef2fa80fecb22e9f5545b858c308cfa83b21a25768ea3ec93e4d6bc5d74c968bf2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
25KB

MD5
2e86d70d45640d4fe3b7151e03a809a6

SHA1
01395a29cffcfee88d2d09b074e1244672dbd842

SHA256
72533ce3e7be24c15153d2e1e0b5dd07af6dcbadd913d17659f711d0f954d31c

SHA512
1293179e36d312217c48fb95c487e6c3bc7c919bf3c49d3b6e436b11891da887d71699afed608e47c5a5e5506f4ac065d19e91580b03666716d37d285566031b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
32KB

MD5
57632c3e3288b2d52d3a6ac63d989c5a

SHA1
8bd0a80782c89a5da2e8d950205dcd93aab5387e

SHA256
f63506da8221e2480de12f403a9a18c91470ca131cf67b83dd7e003dcedaa611

SHA512
e63931370f5449e16030189ea1e5da61bb654f61e34b713fc46e0e20071c1b1f5d52fdb8ac6495fe4d2de1929b0eb2ca6a1214b2dd99133b6f2cdbfdf6f36554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
101KB

MD5
622921477473e93dd9223d6a6047dae2

SHA1
c6a5bc5a590fa0c75b3725ceb8b2628671ec54a3

SHA256
b1ee18ec4b74bd98f27151f10efdf21e03ae7b5c8398309de570318eedd29b0f

SHA512
df56309937468d93ac2478141e5111568b5e18c3e16d20f62e437e60f5e5a3b8212fbc17feb1cb089490f5f627dd62899ea5506535b3f5e99ee3783cca4eb6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
33KB

MD5
68eae8ae528b3cf4965c780505e8274b

SHA1
23eea22c5ced491f0933dbdc428503548ae48636

SHA256
5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa

SHA512
7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
26KB

MD5
13d1b429e99059f97e58fa10dd69f8b5

SHA1
174c7f299158103127d50de82f1086c3b66e8258

SHA256
1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40

SHA512
30dbd99f1abe8d2a9ddf73a93ed199ffb2b55903b5bc2618935a64ad54706f054fc9b46a80ccd1cab4eff3f5a607b5b599f5e02a2e89c990e10b210e4f16ed9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
881KB

MD5
e0edc621e4ffaa368d2e0677d3f137e6

SHA1
e374bb44d1834cf6eb688eabe1820aa5f7c827d3

SHA256
13da46f8e9749704bfff6b6f51a202c87facf593280dfde4127e5858c28aaeaf

SHA512
d60643fe87788d76dcf1cd941002ceef18390cac5eaa683bce2e2dbeaba684b6fd656a94187379b71105333590412d65b3466cc9c37cdaada7e009c1c9f8435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
35KB

MD5
a302adbf3cbcfae597723c91f1752159

SHA1
5ba1d029c06d794d1b408f692f12552c8ff53c5c

SHA256
d57c96bbe47a31893834822049e8c2b2790060fa1c8879c7993b6040800b4782

SHA512
d215179dc6d70f2c8259f22a260463408dcef7faf66d457e6fdf904eee646629553d43d87ef20d39cfe661ddcd803c57a84f77019902c3c1865ec174c52063f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
69KB

MD5
eb7388162bdd3355d73e98f4ab4bdf7f

SHA1
9a7e6dc9b340ad6f3a1ae590b539226e9b384ff6

SHA256
ce05a77f1cf4aefa99cd11650c986e0833be8949774d7a1981ec9a9d1a06d262

SHA512
ae17666df8fab344e7c9a543db26accca666ff1cf9f6ca368bdc0a6726ab72be0935a8a6f22363674ddbad20c0581e9a617399fdcade63ca974cb0f29d528d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
16KB

MD5
f8b8c620bebacfa70902a625a4d2a8c2

SHA1
83d5d540d91e6df03ce108c760d969a3758cce24

SHA256
79c766eeeb812795dd6dc0ebaebd52236f4e3445688976fc3101187e7e33e365

SHA512
a5b35b065ef4d09ca8c9006f43b9ece01e06187ebc12eae2384fa915107fd868f4d67720cb40c13fa677607ceb271ca9369a49cfe87361a74a7e2bf325c9e01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
149KB

MD5
5a647a245a5dd27775e8b96f194d1536

SHA1
29f7b2e9b0f6f7103cded844e24b9c0276e1bef9

SHA256
8463e57c3b598ce66e87abdabbfa04ebd0c8e30bf2812d03ade7c2f1d25f67fe

SHA512
c6e869b245f3a15e29d45d07f623d754ab2ea36127a80899547ed472be39d7b7d90659d83dd9305036b84779062941d2a5b72202addbc5c1686922577fe01ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
135KB

MD5
34d998b1b76e49cd55098b9596f4a06d

SHA1
89ae79d1c147da897edd43ab8fba030711b24de2

SHA256
b187780e0492be65fd50e601a85f3bea3e5edf0e15a8563b0fcd95c66e3e4cab

SHA512
9c734490da2f67609d09e35d271a212f1ab3b5ff8cd0d0b5dcdf6ff3363943be150bb0034ad61fd0e190e0137aa10b727ed31181abb9582831ecc3ccf17dc93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
42KB

