hxxps://www[.]upload[.]ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5[.]0[.]rar

Resubmissions

30/12/2024, 20:44

241230-zjcjfazrhy 8

26/11/2024, 18:42

26/11/2024, 18:41

11/04/2024, 09:32

11/04/2024, 09:21

Analysis

max time kernel
128s
max time network
129s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26/11/2024, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
5792	OperaSetup.exe
5900	setup.exe
5952	setup.exe
6056	setup.exe

Loads dropped DLL 3 IoCs

pid	Process
5900	setup.exe
5952	setup.exe
6056	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
218	camo.githubusercontent.com
226	camo.githubusercontent.com
227	camo.githubusercontent.com
229	camo.githubusercontent.com
231	camo.githubusercontent.com
232	camo.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\85a3103f-17b7-4369-af54-29407653d632.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241126184244.pma	setup.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771202186016075"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 849322.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2380	msedge.exe
2380	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
5576	msedge.exe
5576	msedge.exe
3044	chrome.exe
3044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5900	setup.exe
5900	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4620	2380	msedge.exe	82
PID 2380 wrote to memory of 4620	2380	msedge.exe	82
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2336	2380	msedge.exe	83
PID 2380 wrote to memory of 2696	2380	msedge.exe	84
PID 2380 wrote to memory of 2696	2380	msedge.exe	84
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85
PID 2380 wrote to memory of 2456	2380	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa5dda46f8,0x7ffa5dda4708,0x7ffa5dda4718
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff66a4f5460,0x7ff66a4f5470,0x7ff66a4f5480
    3⤵
    PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,658364572652993083,5420487327400196868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5576
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5792
- - C:\Users\Admin\AppData\Local\Temp\7zS0A633A78\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0A633A78\setup.exe --server-tracking-blob=OWY4MmJkOGMwMTc2OGE3Y2FkODM3MzZmZThkNTg4NzFkY2RhNDY3OGQ2NTFkMWI2NWFmNzBkMzlmNmQ5YTVhYjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD1mMDY0MWFmZi03MzNmLTRkMjgtYWVlZS00MzMyODUyZjg5NDAmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzI2NDY1NzIuMDM2NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiJmMDY0MWFmZi03MzNmLTRkMjgtYWVlZS00MzMyODUyZjg5NDAiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6IjI3MDBhNTc5LWY2OTQtNDViZS1hOWM2LWQ0YTQ0OWI0MTA1MyJ9
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\7zS0A633A78\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0A633A78\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x338,0x33c,0x340,0x2f0,0x344,0x7490fb14,0x7490fb20,0x7490fb2c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffa5098cc40,0x7ffa5098cc4c,0x7ffa5098cc58
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3788,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3676
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff7f0084698,0x7ff7f00846a4,0x7ff7f00846b0
    3⤵
    - Drops file in Windows directory
    PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4912,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3292,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3332,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5316,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3140,i,2479950450693408719,11498314042076735396,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:6140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9aba5d9f-353a-41d1-97e5-2747ce7af367.tmp

Filesize
11KB

MD5
22c2791a3a429501feac88400048d6f7

SHA1
8be5d30df7cc4f26bc90c45996184c410a41ee44

SHA256
a8b390c3ea633dae2d7ed48f45e0af0cb57b457db937857d223b96864d822807

SHA512
7c786bc7f2c14206795bee50b3ae8ca552c29fb1ed94a3425b4a4c29c8ef4b12ee0163bcd07a837dd2b0f83840f123e98ead9bcbc975b765932eca6ec43c0386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
120a3561948989a4ecdb595dbba881e6

SHA1
c32599f9e9f315035f5161fab25cc86c4e4a45c9

SHA256
b705fa8ee795c33ace04306d8b87c35ffe1a41ac00071634e1cb8b985651dbd8

SHA512
4afee4a0a49741c4e91fb68fe7c860359dbbd85473da3e6ab799223cd28be5cfe6d616a3a8ab618596171fa7f7beb3ac5d3871d31e319317e9446963c831eaf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9203c741d48cfc86926a1b0663359037