MD5
80530ba21263b5e0f581b6392aebcf63

SHA1
dd2c36c5be2306b6a66a372fea390a854e1aa1fa

SHA256
6ef50659893f0b984668c684837c2d1c403565f1febccbc1734937407a71f7de

SHA512
740d12f6c6751ed3e9c00dfd5eced413753c69644acdc7f71ca607b28855bf90b397ae249124c0650c332d0a2f1cc5cb50c790d344ed9669e518fe22af9cb10d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
61KB

MD5
b9af01fb0240f849ba92eec425ddf7d5

SHA1
6214e1209c76f9f46d459eef3c4bc03f5431f2fa

SHA256
dd2d2b3fa1236d246329ba509f520840dd6357dbc50baff741d17647d6a28a3d

SHA512
3c88d7de8ed6814c1e7a92e3cbcab7587b890d98a32d2cef75b1d6034f80e6be0bd71d7ee3a555bcae0dae29c7411824e82f831c36be0bf0576965bc66894304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
59KB

MD5
a3f61bb0b7bf3c9b7399ebeb260b507e

SHA1
0e589a316874773d9a38b675ae31a12905f2022b

SHA256
88e13f5501f3f830373b9e7787dfe70f3bcf0c04fe3e0ace2717146b1f30dd53

SHA512
bcff87e3d0b9d91b1d5c3814046ebe37a5271db44fae98779850f6cee5b64c880b805b66fd8391f47111e65aedb40cd186470b539c61d719ca7c0b4cb5fa1767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
81KB

MD5
869048e32015b6cd10d298c95c642285

SHA1
006b7f8aeaf3221e284188e5a27990a7dba60807

SHA256
9e7ca957cac9312282a92950ff571b8a8302073d0f1b2e7d674a863f683b5532

SHA512
694aca9efc7817732fae3ed9406637799abc3e1cfb8047d2f2b7326646d9cf277f027a6882a58168b5ed4dfa86f0f40360b291aa4649529f9895d80be0cac84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
131KB

MD5
2022506dc76826d0301b7ecfb266ae60

SHA1
6278f91c29d4c829421debe4d84aefa41300a890

SHA256
953415914d8ad9e3bb9fdae4b714714632354e98a9146c954016ce4b6ff0c601

SHA512
3c8f1443e2ee16c893ad6ac31243a1a3dceab7dd789dcddc26fb206b2ea89deda25a86e55a593ec6541a6333225994094fb358b1b14ddfc13f5ccca5c90d2fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
100KB

MD5
a83566fe79f65746b5ab11c8f931317c

SHA1
d7ea59f478cb23842dae5c0e4cc187c34a85d6bf

SHA256
43e0274e8b7a3e9bbb2a73d287a79a1e1ea77329c1e228e44aed6a177157f8f3

SHA512
f62b443757e1601bb383634c9e9970165a56a001c9485112fa884567c1edadf614f7014a9474e5a9c7d0ed41ee7fe0be998aa541e6ddc92733603112cdf98182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
23KB

MD5
43881a474ab80ea6f793db5211d28cf1

SHA1
36b1c5e033d7a5ca884eba834aeef209702c7362

SHA256
e50bbfa9012881b4393ab4989a200e78647ee3ae3c0d1ff4bb0f80e6b4bb7bd0

SHA512
87fa402d97283dcf26506f0e02ebbacf225e4f830fc8400707e8a813f6b75b9da724d91ed6a156378c810a162cc1d9694a1a4203b6bee087f3a65fb307e02433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
128KB

MD5
9511fec57cd3e16857c306e898752aaa

SHA1
f6321c7d08ee4f977235044637c0bf090bfba104

SHA256
ed94f4c5a882ca21bd54c3ea90f9eaf9add810770c6369fca09f0d57c2e47f2b

SHA512
c6d23e1b394097f622058f4dc6e1d5d81b0cf90c396efd3bb16d9e2f98d284ea63c8590e261d37a206bfdeaa680b0b7cf042e63252e17c8adf90a2cc5c8fac7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
18KB

MD5
65c5f19663baba43a26c1b5bf2a492a8

SHA1
52c735f50a5e74402d239f400d6c308bb17dd1be

SHA256
cc60349e1c579a37c4850b8c0f5c7ed8429485b2504313520d6b92e7655d5698

SHA512
3dd3a81043c2990a0aa5e861a3becff166b2ed2df0c770edfe672454e078eb2e1b1460b13c6eba7f6def62c42fc0384c426a530951eee25cf8b036dcd1fbe5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
8f10b7f8403ee5aec5966a056cce7808

SHA1
b9033431c29729b506323806996243c00929f672

SHA256
c0ef19bcc45c3c94a07eb9dea2500b77d7f2aca5e498ff562f8ef603c8636a13

SHA512
c7cd6d577d709a6421ba57740b48f2d736a2fef2e964285bc2a2b02e4dce7fb8eceb4f4a2a0e7c755c69e0ac1ab758d5adcc99d9f0d7fbda8f14832e90390890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3164bc34445fd662099d9c2f58a019da

SHA1
6845e081b4eca608117481a9a24eb3e18575eb71

SHA256
19698d5a7e0cf2311e4612d003f77157e37aff4ec2406da3acded4bbd03965b1

SHA512
2bd714859df058656384cff0143242c4d897db87c705f0b9aad530af67b95e501dcd1c848df87f23d45634699655ec0125e5de0debbee717b0fa9ed30c2d9bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
28d57f182ed7edf79dffb71f08a40829

SHA1
ff614e49ec4732c690bd8e06f88b4ba1b84215f1

SHA256
8f9836b191b7352fc70616759d979747d5fc087b07c3a5eb5484f8917f872e70

SHA512
a2ba9b02ec61dd851bdf72d34221917ea7280d95a03820d7e07663ca6dc2cd0339cb4e96dbed06b4a4ea2c2f56eaae11b2f805f999857457aa458622482b646c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b748ad37b6f5a925f4849e9adc740886

SHA1
65a6846845fcd501a140ed2d9f152e9c3334f755

SHA256
4963081b77ae73fe32b2c74b5962fb3310f1024b3bfc0eb75b3e87c963ea6051

SHA512
c61df909f5a4e49d39dc18f407ec7b1550a62eb2b605f175a6bde75035a5fb1b278fa400850f4b314a04f6cb2feaf2c0d789d5466ac88b13df12d55e5a289605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a545006d36a8e88ac73b943cfa9e21db

SHA1
15b90225f3c4ed0f7dac014e0a52e4144fe6f3cb

SHA256
9ee4e677babec7232fac9a45edae1fac7e95648016824be4a00d8189a7012996

SHA512
9f23e3edf4fbe78f246f092357963c1c730647a1132c5938a57d04ca4124cf7e3b780436237cc8e2d9b6740a6f5bf9c5c096171c5c88f1a0d208e67ba70b4bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
350495f7c3890108d7d30048f4642a5b

SHA1
589b6c5a41e3c27a1c128c572eac92d94a4bb185

SHA256
f99f28fd53a31a65f8d5621e83857754b0932bdd88af8f58c28f5ce7e1e35628

SHA512
f902b3e94f9a6af6d08638c332070a07099fb2c6a7f6eec58fe476ee86acae6d14973cb5d489e7efdd6d4591c0777c99fa58d4ff1e22c4a0464f619d5cd7a230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
3.5MB

MD5
36c687cf55bd1f48a75e3ce6c5bcbf9a

SHA1
8fff0c59ab5c1881ca6b17ab07e5a0334c808309

SHA256
3aa7ac9302dbe0c4a381f30e2eb97b39f56d93805da4caae48f26474a6e8ca18

SHA512
952ccf04f164daafb9111a4ec889fac78cd0dbdcd0e9b808edddc83ad397c614b2432c73661c93308e4317f407ae619bb680a179fba2576fd0314e120779e65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
729B

MD5
f679096fe9c3dee42e7fc81dfab31a63

SHA1
8d69f4253d3e3233b0fc64246aae818d0529c7f7

SHA256
98e28459160fe684545e05464c959a27950e50d38d54f02276ba14ca5f348397

SHA512
bec85ba4edb354beac32d77ccf4462bfe1931cc3cc9d46ec70094874e4e12cdc8f8dede85358e9caedb5e28a7e13e804185f009d797bb29629eeda281d73b276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
b28a150c3ca8490ec9739a20c158bc09

SHA1
34706775684b6c1b1fa3654bda5d5516d8facd9a

SHA256
d46136e69e62b1dd84518c21297fb4cf006a36d0a23b5df861d6a3f57f502b55

SHA512
8c1626fd4861192140fe29f5cb50b51c51443869db121c84edf843b6a1eea191958d99df36d7f0e25ca323ecd83c1991dfeb277f33c65a47f4b4c36841e279e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
2fe524af8104206f014e19046e387185

SHA1
faaa5104e7f096a75442bca230f2269fe73cfc81

SHA256
10a7bf72e5dc549006efa2da6932c518f2fdbc644c3243be7ca1f6ab6bac4fc1

SHA512
21a921cdaee85171a4f0869fec8cfc1f38bcce98fcc54d9977ddc8cdaa55ea6595fd11578ea0678319d8a9f7a91aeb1b782cbca3229214d4083ec405e4c66347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5bb2a3.TMP

Filesize
592B

MD5
9f9bdd050aa4b036565ec8c5c8ff3b30

SHA1
403b0cbaace2c1d501fad27803e735126673bb88

SHA256
2653296a464c29e8f834b2eb842cd5b597ac67ffed1f71b1c14a155c27cc2cbd

SHA512
47cab55c9fdb435cfaf3cb2eda6c83ed913973260547086c43b4f90071e32ec6a89644baeb9757bad7e8201c307baec2f9ecd9682ad037908cd5a8a1d532ee36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
b6bcdc38774910426bed146c0c762fcd

SHA1
0c485366bb86cab31fbfd53c7e6ba6f00d606307

SHA256
c74824ac293917055517564880506341ce7996bf07e4fcb00e7c5d45985c368e

SHA512
83a54af2780d2fca893ad88666be9ec8d80115bc27cc3184a7719c276547e1488f7cf5f276342663fef34e46f61bad8a0fdd7d186ef908bff71ad7f43c916950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
c9acab3049d467d6b0f6bc74e3a1e017