SHA1
d6f64ec141e594b42e791f676241a2bba1b7e5d4

SHA256
f8651e7b66b850a4b04d4b4fbb8ca07aa55f1be0a85bb3a87ae6c80f56283234

SHA512
d5c16065716c2f1d209dfd4dd242453bd7630f0b63d7f35eb2172438fabbc1320cefed04390d537242f38e87d53336fbd923effdf9b8824a8bf16cc3c4c7289c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
adcb142e9bd4343b2ae548288e405590

SHA1
d37abbcc59bfd5a91090d7772774ee8bfb10971b

SHA256
20dc2315d2c4b60d8cf197ead6915cb022b27fa7c800955011ef52a597b0bb98

SHA512
8f7d46827bd33d55d02303de6cc62e30b2c5975a490f5891a83939c67eeb000d183f681215e913296d658ba7f3176d26796160ac49dc099f9e69bffb2a2def26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a646da6bdf151c2cfb6c08cb78bb9ba

SHA1
07601f06655af23b42395151186272f2173df438

SHA256
7c81cae823f2a1d3743dc2f9c1cff0c44c3fd9f4b2a4a9f12c2d7705edf89846

SHA512
efd49ab22662bb36de981deb9c3c264ba6c54651e802c6efa97660b68e815a8950793332bcc4dcaa8b2782ee027d2aceca8dab2dc1e4a8e99f3463e805eba1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2295a53c8e60a3fc34f9c747c1773abe

SHA1
7727bafe3d86c8dc6765cc684902ae68176d9c96

SHA256
8585c4d4bd6469449c4984dfdf56cce33410d7c0edc305ce1309386d3dbd8415

SHA512
841fdb2dc194cbe210b4d997813ebe9cfd203f99cecb4970319029c69c467e2877afc356b94fb330e33f69a41539cd251a7cb4c311703c8945b69fb6f676e56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e90ff909c253e80d01e55113effdad1

SHA1
05a71178fda159c1a55787b41b268794ce1fa4d9

SHA256
d6b777a58ffb38a4d0cc969a85e6ca490fea19d28af1bbc152fe9746e37ccc5b

SHA512
6773b67e4283cc729af2d6fe69710a2f449a61ae166b3fef2d06819eb712b53d1e2788a7ed5ae118f3805dcef43d66af617686e3f61bab5461aa0e34a28e4cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f3be731059d235aa3f1e3b42f41e1bc

SHA1
09a00682d86b442a49ff14e4c8f227fe950ca732

SHA256
3a0d0a0fb9e4366507a67a6d4d75ae039545f76a308978af88431599612ffe5d

SHA512
a2d26960de338afe77c3b08f425e09706b2b87a815907619afd419a911db53a5945f9223143274b8e90b404ce8f7cbe622b58cd27f3e6cb71ff1b1a4217ede21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6787183b8deb84a54809e82301d56ac9

SHA1
d667df32cb8e614c7d84a34bed4a8d4f47482c66

SHA256
ed6dea9147eab24a855d9953b243913935d65ee2fb2666571c1c9d699e22f9ad

SHA512
495be8a8a3f08d1b194afe2bd758cd36f9768bc87c968b31b402a74825fddea602584d9c54061c78d860efd58f0defa8999ce06e4034c151f4d7a51d914a3290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90c7535423d98ec727aded33e6ba0f8d

SHA1
f41bad1298762b6716bdab535cb79f1e6eee252d

SHA256
2beb352a37e4753134b1903835f75171553fbbdff4d51dd498df67b445dcd05f

SHA512
191d5c92b76d2a262741285973bd0942edec2d8fd12fb50e0bf4f41a908ae0d6c14ed645ea5070d2eece1851a093b52af8654a28d073e1d1b35a2b76db4c2c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3718ee4bcdcb4134b33776d371db8e2c

SHA1
fcf88e4aaee4df4fa0da9ee6482180004357517b

SHA256
3144dd87503f870457ff6ac97ad3d9cea3f2c3664831c1be6c2f5e1c1004e349

SHA512
7352e7ac92c3c35786fb662da2daa7f1df8e4723c471ab4f6b6265f10814521165a189a83482bcdbbbf36c6c3df27e6e4036fb0d00669ee77ff4a95825fa9837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
349aa64230d37262b7312d483c890874

SHA1
eff6efbe84c902cb8670e88eef3bc6eb1b97d427

SHA256
68589f792a66b37a53369275e321337d221e1a812153fc317794e1702527d129

SHA512
810daca6351cab732222122f228d17472db94442698afe78fee8e4f2b74aa32bd101352c1fafc21432914793d1d4c894e4fe386cc48d2e465543d038bb1e97a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ec6ae0736f84ba45de84e6286d0755b

SHA1
32bf1f1df1aeddead5d158278825a0eb20756ac7

SHA256
2b914b3dfea4561062b962e10c09154292e02a5d60d5b896b862df974eceed71

SHA512
81ed5408fdf13d9f5c4c868bccac3e65d8cb7b65fae82df42b89666bc19538971c9c7367a122cd5734117358adebe929b430c04e21079a912dc0808449448e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b19feb0075dfc1cf16787b5b2caf43f6

SHA1
dd7291b2422473c33b67dfe9c1ed3fcfcb52a67e

SHA256
efb0d9f23498bf79a529ada08b4ec6fd75304fb852f3a5bf110ff4a955641110

SHA512
7221933495f502f64004fe1611edfe2e35e88f76d03a881931560c7e7234e1315bb706258b56039256a1557baa7dc9db97da4c4250d3f2b2a156fee222389ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
ae15df3d4b6a0c2889c6406d826eb8a9

SHA1
30166edcf33e135f81b017a52c7cba2b3b7c0155

SHA256
4edf171f262d83871ef0a5a5a61eed9e58835eef45f1df88f83deb673e4da07e

SHA512
c9135ac4bd8225e4dcd4853d8fd7df535a05fcdbbe8506fbe87cf98c1e3ca30fe8408516faba68d22e86b8f8cc034e8385d4c2e088724e4be69c16430d6d6dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
fcdf30351d1b326af0ea58f3f2bb9fd3

SHA1
fc19beacec66b87c8ed6b1771d4e3774dd884cf9

SHA256
19e2ee913e8df3437cbba1a345dea925ec48d5ff6313c8a71aaf14c824901c80

SHA512
95b0f0d9afd0b16c008b8dad8e69d11f980352769a5df0b80f5bf0f03f6f39c9f52524823a9a339be843f824f44f5ca7497088a2e5f1f82362507b7300792090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
117088478f294d1d3d59b057401d99e8

SHA1
495d5322c1453f589c608553c5d0189a375384e3

SHA256
8f60c018777370a46f999c79772e9f8e288b4e3acaf7bd5fea499fe234c2a675

SHA512
b0b31d843f331bf618d4a51647c681e01c915cff3b72306211b9626722df75c7a9edf2aa392c5c1ffff8d2733b125fb1b89e35e738a9f338cc5ccd374d1250ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
10b2e76099e11b5a614ebd75a263e876

SHA1
37295c41fc4e0f7637fb6e9b871e8dfee8f1538a

SHA256
dad4794966c7f8461fac53c15ba0c36c0bb5eb57690ab6129d6930745a4c6a01

SHA512
e18d3de1ef8aba63f1e05791dfeb615dc5c7e708dda3bc6c4f411c3713240b8f4bd555f25faa743c595bde85f3f1b95b9666ad606be65044404a0857b9747c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e74cccc77b46d9572ec9c1fe021d5d1c

SHA1
b351826f33e417512ea1913570ca65cb8c8a6d40

SHA256
178a63ecef07403cd6ab047a8022b3c8b7b9c7fa3bdaddb35d36a308199f825b

SHA512
150705e9e11ad738e534afe85537cfc35e71d1d9eefc0db24a9c32e9d74cec7c804bc6dcf1f3a9a2445bacb2267d5b3044a0efa39389e0d14aa63db350a7bc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
aeb7efb2e2b8b6340809d8c514732d3e