SHA1
a526d39b86f2ca136bbd3dc89d6a994b25a27b0e

SHA256
2f907d76dd4ff4a51698a63e8fdd5a8e6e97cceedb44686aac3297134f1ddaff

SHA512
8cfc92336b9480cf105a858ecba311a647b7e979c9fe38e9af1de6a5cfdf1a0f9b0c21cd31b7898a94e7ce4aebed36c8636f70ec59182964ef4868e7ec7f48d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a0a69c4f2bbdcb2b48d5feb8076990f9

SHA1
eb841803a6b549bf3d84ed8c936ea96584115055

SHA256
c97dd4997ae79831ccac13fca930bf7bd9283d391387ddc3a19a94612c5652c4

SHA512
dcaf7044208bab92a68769bfc3ad2c838080371c72cf3f93f72076b0540dd71b7021f6bceaad035d83fd08dad48f1f1891ec2234878c3e6193522129217a774a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
01780e470a7fdfbcdd0b49fb2bafe563

SHA1
4f7f50ae1597420e1b95da7c55b61497bccc7826

SHA256
a67c19bbcacf40dd399cda31588e927d360c4eb0ec29d45cb1acded236199b4d

SHA512
8bc3b47786b4a65e7ead8c031b95518e661a62fe581ea5344d36600e523f1e18242952c6da26c6018f60476badd93a5d63b5964ad136ba71664839161f208f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
48ecdeed855a02ad3364385f4a5597c7

SHA1
8d7bc222b218e24b02e2efeec66fe8ba93ad5f1f

SHA256
3c628e171774ad97edda9c2329e3d149a73c7f410b4f587dece359f94eaf3419

SHA512
8c2817ddcf058b2ac5a3000e062a3e367511d84f60aedbb99b8bf66755f84cd475df10b9e0a2893934ab8f2e8dc647bac97576b6f15469d384864c6d03d8f327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d20652b626166f63cb61f549ffde8070

SHA1
63b4b5c4adf7b20007acb0f7532b9349437fba26

SHA256
090daf7085997ccc76c3bcc3b5bce2aa614be613a2dc44f235a0ed81e772fd7a

SHA512
bef1d27d520d9b52e97be29e83105d7bdc06f3738a4513e22efc15701c75660a80f52c68a3662b0c582c9ff95fcd3fc1b835cb26699baf4144d407942577c6d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0b0cebe8b556e4a7b8da34b62a57e6ad

SHA1
4413257a56548aaf827d0e08ff4bc8fc57d15ee4

SHA256
d2b44fa96f6a80e827e3ee9e8e90efa50b2ac25ef90eb813723fcd2211f2a48f

SHA512
0021c963adc4ee9e82b6a97a6ae81e38ccce8f57d1f4938172073d2b399d6d57a81e6c00a6bc05bc78b815abd14cb6ff308d04b104326af86339398c643a5b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a6c78835f5262fa611a537d0e8992dc

SHA1
fadba6efc1fb7516f755fb8a9d70882311e66965

SHA256
cfcda1cd86d5526c2c75dff3b59eefe2496f0010eadfeb2a42d0eed513c66e4b

SHA512
3126ca2fe13894a509df392911271d41bd9498047837cf2443b90c5404ff5ffa98beead9d1663bf6bb63e0330a203720b5cf0a194dcbc8672a9aaf95792845c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3d0bf835c3bceb804b89ec41cab13094

SHA1
52ca77da3ad7f7f47f9d2e1ddcf37298416f2a98

SHA256
428e11bded62449c1bb1a50fba0a0735407ba48dcac2b3cd74e17bacd92dbe86

SHA512
6e1730e0a809981f1959dc478c671ea95c4e4f60aac1177b310ab6014eaaad70b42dc48b80b4eca269d81decfc6bd62ac6a52042aee8115b541d4d21f9669f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c5687accdfeda1ef2a4386738020c5de

SHA1
836bcb4cf14a84cd727f16ef518ff4f5e7161e49

SHA256
cf3b7a191587d9dfe20680ae80d498d55c48e627db4ad6ed1961fc67e8ccc7fc

SHA512
a5a412f243383a1b8fe110dfdc44f692483403646e8b929a7ab1c836c55e271a2fa79b1a280f3644073e75c539cf18429b3324c110867401d9a57d6331f36fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f5858867ad150830fed0f2cda0d1f74f

SHA1
06047b815523af0fa2ea57fd87e40878d189842e

SHA256
5103f1d0299ad5a5b62df818542244f80bb9c0fd357c331eaf373710b7be0e75

SHA512
4121ccfe0a1fedfb44162ea1311f08c7a72ba8f8086dc96f276595a7ae51cdf9b8af9513a21fd0049c3af877b118726dbb2c4b8964874e5fa5d141d3a902f06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
48f131a40b70bcadfc264cd3dd0d47a7

SHA1
74d9c1d473119d10e8833790ce8cd4eb24f208b4

SHA256
7357d1d6335e42786feca0a63f65c1bad4f4777700f1871f114ef986b185f50c

SHA512
7d51811306061d80e6dbc67bfda1328b419c1112482a085c1f90b2db732b517f92b95148108f142bc02e68c6c37130c94f6877330f382fb1f49fc01e391c551a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
aadb716e13d053f1e78552182e4fe031

SHA1
e77081f520d75658c9824af6d1a447002327df56

SHA256
47754c7a3e0ac4fb3ac4da26f7c3de48116c61a7b3835039fb1896a7e895d629

SHA512
748fe4bb1ee2b13b502ce6210386261b7c7b8b6cb078e822b4cb92e7c5a15f10cb0d129155e7145b7d645d062ed2a80b8d22978541f87b41e8d0860ca8fc67ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bf8c50da3762222c6bfd06282a10a2be

SHA1
1bdb5489491040287f1d590b4e2da80ac92efc31

SHA256
1ee1f5055f69d3ea1449af49cc521404abb0b6c30bbee9d627ffd4114e0023a7

SHA512
0fe525bf92c9a8a8f0e3b778109f0fcce090908dedc5989de9d50ba08c37ca35e417db55a7ebfd12271968195578529715a214e982c69a09a8c9c0b342e22e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
75cdb92508379eb51a7509de3bee3d67

SHA1
de77c099543d04d4d7b8c548367136837694e127

SHA256
077440d930908b7d6a70d2561ee77714a21f09eb17173c80fe36eccbd1d8e272

SHA512
cbb67ea3f7135c35af20ae5e58f534fcfd51eb0b2da10d6c7605d76e9cc9e9686909b016e5fd017f6ccc0fc19297d0d241fd929f4758d0161c55a15630c298fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c26bc61500ace05626e6a5974c0c838f

SHA1
d6695f2d1a79f006fc81a86dd7368a399bf0fc33

SHA256
1724b2966e7e40ac9b4be41625ebfb16eb736248effe177f7b3452e7c0958e7b

SHA512
87338d66f2ef5a8cfbc752dce1a679716ce2fa8ee36413b7d6be3308d911cf438bcf3e1d82f8db8c0e0b254ede887680c8a4887011af7e4abb33ff02bc005564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfa478a94b7f0c840f704c87e058f2ce

SHA1
b54211766e30ee25760b7ad411ad12448857e68c

SHA256
b3b667817e9303f1aaa08a140051a14280739dac31fca6c8a6f30578e666d5ed

SHA512
a730aba20ba352552e2ff03c0ce7e0fb4c9eea5696ade8d63692821f550e161071d06b3a5dae2dab9f4a744c7f6d373a07a59b7e9ca89cd04844b3676f1aeebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6f6ebbb18ade2b317ed66d2e38200586

SHA1
5f93340e1cfbf4b631ab902a49aee668c0058e6d

SHA256
64d4d4f567964ea7c4b7b95b7d8763a55cd98f78612f20b17eb85b180b7eb1a6

SHA512
b7998393c897b6016f841f155f37733c278a5604c1d2c164b582c6950fcba9ef4582e5e9804ab18ae7d9388bc332bbf327c03e43a06b78607bd9f2c04f70f1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c8eb6641edec003a0414026f18204c1

SHA1
6d2e64fe27a05dcae2f1a4f31d2c14bf4d493368

SHA256
063ada12ea86fc83b3eaa85e51b7a5bc11c6018fbb128ac562cf58b3e7482b23

SHA512
240c8b5bd835efd7accf68208bd4b3247603098d052b15d179c970a1c32cd61a6e84923484b9387d6e41fb98a460e6021e4ae4ff80db980284f88d5a96222d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23bd305d24d9f7f6c5c3d19439bc4c11

SHA1
8a515cfe38fe97a9ac7a50286bcbaa68a4ef93d2

SHA256
da1a680c76d46a48a283e97ae8cc45c326b3f75e7ee9339fe6dd0ae5adc1f7f6

SHA512
1bff1a6f4f854e7ea2a27d4c1a748ac410d240d7d9abcf9e924fd0412d4472e5df280c90249ce8dcd6890d0f4a0229b524e0837598c163ee925c530ab3ab6ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
13KB

MD5
2ee602bfacf2befaaba57e8d3afa11d8

SHA1
4c989bc2e087d14c8087e38ad5c3877476ac7510

SHA256
c8453fcb5f8988909e88ad8c7c5f5a0dab81b9b87076c840291b6949419d4a6f

SHA512
2ab890d19a7a8f192f4e723202f245abd4b115562ee094a0a75b007be275fbaf56dbb300e3d56ae1e84df8945a74b081d29c3904835dce0cc1d9bcb3ff73449d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
22KB

MD5
97830fe18d80efd837b1a0a8c70f3664

SHA1
3444511dcf4edab01f08c42f34517fa88c034fa3

SHA256
7c53c0a8b4a3363b3d3134c818df953fb56554255ca241d5fb5343712aedafbb

SHA512
4540eec171a38f6f2a5f41d3ccb51e9ec4448805ebacf5c7aa0536084e50a3bff518a5659e34027fe2606a153344af3768008b424b236077d8add12276ed9f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
142dc2b0ec8a6aaafc251be07d2ac603

SHA1
95b0282ca39bd61c923e7b1defe2c00ca0fcc7c4

SHA256
517c711890c32be1db06fd4000d79b6b1c5f252079a1519c202ee6f2548e9254

SHA512
4a97237f18514956ef44540d4786cfb8c2a44b1d1d567405988dd6fe3ee30d605453714669e0d4071fecd23ec79f9b0f86e55fc2dcfae2b24bee8cb34afada60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
829ebbea00568b90cc771c2731aa8bf7