SHA1
1484194018bee3ac14788684cb900808a3bbfd00

SHA256
6d3b2d4e4b70c97d7fcb90198dfdeb9dd8e865b56f4a09c80af0bdbc4b10cdb1

SHA512
082791ef1d32ddb0394f48e7a2c17c147301686decfcdf7f9e79c19bcc3e1ec99c5fcbddfe740122ec975561963833371263f227e976152a4fda8bb4240b20e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1073e760945dececc053fcf7adc62943

SHA1
70f0662c551a5cace1f9d74f73bbdcc1eabd0813

SHA256
51b65c74c6a88d666868b22d0ebff9214bcd7ae4f4948efd2b1e65ee0f8fdde3

SHA512
9b5bcc64a4b5e3e3e644d654c0b64e1465f4ee52c73d592b554aa2205bf24f6d3655aedba45167920c6006fc53816150143c0e3c8d93dc3f061dc69e1addf7a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0833491f93163681efcac5988cfbcd22

SHA1
5857bce7fc65e1e75c1c0c86baa791c16118c0e2

SHA256
756f1161db3a92a8e2daf194f87ecec8a367287bbfbd89b932ba74b636591a5b

SHA512
0a85e3770dd2d979f8177f59fdd9cea536f48d31a7f652d0227be25806469acdc0311feb35328a3ff77f03d5a96fda8c950135226fed2d94b8aeb3fff4462a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6257d3819b28ca7f85ad0be9f5aa5a15

SHA1
c04bdb770b8e53760499ba9c0d0ba18f9add8323

SHA256
45213bbc1045a212d6e25d39ac73102b26a35192345ccf427ddb98f4b2588ffd

SHA512
9f1ce1cae9e250c884a7ffa96785c9ed1bb0679b8af28677f547af9be3bd798f14832fcc8a38556be91a17961f20d346775747d9990abea8931f1f9fc06c17be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11016dc2df82d899b0bd938560f5d496

SHA1
286f99ef9d0856c87a3910d07630680da0f0732d

SHA256
8d9b457608b58490824ba0d5b5dfa49449410f778b25d30be2590fbb8f8b30ea

SHA512
cc2859dd8f60bea6c182ca4e6580cc0c11166968ca527a4a038b9eb726a6b4cf387b5b13d8e532e3a8c7d2ab22c5603ba4df7df605ad68a2a912f3a76291e5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7be9821e9a095b47a44b037b44ee99c9

SHA1
c98342ca0f80c9194224b7407577c7ad4896b57e

SHA256
f1b89e330c097599fadc4f1b02cd17ba53a0ff50ef6c4d254b7f08bea4208786

SHA512
d84092b2727d8173a5add620fe0fee7b0f98b85b402ee7c1e2e776d1ac5fd089256c969b541a5e8e4c2c8d14599290ed950c5e4001c2288f388e6abc7c3ca4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57a441f22e563e028784dc43e5e15c74

SHA1
92f95a7e9aecfeb7e590d7b765dc033d6ac6c245

SHA256
d5046bc445bbb857a60f0a3b46a9f6bf49a057ca1d14cb6d80a694db5feb8503

SHA512
af49c69b9cdec2fcbdb2119145ff223f807413e557a1db42f975377055860094a736f06929eab2755037b81ef73e7b2a70bdd4d0473bf22916929f3972eff8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828ef.TMP

Filesize
869B

MD5
e7ba94077587e88f5dae2f25c03de385

SHA1
c0060523835efe1988a503b048a26f7f5cafaa84

SHA256
2bc81e6f60021a1294b4f3fe6184867b5963a01d1216c0dc312cf33da11ba75d

SHA512
2ee67ad2125a0700eab540360515112431dd62626d67d64a1919528cdd662feaaf5ba9e519a51778ad30a289edd7b83d00309aa68bccf81baf1145e7bfca1157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b04699196ad09408add5aceec472abe3