SHA1
95a21cf230120a39fdb3d8da3cd1cac453f04a3a

SHA256
0018ac7ca4a0d0eac8009a1134b1eae9dfec3c9959d2fdb59e51b309e42412a4

SHA512
f5a0c7cca5fc61e3c58166675e49c21ef95ed8e733604a86edb41f3586f2ed99f118cbbc20a92f8d2060f42e04e7e63533b2e3c141ba2e89a6b497da57615d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
b864f530a71e39b57f81fb2e366694f7

SHA1
369146905f170b5d97aecb69e62959e2adaa2736

SHA256
3748494744f13b20c7871034fa1c5baa7468b37148f408cc4f0b8307c82d3a30

SHA512
53b87d7a3205c7eae402a90938a0968ec1fee35562e89e9a17351a6e23c48161b0bade6237aaf075c9d4c0fbbbf518507c4341a32f3a283717e273f62de7b307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58db86.TMP

Filesize
48B

MD5
a7200337e95cae5232afe58ca4257cd3

SHA1
76441e6e0489daf950f886e0c76353564c6bfe22

SHA256
076cd59f460b9939f9b6b6f890c65fca426d23ecf25b20c21592fac1dd012ce9

SHA512
e7b30a495514623325355d639e00890f0e6c441f3689317dbe66f9602279922427426487257462d8ef7bc3948f380362792b7399ef896d5586211a236d049b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
26b5e4a72213d2ef2c307e194e941c22

SHA1
924a5738d24e795ccdfc6ec5ab8577859b15cc39

SHA256
eb61271ee17d0340268f50d43a93c655ab7f9c7d0cb3924b21c78f9fdcb02d8b

SHA512
7dd6817c512e0fe0d96083c8c62e8c15ff601a8e0454532c740a31ed64ebf42e87df121e9a100056672572721c40fdaf47e1bacaa1f32e412ef2777373468d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ede3fba21f452ba7b15c51d03ce1a1ea

SHA1
98c1824857df4e8f13f87fd256b29c2082a4ede3

SHA256
c3daf12b9421caa567bbb2130190f13ffc58bd137d922e0286d2344782e9d37a

SHA512
96fc9ad9a976f9442d219d578ca24e4313f2c96e5b7d6f245d7533b7f9074e2840433c201f0927e0e9386cf19eb50e98459ed172d2f3bed36a3e81ae2ea1b1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ff6f5fed1711be09cd5521a4ffcc1a0a

SHA1
30ac52ef099148dfa229eacb3714e3f7508353a7

SHA256
233d6b2fa4c04b07bb8e41290bc3a82427628d3c7f9a3c1aaa03827289e86d87

SHA512
383efa2d12d1e74362bc504c886ec8f4e73f2e369eb00286f6479074e9bd733fe4aa20970dafb6d5c47de62574d45600a64ffd3c1bbef0f636f74682857c788f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4107263147d499aa34afdbc918c7b72d

SHA1
ffa6d0be6314f4fd3ad048aecfc98a22256a3c32

SHA256
d2b2b3652b4b2dea643f25f9394d1248bcdea9e5ddcd8883b3f722e5e3129178

SHA512
5818d364e5b87cdcdd182316a19361856197e95137d39ef0cd94e4754e18711199e07c7975586556610a6cff19d306b26013825437b2c54745437e39e26272de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
98dac8dac2bed1d8c9a39def6f545958

SHA1
f7ce2d46ab0c7f45207712cd42793b9be1b11279

SHA256
468b7d858b65be8e804b0f6cc3b041d01c96066f6dcb75942e37f915dbbb4c88

SHA512
b346d2732078d49372b5a5db4d63c59efe75564e9a767350365e9e574e9e5fedf911bd7cc33d649ee7e317612d367ad2601f4bcb492d7a1d0aea897374d18274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f5d8c8c8b6c3da90608472fb8eb7bec7

SHA1
fe81178ed01421c3cadc00e58e90b805cdeaa0b6

SHA256
c0f07ed68905006ad928a5b5589657c683e034635fef7be1ba5b31c456ab1812

SHA512
55b378535f2ac90cdedbc16b0c2b3212ff98f1e59cc1f3ec73e7a2def46a0e1c52ed669cb94c44c5192c1ad93ec07ae212f609921e2ffa8a280f19035074dfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d8891b8e0be7091acf8c1cd4fece7bb5

SHA1
524bb7cd61330c5b00feed315fd60a534faef4e6

SHA256
6fec09beb6c576989c866a4a78eeed01ff4464a813ed3a3a060f6e3e560fd03d

SHA512
b12bd545feade9f49d7880c4565c5102758cd314324cf607412ff298f54e2531288ef60bdbc092c0f4ad322aee0bbf9c43f9bad05b54b9a6ace60afcf9a2238e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
03b97458bc17bb8d066211315c41833e

SHA1
5d628454695a1017fb59ad2569702cdab9f441d9

SHA256
c905864d7b676bc153baa9c913288bfb10e9d8a5b581ec61b267c80be0af62ea

SHA512
8393d3cbc6d9fd1489c7f32d896d982c346cee99e165c0abc8ce1731b2e4c40380a1db6013d294bc7db3b288c6d46c97708a5cd03cb4303f32b59e9da8d07c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e68e56bbb9b5d6e93c01cfbb44c2cb1