SHA1
22b2739f8f69bc1c530895e89640b4d08818bfb1

SHA256
116dd12bf2c0b6e41befe4211a426eb70ae30f0ad71e010272fb71a16266dd4d

SHA512
94efbe9477427b254853fa67075d2b94180d8a71673cfb38f731157f48d52f1b53dcf0a2142ce1b3a6ac26e06ba8a30d153a7e043c344849f96b20b0f9bde6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
13f3adf8c3da0b0111ceb5a2a42d04ee

SHA1
e785c5074624056d81f35a3330087acd7397c722

SHA256
3f05230729c4b9cb133ed237c19cfba143f1d9246ff6a02d8478f47e1d6a207d

SHA512
0af8eb67e78d3881de7f395974c80bd73a5a255aa083a6f57d2e34b7adbbfe638707fa0c34f3e5ff4d6a2b0819cf72313c9fede1539b8f600d31b34a54993b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce4f7a71e71c284d8a40e0b8236c4b59

SHA1
14153738fa509e9a3b16ab3f52f0d01dfafd84de

SHA256
dd6718cdab5d297d48c7fa563ea9bff33b6b43f9b279d378c8be03889d1e3277

SHA512
801a6d2bd5c634c9face0a63fbc704d801ec360d9d2a366ca273c4a1fde514c511597460b6ce9f3bb01979cdf8dd767b1c186c04392ebf3e490a664f044f51b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A633A78\setup.exe

Filesize
5.3MB

MD5
7e293ea90477b4293d42b35b9a7eefbc

SHA1
32d9c1e87d9f8cbecc4794a106b6baddbeb0fa82

SHA256
61325bf8db458c0f321b7d3e0a0b968313556e84cd74ef062b1ab8f4d37f1af3

SHA512
6966e8a5658455a561c891b0b0d0fa2158a98a06695c3f76794def1629317ed7f29ae1762c2564154c20c0fb3285196a791583761ee65c5f274838f5cd833e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411261842593815900.dll

Filesize
4.8MB

MD5
90f1c76397815e9755e2c266f79c5a4b

SHA1
85f9e93c084ab61f6e4d7eacc9a00575bd48f191

SHA256
6bae4a4046069b92479a475da99b408a2fd767e921e43eebe2ceea0fa8b330c5

SHA512
6992facb8d0b658be74f243dba4af807dc45ae51dc310360e3de1ebdf1e6dc5c91cf1e39e19b8074ea74285f03969e32bd89411af9c41d794437a765d7ac2704

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7a108d7186e4eff3293257b57ac7f189

SHA1
d45293fb6e678d3bf1806541698dddc7607223c8

SHA256
9439c99a5e72e8cffbec5aa61cd7b14cfd83b1eed0241f458f51b62a7b004022

SHA512
2f88873753de9dc50c69fd97e762ed9085d3833c104ddb731ad2aa0a32128c19c0ca5492d278240f651af238b9837614e3d1a2e6aedfd166479760d64df9856d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
09428e7f1889ec10c02216d3bf951451

SHA1
868b2209b4e761ad8e5ae192097a1ab68e00d8ad

SHA256
e454ea1532beb16300c972d169c08ecbf2256f9d71b9890c60a73c31e625046f

SHA512
ef6699442d35b92f95143ff0cdca84641a539f1e2b3f8594b6c2cd622c07cdadf8e13586e8796ea9a0dda1299eaff3a5c6afb31adb16c1a1f88a744f04e837ea

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
54706ea9cda4b7a16e4d50e42509b303

SHA1
87f8f06d060b68288f8efc19d89dd3b2deedb300

SHA256
f39d0abd80c6917061a9536c3db38247114a680710ce4f75aa2090ade78d3296

SHA512
bbb66fa3aee3ff6ebbc3db750afffe809c500cc9aefe07a5a354625f5478137a8e23940e041bfeee459af8814f2965e467ba05d660eb91a1a3883d1690f37a28

Download Submit