SHA1
28ff9bf9991702acefe046e981d31642a9eabbd3

SHA256
2c268c8fcad77b1babff0ec13a99e95d5ce794da91426deafd80ead50278a716

SHA512
75885d0280ef3a498579d33f860e038a8ac4327c8eef9f8468c77f2bee1d3e55c004097d5dd1d120b128af8603d5aa2874baed141e3744b357a8d8f3391e62ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8e12b8a21ab0da5d2847a3806dce6481

SHA1
60522b6a2c4fe3ab8dc7f09ee1f4bfb9cd14d936

SHA256
fbcc2c985c92038e10d5712a6bd7fe2375fa9f076b391a8a3d0c96de42b64f6b

SHA512
b6e8e956be743f173cd605b5fb9cf4bd451160bbb7297f8efc2b6fe6822d2fce2b81f4f1cd7c642b5e7bce7a3f697dec09968b9a0da4633de057a5a8d8c47b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b9c93ff7885aeecb64d219bb1d21909e

SHA1
e7f3c972092735a7e4a49dbe69e75e2dfc34afd7

SHA256
7223d714160008de45d81c6450c517d7b2fd71c4fd3ac7605f0ffaf588705ee0

SHA512
621b4a15f46f2e6a773cc165f73f43eec84eb3a7aa5bcd15b3e7390f9edf7b04dd891a2d0b5ef0db482aa52f17fccf971f5ba8f6957d4e2b9c26451edeca251e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
debe7435d7a85ca567f0baea82554f10

SHA1
cb0a4551a44d23c6420b78c73712fb70e648ff2d

SHA256
cea02bc861a38e31e7de61937e8b29f1ce6a01614018743c3a814151033a49b3

SHA512
66245266a47c1986f6095660a566c057a47e2c18565c3af6db8f5d3f5e31966f6be0ad34fb82793ece902f119721e0bb07b73596a9714ec6213548c7bcd15f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
312acccf7f88127f8affe2a49af8e325

SHA1
52bfe29f87afe9fad3e4a6c2c74f6d694a0a61ab

SHA256
0faa97a6f1650a162911aebc51e1b886bcc53581b95dd881f1b12b753d678d19

SHA512
55487ad9a28cdce55561489e33fba86bd9dd1c534589807e9d26972ef63d81f3e38e6f4676aa4851cad3e4eda869af6f027dfc67d14226ceb46f17c63ecab84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
784945ed56212e404faa1b7aa19ed142

SHA1
f6d854c32627e7c296c21a59b2c7134bb763f8c9

SHA256
870a9a465a3cad55e65b06890baae4fb9eebccdac7e87962b5610a2d3936a5e0

SHA512
c8a002ee15b1c4f19d9fa1ce4a54e022435713d740fa7d7e10ea6e5260352cf0cc739b02fcb7b43298e5023b854091884b55d4136b7d0f92630bfbf7ec32c024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585faf.TMP

Filesize
203B

MD5
85e7aef0e1dd64bcff11bc7ca0932462

SHA1
7abbb377b3ed7b2744accdba8db5828114c132fb

SHA256
b6371f267d623186ab70347b8d083de8b56f2583fd425d029b343e4257725c8c

SHA512
5c84fe243fa45a4640588bc83b80169ec23c8ab08003697d0ebb7529d011f66732c9af0fa556978cf816e451c78f6a17a148ea890627da80be2b9bccda374c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9705da98a7d80e433daa3b439cff757

SHA1
d2b4adffd71fcabb01d34ca50bf50c98761366e5

SHA256
f4a84f09283dafdc5193f3a6662604213e6830dc93d626e3bd8604baee96c73c

SHA512
82996e6f0567bfbe838b47511bf5bce693829a18212907fe61d629c8be39e156c3dca9c4b64567306b3879e906c5b615400d02f176e3b6e7e438a263813ac8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15dcd39c36170b7a014c9336146fd73e

SHA1
02c8858768ddb6c840f27f73b8605124bc8148bf

SHA256
cdcec848dfad5e361c48c69a3b25c4b78712ff90e4bacac6edb6781ca2fb8b48

SHA512
c3f5a496ef118332bda033babc3207410538a8b63f77cee1828294e0d735c252859216ecd637d0aca39de98b71c78cf2dd659c6a179c6574987f237b3a35c6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d86dfc7b3f10416097274e4f41388422

SHA1
e6f4c8df52351cd83c01bdb07db85edfd831e5a8

SHA256
1afa417858f2268c3f702e5e19641e635493c9d835b88148ad6a399d0aef2e94

SHA512
8bbaa6141369dcafec9609033651d24019650778d33a149e0982b0ef7825d62102a6550861f7114729be0241ad363587c04169aee389b0a39a3abfdd7f688b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78c177c913620cbfdf1ca76e3162b080

SHA1
0e6e3aae38a6e7425ee48daf4a677d685a327b3b

SHA256
752965c47152c9b3696c833f2f03e787394753d0efafcc0514e1454eb03b6232

SHA512
f4501868ab56af52054e2e9986c600c56af4faa11b6843715fe837dd5b14e8c16c32bf04fef3cd8916f4377dccd492904e9b638ff76ab6d25ef7a37b3957d055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03b5a99558d267be6778415fa5f014eb

SHA1
871c59f2ce4e482346ccf93e3e8aca3ebddaaa58

SHA256
4b1889c6b63a567621acb1872dc83640750364676ac16be906727fe906f86a92

SHA512
fbd067ab8d09d658a652a65f418d0e65390c908d8be4d3224462f1a4d25a7b0c65c33d87361ad862a1aa1ffae0b378332a774948f7975463b001f07ff01c35ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
76fbe77cbc68f3bd5f0decad25775716

SHA1
2ebc2dea0b2224ea73fb5413d94ad38218122bf3

SHA256
8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

SHA512
1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0c71204dc7dd088aa8f1b279e29d7bf5

SHA1
475dbeb8589312574e6b5f3ca2913b8b80af155b

SHA256
28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

SHA512
f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411071801101\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0739408A\setup.exe

Filesize
6.5MB

MD5
dcc0d15e77a7872758e65deb0bfc6745

SHA1
1efb89e143bf5edd34d46ae8370ecc13d4c3339f

SHA256
87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64

SHA512
9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411071801101281556.dll

Filesize
6.0MB

MD5
1b07ce60bc1c77f0cadf13c2e62b1383

SHA1
ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d

SHA256
e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f

SHA512
94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c953b3b64bec4bde487b79862d50f0b4

SHA1
95ba140362f8b7d8e499a15d80529b5652aa011c

SHA256
ba56ef09c67ce344b4a7906cbb28486bc79b1bbe7596210d2543f4886020fe2f

SHA512
709ac035ee8f7864e4aa8766ea49026c0971146ab100b10fa06889875be84b57f5f12d3933760f943118018a7252ff5010cbe21674df36dc44102a402457a664

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b70ec1fe4c15fa12f5c45a494fe09213

SHA1
bedefd58d5c530254fa1ae6c6804893604ecca7a

SHA256
26495439306a76eb17d574ec200fb6b0f8bdda51a113c6bba49e6e9eb77b42c2

SHA512
ee083da4bec651a1a2c76d62963baba51119202ae902dd09058ebba0e5a05b4867006834ba7b36e2ca0a0498eff76142d4d4ff9e7c99f7fba925d90e5b1befd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5b2d2bc978ea2214f779289cd374acc8

SHA1
ee644180e6791a08883d913acaf2865f9ba54e0e

SHA256
93db2fcb6b4bd046c6e3f0cea3da5d2560693bf60ffe9d55497269b9956908e6

SHA512
5be2a408125044142bb99a5865cce75bf17b69e6c99abfceb04dabe159c9fc733a4ccbbb8a26c7a7f575125297cdb56bfa17359db113d17fd3f910cce0389ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
58ec8dced3252e7fa6a48642d56519f0

SHA1
9539b09ceafeb6e82916bf4fd43aadc181105179

SHA256
150579ec6a839ed0ae09bf5b290fb3fd8ab5b6b59c7ccb89a4f8492bfea833d6

SHA512
6c0846c3270f6f946c5618ffea6d7af5b36abb1a410a98854be595419fa8d1c8c52d4b5b7603dbdaf7919c72625f23cb96b87d24d54dbf3594533d25ca9ec5a0

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.2MB

MD5
8f421e39e12f9aa5dc06cf31851098e1

SHA1
fad8b6de1290a3a4bf7a2d99e4c1994a71d4a5a5

SHA256
0c3eb3f1021ee8bf8fad804f529da5a1ca9e845cabe516abd56a014123288c07

SHA512
9d62fb56c647afc18f73bf203b2c9a99eab2966d899a9dab0fe31f8aa97f44efe7935118f952815bfc015c6a8b10e375ece7922b5d4ad0f6402bf40d27669123

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier

Filesize
376B

MD5
a8d1daf133081a2ef88a1eeaf6c18c35

SHA1
a37573f44bbc21d27151a2598e461435e3c04420

SHA256
573c434e27c5130d53ec945e6eb8be85492574fa9c49f1565dd3294e1b1097bd

SHA512
e1a06c39bbc952039640e47ade7771654d58f76852fa71b1a3e1c860e57e71af57e7f0bc6332f1beb20e061c956e934a80495d4a26731cda27be8fa9c7a06105

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 763800.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710b1.exe

Filesize
3.6MB

MD5
6108aa24aeaba86ee09a0d505186d74c

SHA1
84f4a8bd37f56460cad7f4b1f7167a02a4844000

SHA256
2469d8154c3b1f4a56b1995a7fce74b6b2c262345ea5efcdcc1be7f906df038d

SHA512
76d544903257c3ce2e116127c032a2d094b46b832b56031b9d38f2c8fa4eb582be370117e4eadc9ab7c86042614c5a75477cbd2d8001ceb7f2fa58b841a9ed29

Download Submit
memory/896-2380-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2384-0x00007FFA54130000-0x00007FFA54140000-memory.dmp

Filesize
64KB

Download
memory/896-2381-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2379-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2382-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2378-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2383-0x00007FFA54130000-0x00007FFA54140000-memory.dmp

Filesize
64KB

Download
memory/896-2439-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2437-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2436-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/896-2438-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/2548-2441-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/2548-2442-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/2548-2443-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/2548-2444-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download
memory/2548-2440-0x00007FFA56C30000-0x00007FFA56C40000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads