82154f748a22bb1941b31a591af1ec6d73d694b410b6e337a2f72d6fbb4b4ea2

Resubmissions

04-12-2024 18:15

241204-wv462szmdl 7

04-12-2024 18:09

241204-wrsnvatqhz 3

04-12-2024 17:59

241204-wk44asyrfp 8

Analysis

max time kernel
507s
max time network
508s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-12-2024 17:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

F-15CASE.py
Size

17KB
MD5

1580f49e48a5b344f32510c474f8046d
SHA1

a1a0d74245597b056f154c1f66f86a2dac1fed34
SHA256

82154f748a22bb1941b31a591af1ec6d73d694b410b6e337a2f72d6fbb4b4ea2
SHA512

6d620e6159af85760d351790829cd5c28af10c7fcdba9028c9386256bd2de0bec943bd77467f8619eec9a3095666e71600b0ef37f1210eed62535d82d89de6a2
SSDEEP

384:Evl2Xaka4tEEq4WjAHPRSgeCtHnonzPKq9IEBfrer+vW:EvAonDvBfra

Score

8^/10

defense_evasion discovery motw phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: =@L
phishing

Executes dropped EXE 9 IoCs

pid	Process
6404	OperaSetup.exe
3688	setup.exe
1652	setup.exe
5860	setup.exe
1500	setup.exe
4888	setup.exe
5496	Assistant_114.0.5282.21_Setup.exe_sfx.exe
6092	assistant_installer.exe
6856	assistant_installer.exe

Loads dropped DLL 9 IoCs

pid	Process
3688	setup.exe
1652	setup.exe
5860	setup.exe
1500	setup.exe
4888	setup.exe
6092	assistant_installer.exe
6092	assistant_installer.exe
6856	assistant_installer.exe
6856	assistant_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
350	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778088543903699"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "147"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	cmd.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
3112	chrome.exe
3112	chrome.exe
3112	chrome.exe
3112	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2112	OpenWith.exe
6884	OpenWith.exe
3688	setup.exe
2940	SystemSettingsAdminFlows.exe
4916	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 3112	4624	chrome.exe	82
PID 4624 wrote to memory of 3112	4624	chrome.exe	82
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 4812	4624	chrome.exe	83
PID 4624 wrote to memory of 1312	4624	chrome.exe	84
PID 4624 wrote to memory of 1312	4624	chrome.exe	84
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85
PID 4624 wrote to memory of 2788	4624	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\F-15CASE.py
1⤵
- Modifies registry class
PID:4604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe347acc40,0x7ffe347acc4c,0x7ffe347acc58
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5052,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3432
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff75d8d4698,0x7ff75d8d46a4,0x7ff75d8d46b0
    3⤵
    - Drops file in Windows directory
    PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5040,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5356,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4552,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=2940,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5124,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5048,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5580,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5736,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5872,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6056,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6184,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6400,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6332,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6716,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6864,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6892,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7028,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7352,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7368,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7660,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7792,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7972,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8120,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8100,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8388,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8564,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8700,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8880,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8844 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8996,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9032 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9196,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9224,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7664,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9504,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9604,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8600,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9876 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10000,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9868 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6024,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9848,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=4780,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6044,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6032,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7816,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6112,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=8124,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9788 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=7864,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10096,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10060 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8132,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=10200,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10228 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=10248,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10360 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10368,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10492 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10728,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10752 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10948,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10872 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8580,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8976 /prefetch:8
  2⤵
  PID:6308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9344,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11072 /prefetch:8
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9820,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10532 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=10324,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9832 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=6120,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9736,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11332 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10172,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9980 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11144,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10852 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11112,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11360 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=11968,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12516 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=12484,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12648 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11832,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12272 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=12000,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11900 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9412,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12800 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=12028,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=7004,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10164 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=6712,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=6820,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=6808,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=12112,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=11944,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12224 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=10436,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=10384,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=8868,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=7644,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12632 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=8916,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=7760,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=12340,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11852 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=7936,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10920 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=9520,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=9088,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=10716,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10736 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8220,i,6890190430768873162,16348285498500354714,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7272 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5840

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004B8
1⤵
PID:5196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6884

C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6404
- C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe --server-tracking-blob=OTg0NzQ2OGVjYTlkMjA4MDQyYWEwNTQxNjVlYjY3N2UxYmM1YjU0MTY2YWM5ODkwNzI1MzNmYjY4YzQ2ZTFmNDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2Rlc2t0b3AtZ29vc2UuZW4uc29mdG9uaWMuY29tLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljJnV0bV9jb250ZW50PU1ERl9QQiZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Q1BJX1dJTiIsInRpbWVzdGFtcCI6IjE3MzMzMzU0MTIuMDA1NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjMuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IkNQSV9XSU4iLCJjb250ZW50IjoiTURGX1BCIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoic29mdG9uaWMifSwidXVpZCI6IjQxN2NlNGEwLTk0MDQtNDY3Ny05NmFkLTk4NTAxNDhkN2ZjYiJ9
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:3688
- - C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.68 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x744ceae8,0x744ceaf4,0x744ceb00
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5860
- - C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3688 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241204180443" --session-guid=f883a399-7160-4ac8-a1ab-bae362aabff1 --server-tracking-blob="MjdkYTI5Yzg4OWMwODI0OGQ0MjY4MGE5YzY3YjY2YjFiZTNlMDJmMzhmZjljNzRkNTcwYWQ2NWM1NGM2N2JlNTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2Rlc2t0b3AtZ29vc2UuZW4uc29mdG9uaWMuY29tLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljJnV0bV9jb250ZW50PU1ERl9QQiZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Q1BJX1dJTiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMzMzNTQxMi4wMDU0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiQ1BJX1dJTiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiNDE3Y2U0YTAtOTQwNC00Njc3LTk2YWQtOTg1MDE0OGQ3ZmNiIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=6009000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS40905C6B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.68 --initial-client-data=0x334,0x338,0x33c,0x308,0x34c,0x7215eae8,0x7215eaf4,0x7215eb00
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4888
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x3f17a0,0x3f17ac,0x3f17b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6856

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5272

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5912

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5140

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:6596

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\AF63D13D-0899-4150-83D8-CB98E6461787\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\AF63D13D-0899-4150-83D8-CB98E6461787\dismhost.exe {4607C1D8-4792-42CC-B33C-CDE37613A389}
1⤵
- Drops file in Windows directory
PID:5452

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4740

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RenamePC
1⤵
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3997855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ae260dd6265524fcd8f6ead45bdd7677

SHA1
4afb267d71a56d3e5e8514e87db5fae479a9a23f

SHA256
3c530ef8f9f40da98f49f0aa4d5034bc66217d801cb2c718489fad9c707eeadb

SHA512
7c4df1ae0a533ac58d649f0491c4b76aaf9b6f85311c2149933537b28a4c6c2d307d34ed0309d908aca49ccea8bd3c6b0d71014570f8e873e2089aace7821895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
72KB

MD5
1f604c22aaaab50f4eceb8ae3ab85d4d

SHA1
54056c7625201650aa6f9d69885580668be2e80d

SHA256
01c74bb64d5fc3c3e774ff45dd1c939267f58790444b9e6c946af9751d704c81

SHA512
21031ef427d59babef5ee45e54a79cf6a485188e6bb72e130403762f506664cb088be205e444d07212f0016c706499a54401caa6133bf9769b07e4c304af4a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
54KB

MD5
32a799fb5d3dba2370df157bb6e68e10

SHA1
cd183ddac04aee7342b6da8e2ba0619f69c8074e

SHA256
b2a24bc380a2bab6aa943faf14895813d503b16d2e143d32b3390eeba90b839a

SHA512
542eb58f2fc5bfb86be939b8da0c6cd657cee59e59d29e00075cf229cc3e54091cc0351d034d18d510fbb953cc534f8fbcefb99f70a90066c71c43d37ae6a0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
28KB

MD5
c3df0abcee99bc052cc5de9dc1b57bc0

SHA1
3047a6d5642cd367ac1c9f81e2471d3e31724854

SHA256
52742406fffddb5df0f2e85ef551557bdf1ba9e0a97c1bc8d534a02223452352

SHA512
72cbb18d3334e7955a1c7538205019b2e735b5016dff23ac66671b43bb1a47853e319f2a40712d2254b5e2ba71791228ddfc20c9f04f5b3a524535c7f7009594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5383d45417753046_0

Filesize
237B

MD5
b24ad1e41ab6c6176a1f7e8769bc8971

SHA1
212588e051212126e12ba177c0adab5a008c544a

SHA256
f9379dfce1eb2845c5224b299e1ce3106cf46cd70ceed936f4004afe5dcf64a3

SHA512
34c4c86fc67484a9d19c58ae5a9efb8ed659ba4a8f7990fd839ada8f2f6380c17a8e70a300073ae5ddae8369daa7c7a539ec2eb41aebebaabef37b0ed6c67170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5383d45417753046_0

Filesize
13KB

MD5
c8c0ce2abf687dfd359095549d9d72a7

SHA1
cad1ea8c3eff52fef3db3d8ac7506b51a295ef28

SHA256
446d7523cb2a7d6d2979e0eed9dcf83bb3354969f3dd25a85f7936bcecc1f830

SHA512
2f9b481605be3dc32064256b774dffbdf8f50d866414927710c7005606a22baad0ff359ea658e14bd9393e7924531ab131c9535d4eb9c24bcea1e98c9339ff85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\65c686046a0cf48a_0

Filesize
327KB

MD5
2d4f6f41502b0e42d68695b3cf7d07e8

SHA1
e40577aa04716afc6184b966ebd1008345567f91

SHA256
7611bed9fd75fe661673ecc592a755bbe58c311cee70219a52b6e632b8260325

SHA512
865a71059e2ee18cace854880a7b240785258cba8a0c186de8042e5a4105f99240d3dacdcc7498400362b7a0999af8542e587cbda8eff3801dc33336ae5673f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e9846df36b6575b_0

Filesize
52KB

MD5
357cee6aa5e64d5ebe4bae310c242685

SHA1
dea70e1787e661e6d26680fdaabf85a1ae863ee5

SHA256
ec11641f6666b65ac0dac681f065b1abf16c05e50d4271279c2ec033dd7a9222

SHA512
93b874c6fc0db2bab723d2af3867df206fe90dd3a274102c10dfb86036cadce03d97ea4122c375766e9405e799094d341f34120518674a24dbe07add0092d5a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb95a1c5020af5d7_0

Filesize
238B

MD5
ff015d5fd4125c0a99eec5ab320c7f6e

SHA1
451db4ea4afebead4b68cdc1a7ae6ac23a49b7a9

SHA256
e1e59e9223a8f8f74b56d1ced9d7ec48e458d81e120a583f2d820968938a4438

SHA512
6b27791d87dfc572495edeb5651ad0a486edad173234b0133f65d071f71848bd47ad3b21fc09e6ab0e2e01cb90761de8629ae1f1618aa6eec554662c62bfccad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb95a1c5020af5d7_0

Filesize
278B

MD5
5aa49611e73f959b920d66955442e5e7

SHA1
8d3d3a31129e851f1dc9c99bf637603378cdc5f1

SHA256
3b69716a9b381cf5816ef52564e47fc47f0c1d4cbd4cfc4ff95ac57262584d1c

SHA512
f21912872703990d941fb21ea91bd8db078d11de46d0a82f731eaa365367c61aa77b0edd2be5fe70ccd95b4db32109adaca60c37f83ef28522d8417497b080af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc4a9f568964a817_0

Filesize
158KB

MD5
fa769a79dc847873e58ef90067877ae4

SHA1
af2dec7306260ede9a74e23975c766bee398464c

SHA256
4f90f9bd925d6e91a10224ebe3f25b271dbfcb2c53e8385eb63a338b23b4b6b8

SHA512
a169513f309cb3131a158e42dc2fa1c35d3aa255cbfe9bad60c2ebc3759f26978a39e5cd5647191442e88e00c137056eee4608b93bb5327c4bba538f9bc5a6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eaaa05a54a7e86b3_0

Filesize
236B

MD5
e4e1bf9989bce0dea93afe97eadc7ae7

SHA1
3d34f900159b837593c1e505649b1432cbb4bf3f

SHA256
e719f0416f4a74366c3bede57bb1547782ddc7d00d504d14288dc386b8e20ba1

SHA512
c6e119182f00db7014bb944b879158fc895efaee697d5c0aff6ec96d9fb917218a856cd1284c6443df1d235e053eb4170a11ac9b550804c394d53f73af24da74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ead5ca606ce76a50_0

Filesize
228B

MD5
1de45eefb16086c42193629a1f5cf4d3

SHA1
588792062b57c8b3eceee27c1bb8824f58492eb1

SHA256
e4a6d135e64ef00176a018c644f043b5e987abdb7e6d695a6756b3a331f45528

SHA512
1156c37d5939b5e7c3ed7630cc5a24040f21148ff23d292360d19960f7021a3924e07cbdfe5c09b901002104017526e16f8313f11fc5370ad46a07fb8725209e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ead5ca606ce76a50_0

Filesize
268B

MD5
f63f23f5981655c091bc2df0bfd3451f

SHA1
4662e563c78719d43c79630c39cb4465786a3a3b

SHA256
c1876d136e94dcc5b5ed71fd3068b36ef6ab28bac102c442b239b0baf1df1672

SHA512
0283f3a043d8a2bae3a8ac9c61ad3880319f5e2d07dfe6342e658b877617b79bfd66eed06990e217ad0dcb7760584e3cf908294c1dc1dd6fe564863d0c396d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f33cc90343446fa0_0

Filesize
233B

MD5
a2f1b3a50f55d48dba78dc77cda7f7de

SHA1
5fcde94fb4dc980c997c41d30c8fbaaf17a1d6de

SHA256
4581d940de78f7faf76e9c98d9dd9343b4824d022d2d8191639bf58dd189cf91

SHA512
12a5d20f832fb636b41ece3a64125a2db719ce53fc6d05d4cf6b3832217fd3edaf0c8891e1f82c4c58dde9799239589436152caccc9a316345670a5dfbdf4631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f33cc90343446fa0_0

Filesize
273B

MD5
ab70ccf7c6d22b34915e47d6ab94feee

SHA1
3a930c9ec5f6573d79289bddc9271b9f26c44658

SHA256
c902fe9dc33f8712b799f1e090da45381b0d5e144c62c0227bda7b54a7f03350

SHA512
1ba02e1490d37013fcc6b55b965ad7a8ea57a520d888d7ac169dc004cec6a14128ae9a9219e10ba38297ee769cf36cbdf47ae61efef28e020219251d045b0779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
cc5ca8cf001044b82cf7269ad7fda333

SHA1
711e425023eca724c85c25cdf8a44132ea3870ec

SHA256
44507ec2b4f45dbe3c876685bcad36116b271de0b7de4177b3592b6c1b0f9f04

SHA512
0cd771c9b440eeafdd8a866f5527108c6a9650e9260a2d667a3c2821dda4e131ea5363ba6170ce5ca34b8c7465de8f59ed9ed633d78b6b8dce3f18e7c5f53750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9c424f901fe2a6209b414c4e40f7abae

SHA1
3cbfebda539ab0affda6fe34e567b338caa7b927

SHA256
686e112e711d03f8fbc1b4527b2344b0a9f60f48c5d5eace4fabf06c74e39250

SHA512
b45cf8bafcb8e306e29ad77f33bba48bee3bf005cff3c50dcbf3bf9ac3a09034c29636e41528ba819fc0f4f1c2d1a142306bf4bde5518fc5945ef719c50d0518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3759873e15f80d1b1090ecfae0be4a21

SHA1
ddf17e3f05fd6972a023565b85d1b494f6616c4f

SHA256
a6e0274c3de4cda1f34a90071bcb924ce53da748df909dfc1f24c891d980456e

SHA512
3b3003cb575a3b483324578a629353f6bd3323aedf42c0119d531b9415b69f972e6f6b586e6a1394efea4f5a896955a429f5496ebf03d4ae9611e1211f67ab66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
58ad3d9b377366dcb570a222130d9dce

SHA1
ffe6752ee0fcc59773196c7708ffb42247041aa8

SHA256
53c7664cdb7591aba4818973a08400e8897ff47681b0a02b192a8261d46b366f

SHA512
cbece7148cf956f0eb84c3156f82527039fb530cd6520ed678d707d29d047d9e2a592051579f5f88c86c19749a8e2efc5a8c0fb2fcf1323b532e6f3d8e652a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d6f940206c4118c10ffd3fbd6cbde4ce

SHA1
562424edefffaa28a1a13f94d9faa4e3b554d3c9

SHA256
763d9780a2ea38da3cdab92083e1012a89685f7815c13584187dc3843ed18429

SHA512
b96559bd248f3ebe2e5f2e69021931e554b83cc4000346d857050ccf182e4a17e605cf56f5fabdfe271d467c17a447a108060db0280ef420976d0483c4dd36a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
65f5f824fdf60516613a87b0008021af

SHA1
2a1c54b2e803ac1ea9ec573db2c503e1d305b82e

SHA256
65bc90a4809731d27481cac9120af8aade930f5b75f8b768620ba96a0b35c6fd

SHA512
1987496b7553d827899223fd588a629e873f109e15667002e3d869abd02425d85a65c1d98c11730848c53cd8031535a6e1541bb5a4df23bdff90d21ee4ec42be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d3ac2c9163088cd9b092be39bb3026b4

SHA1
c4496acafbbfcc9705ded5d596bbe43c7a46313d

SHA256
6124045c6302ea8d29e6226a848e5f9ef5eaa49e9aa3b97f2416260e6996145f

SHA512
b164817b5fd8b439bf8ac23e298d8884266769f1d475809edc3c4aadaac77abd947e8e596e55268a5a5dc419fab4605e0bf87ae549b25867e93b3bdbd9987df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
37KB

MD5
afb1f4709cab5f15cc3155823a74c94d

SHA1
c013bdea1a9fe64d247142f1815cf24527678be6

SHA256
2f85b70510bfaf67da6fdb2daffefeadf3b982ede031b0a0c984d130d4b00dd2

SHA512
c5b5d1ee16503cb734c20490c34b573cd6c36f0aa3906647921a25c7d58e48a061d03a1ac3c2a790963cc3dda65ef6f2e293c5a132fca7fe4d7f4d5959894339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1903504fd5836f48adc0f438bcd82588

SHA1
997396b123ce558e178859d77e7d6c908bfc0622

SHA256
2b19e14be26b3a54ca6524388902de2171b3a7698fd2cb09fc33d8d9791bcc3c

SHA512
dfea25a7f332dec8a7f61013197208d69cfc4d3ec16489a8b43b94b10af59365c3771ee0f97e907e9e30cf2dced13614cfbc494e7bb9d54f856af47278e2eccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
65b72b7e29cbcd479b176f595935447e

SHA1
1fb096b289b616f0643d3080fd193956f027b8fe

SHA256
a51f41e5fbfcd1b2553b29b00e61da15e73d9fa2a8741089f6e490b17cea4dd2

SHA512
369b588f3a6f7bb5289e9cb7c5dfbf7bf0a7bb5be6977e7eb560ed794a18f6e93f4d3a3755088ba6a7ea4af96be4e1e81a5e0eaecf645ea77e806fdc0466b222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ca6c79a62070d0a1e3e9524594b5f428

SHA1
7beae98864933c8fdb34fcf7a555c9864ebaedcd

SHA256
9b1ad6c2427f5508e14e3cb0022c82aad8e350fc7eecd695f2d76e91bb675773

SHA512
433aa38b2ee8edfa4930490c6b4486a8b94c3628f9cfe4a1c438ff2a2a62fc32b885e17f7a37eef51be5572f1a4fedf829d7d407976b806bdda2b43c0448efc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cbe7272026df6a7f3c2c4dbc8220cbae

SHA1
d42c76c2b3e67c58030c2f7f36ca45d8a875af39

SHA256
85a54b2c40ac8445a5e94e4f7c229e1c9c520b363d1d7ee4992a2db9a45925e9

SHA512
b2cac1d8d6b65507a64dcf5529bfc6552a06524b4b9ce623fbf9adb004fed73a9c076e333b16714cf56aa89ed8b901b1044f269b7efa740d89242fd56a900133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6e247aa9614fee3353b093b192320f3c

SHA1
6af5003f1b2d58e1439c018cb70dc7635c1154d8

SHA256
b6b7ce09d0d48c14f60d64352e965b6b43c576bdffda954b936422afa69c4283

SHA512
85449975f71c8b80cdc64e9caa8c5a2f30aa750ac235882b23ef07111b38c8393d4868638dbaf6f287a748baaf87ec4fbac89f3c20f7197475cb4100033f140f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
93dd9088041f71a94399b4585971be7d

SHA1
000f26af050ab81ab473ba4e56ab5db7ece3811b

SHA256
dc08e9a1857a2d4ee02d7e4333cd3e11b3ed865f9bd21f626889ee154876766d

SHA512
0d25944f40659ac6956ece79316a70f4e7dd902bc8167dc8cd003f6941dd18daa3cdec1bcdb09eedef1ea7e6ac8122bf1a6e8d63cb40f26365c368ca57700a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1100a376a453bafa57651161c6c9f89f

SHA1
1828a12517cc1ea59833d3a149f69b14afb7e5d1

SHA256
c20e5161ab43a07926cc8fe93ad207040a29874674911a3bf02a1aeab33afbea

SHA512
b5ef77d8e5172feb39d20a846bb25b827d667131f2b1b78e8f12d42884520eee47ba885ef509494b5d535ee76fe1daaa2c8cffe049c8815bc5095f47573c2c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
9064a1f509f157e12b965958f4c3f579

SHA1
e44167ef8d533867d8de00dacb9cacfc168862f9

SHA256
4d3be51075f8054a6f6632274224aab7eda643b8706c2262dccf740408f920c6

SHA512
885f5a8d9d4f832f44b155335d9957cc0c03ff7c64473fa7607c4047c6d592f208d61a9ac74a4588e2db6627a7a1ef5d9f31a1bbe9235ced3d6a07d4faec7900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
028df73832b6221d114dc9d0c65b122b

SHA1
e34b0867a9506f5d78904596c7145a63012310fa

SHA256
8e1386c1e9fec5a7ef0f3536869c58431c8e4c6bbefdcc76b3787241c70ea426

SHA512
b1ab2ff0e46a8ce6bfc6bc5513fefaf3c884fa412b483ee3232ea0f98c0fd319b8ddd23300c7f402dc98cae1bb56c1fc8354e0d4204b307759f56e92f7d39841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b3cbbc73a19bd615c385c0fe34255672

SHA1
69002318b0451db99f026aac7cc4691e9c7d6448

SHA256
88f8a73816ef06276bdce7ab524c65f7fdbae8167704867f366b2bd3128cb524

SHA512
031e8ee08d0a2350f09a2814145798f1860f6fc5c57fad64be565e9bf7b72beedc5c9223fe615a36f65148d7ee924c4288420462a7279f3cd6cc3b1ff9b95272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2f5ba350b04a4a2ddc6ee659faa040bf

SHA1
e34c3f6760def3b457440f9e17528859a96e8951

SHA256
d16d07333215d3850fe25b42ce6b43c4e8cccf9576a277075d4cc16020a750da

SHA512
7bce506a27031f41b53f8af33fc0923ef1ef543d32fafe75ed4566310805c9ab6aa5dc8d55a1127bf93ec81a27f0eb70cca0fe40502f7f12cb15ad299e32515c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4a2042cd393ef8a6cda775a9d25ad195

SHA1
2998d19ef4c6fee60955263f74f0e4ad74a8d416

SHA256
79482223b291c373b8a01ad13bef386d66c69bc4b658f9ae8ed81eeddcaa775f

SHA512
25bd7ad57d5ef7882f6b862480802eca935738be61bc16d5a013e136d80a362fd7f8fcc074e1b16bd7911eb7579e77638f84c5477e09d5e0a1b7c5eaeb9168af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4ca06de6892a7ff5641459da7979d4c

SHA1
d4548d3b14e2b45197099bf0e694a384093aced6

SHA256
673809c4e38ce0c9c24a77b919f4a2cc47a5c05c6ee226f851d0a3b9b1e111b0

SHA512
7efd4f52e8da3b973ede6656db22a3079cd572de0a07230275c1bd337509331d37fc81fc63a659168ac68b94a397336601457620ecb13b25ed655eebbbfcd1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c315d218571465e78456b774e4c06630

SHA1
cb8ce45d57bbf21f9333b0477ca75ad0cf98a8e0

SHA256
407fec6c960c9736e477279a544a1deacc4f0316a7366ddc101882ed0ff3025c

SHA512
6b56dd5b601e3a03f5945eac78a31106ce5b8a9d2413c0d093f450b7bb486291a7e5a99b8f6115a6646e6f4c857075b5c11e9b4e72c3f52753e14ce0af614bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05152bbd4c18c05625e1ab0c804b7041

SHA1
4978b2ae66158f7e5aadeee54714fd5bb3425ce1

SHA256
d48c4757de137cf7c2fb24240da083d46afdfcfc2c6e26d99e98c22946a9da0b

SHA512
6eae5445993e2ee09b73a6317b46df35a61b3c3be01dfb2e5ef40c172d71bb7e427b3f40526f8f377c4eb7f2ac4b5bd66179c369f1129a685037a7d1001972a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b3931ad076cf6fc832765d85cbc8ccc5

SHA1
24832bd559c4fa2ff3bfc6c1c2bce33f9ed5e820

SHA256
3a5d0258a76dff6a170e75c0a15e721be51a997c3a7f1130712b2897396e8aa6

SHA512
4d0ed4f2faa1f3f499122dd77ac22e7314422b57bd29c1550aab0ff888169810a0c9cb4101f66a654f0b1ffb103b182ff922ea3788f4ca1a4f2b0612fa1f914a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21d7dadffc8f0efb9f802dca7a6ca653

SHA1
544490ec1ad5ade5beb4c966d3bebcccf2d4778b

SHA256
5721a38cd10ceb14025296ff61dc00277e4288044245a56d169aef26cbaacce8

SHA512
00660500e925b20022c6fb0b4c2a9d298650e0b2ad4daf668034f6f8e104cbcd20dea3e4427a998f24e408a48735702759c38f8cd9211f8b081c2ef769b08c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01a924da158babd8c318e912aeaf9b80

SHA1
96347a29a0b2f8e0ce862c936f0a11d74340edcd

SHA256
f4a8bf6dfac4d1f9cdae0ef0f32b8f59e11537f45a5101e86953a945a684fb70

SHA512
e6e3c6bf85535b54ab1007ccf58c1d16cbe3914bc8f000ed0cb243a1e12b13bb37b19fdb62c935a50e82499452390c4915966056dc0f97b31ae2c560a4aed0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a43e143c94d6387322f75847c915c536

SHA1
1a7b33f198f584f853bc30f3afe155a4065dd34b

SHA256
aae211f6dbda7af30442d9d413946808fb4aa1bc0e47dc1810b77ae93d7d85b3

SHA512
e70114a562cfb157bca40395af03a7964ad367e2881de035b91c962790523b652e310d9ea8969696317bb4b485bffcb31df95874c54d0095e2d7eba5d466386d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
984cd6b1112ff589a10f3cfe8168116b

SHA1
df987c0a09114cb68f3cc7298848da4019e17bf8

SHA256
ddbe0c44f8d003a12a1e735ff0526f057813f1170d956b457a26efd1229ccd3e

SHA512
df692a7846d519e09fe7d633aaa01575986173715974e4f48f4af77053dc1073dd2ae36c5ea280015b4cf088de25cce14a7c340f8746a0b094a97df8454c053e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9beedc87092252a5ce128d574287fe8b

SHA1
682639e1b413c30dfe6a22dc9340748aac9cfadf

SHA256
02ac2b5b70185198313ba8c5c331f45da14a81e088eb094da0a3415faa1ea839

SHA512
5e0298102b88144d5886a6d75df18c19bd98c237352b418efed8b2b8a7c1cbe218fe8b05aab76dca57e419c4a078579059ea8a4832773b02979f31efa4b06e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25aae691252c78b9162d795e5943fb4d

SHA1
ea372ee1e4586d136da9a4dea3a78e59d60bd97c

SHA256
232cc347f7f2f7b045ea36fbf63e3b555f039abaed72fe84539f237bef19429b

SHA512
40d190836c84c952bb16bed26456d1a16786ed1159e5e38ea8df784bfba1d8e37c227d54fb27508a54cd8a5037324069919a809439b9e03fc7129dd3becda895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
499841259ed1a78d202cc4e987797878

SHA1
af936483795535f29316a758148364f8e73b85f4

SHA256
b6a731768e5fb545a08d9741ea0699b11cabe08cc6544cb907a45a6f1ff7d113

SHA512
37df57309418f40dfc3eed1b8491dbe188890aef0e408f5b57c2e5f759d2c22539ba56d7da431fac61088445a2e7eabc4cac239c40f848fb8fd7dd90e507aff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
66594df81360466d14a66c64911d06ba

SHA1
681d18c1e44dd745bc88801ee0a12d99c4d47a0e

SHA256
20b8d7b3566c5c0ef83f68d4e8d620fc85489167783be01d9517d42bba027d32

SHA512
7cebe3cbffff15bf8ae09923785f20ad9b0b8784d374bbb78499b2afaeca3e365e5e0cc0a2df45d5c8fba560efb2390cb2af5084dd9f6eee1df0209d6efb635a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1385888b3b19cf7412d45466ae5012e0

SHA1
b039abf62bcc070860f4a0ff807e40f4d949c351

SHA256
53e1daa12f12b95f718a0a8e3e4c76d53037fcf72eb588be8b05c0e5a63303fc

SHA512
a00854f56d13aefebcf4e42d0cb5e2eac030bd571716679a56b692ae627b85479bb5c5d73bda318154b7f45bd46825e20ce2a345929c5515ef2b55b210941a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
700047504fd55f1251108a975974a2f6

SHA1
8f790d86a308be290fd02667feea6f7019d57178

SHA256
8470fd2ff9eaf854ba03c3a8ce26355cc77292d40f1eccbebfb35f89604c9c6d

SHA512
24106ac321466292ac4c670629374c6450594985c21526c5c2b338f7d3b167c5aa5f498fdba65274f7ebe1e82fa36a91200b0d76b0ce317830628537bc104d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f06c8136f561bd9b6b9712a390f6ea6

SHA1
94852a9c770c16f5714c4208990c607fc70a8859

SHA256
94fb85e52cc4aa4380f12a82287dfa6fea00200f54145737fd81b18a123c2414

SHA512
77e7689481d78de271fbe88cc3a85be63ad6e5f548128891f2bd90f3a4fb849e9fabcd52a868ac1c34603590e3dfd1bcc143f18ed55a7f3be602f88a48deedb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6ccf23af2b89a6d16e379a12d0d4c15

SHA1
6691e764e35efcbe59a70bfe4b4229b975d2345f

SHA256
f239e6f18da7e5d3a3001d6a0bb80491b7f33d125d818363c3943837187550c7

SHA512
9ee0470427d2a7cde745df67ea984855e5c72933f0b7d731626e1717e07d5a95b169fa09aa607cc44b8a26046607011289c1ecc20d64a331a48251d0172ce3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e62feaf8dc34b1687fd98fd74f98e796

SHA1
c53cfd90915ddea6f8fcb9725be291213a3ca9fc

SHA256
c1801007f19f03bd5c49c389a2a01900354c51603e8f661626c8f157725b716b

SHA512
d205d63b79ca907a9a5b7e3e25f2b80ad0310068192a44cf96495b4e926206ab21d63a601be3f9916009851ab5b4e979bf05cb6b780cf909b7d5c4898476d52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0292e4b7c110ffa99903d8c6deb921e

SHA1
15c6ecd244ec096370b4dd27063ad3fdc602be2d

SHA256
5fe188d7ef03bd6b8f67b6057756f40a0ead4ed7e50e9ccdf9471328aeb02174

SHA512
8c273de0969212d54e68d403820c34018202ab9c786c7bc11d9d7f04468cb9f9b156313a68931c4b78571ca22c17df6cf7bb737aa254b8ffe74d5d60d54d6302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d3852adacbf749e0961e85b517b48668

SHA1
788411a3c5d183b7943faef85e2a61077e99d5ab

SHA256
159ac4e03235eb7681442e3726d9cefdef72d504c9557e3d1ad2c2a824ffdf32

SHA512
d81596f66c797ea81a6f59c714703683ae7f96ca04fdd65c22dd3d92612846c3453da3ec1c05f40c619aea24ed100999931e596428b315fd44182035b4f69a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a0b2ea7914f09191e3bdcbdc9799cd61

SHA1
bbd9672768909e957abec44527dd1853698664d8

SHA256
0c6ee60e90cae08d8baac3d34d2d202c3cd4b3a050ed749e6232bfe04ad21607

SHA512
460b8932464444ffcc03f9d9fb8304cba6adc0e96710901ef3f05d0b9757e280f391d7ce57868290dbabeaa828642bfa8ad5e36408658fce37eb6b0c7415f63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3877e5649b90b203fcb38536c15d2752

SHA1
b6e252d1611b2b6fced74071f19d759f5418fabb

SHA256
3afc3e43bf5de9a1a78c02d090c292955bcfb942e372c37fe204e3c4ae382d02

SHA512
30822c5bd95cf4728e548f115a11ccee7fa51a1a931f80adfa3111ca03f7b38ad42acd3053ae5ccd173ceaa9cb17c5b46182d27553c6c51f4775c5f3e58367ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a477e436eb39f0842b17841b311bcfd

SHA1
6c12a5db1423cf1820b45ebbcf9099feb2593288

SHA256
3abda7dbc447a7d54ccac641433f8811ff1817926a4782aa52a83f30c61a71b6

SHA512
c8da11f6237bad8e9af10a6c2850d09eb1d5d4514b21fc8999d3f9cb5fb8385cae3f48a07d2b8851e4496bba49fb5b1a5606e9794c3face775dc7f0cd7f5d165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
52fe44a64cffa672da0bad370e734d24

SHA1
28809ee6aad4d1eaa14cabb3eae9791d39370ab6

SHA256
1b603439b05b110a6bcd90faaafd7827f543c4f0bbe837e8ae38807132740b83

SHA512
8934425fd7d2f0c16660e589faa05905245736e20e1d82ee7fa5d9eb5cbdd818e9d3e8d53fb0aa345078bee7a374fa668b1bef7715b62d30ef746bb58e6a92eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7587027ba25340d7e7503919e0916296

SHA1
b88bf25ab4a353256f283fe9f8ed2958e785d1e7

SHA256
422abed6bf80601ba5e8a7decd999c80cbc72d803cb2dd55fe8c28d2f676f8e4

SHA512
3405e6e74d11eb2362c53779225584b98f915985cdf8440e43c6bc0e3cb488437a39cdbccf4ebffc59c70a6ddf359b3dc6fbe5b421c5f4004f5c77364c28495b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
962ccd779c835f2110b2f21fe3e09a4f

SHA1
659bcbebcd19813068a7d0f85e3590e6cc54f89a

SHA256
7f60d5f90c123a3f4f81745e8b6bc4bc6cc29a2d45351494fc99cd721c5ee3a3

SHA512
643fded52b47986401564e19c954509c65ea5569bd8d85e4fcd0421f1060b80587b838430992d87037445b5331eb4c3dd0921e1c8194f33a87b797c17e47664f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a98a4e6224261312735ad7c46fa98ab0

SHA1
9c4779d1e21f5b5ec175706fd13797f78d9f5664

SHA256
76e86ab8296481d70c8102d614c2ccc077ef73a61f06a6656acfde87ac1c743e

SHA512
84084127113ae0ab58e539eb27dbe97435305d48b9ef09dfe5b5cbc93fdf3167b24c0edf1b3e4e7549144dd16b0c443b9a07ba9ffaebadfa71d62405aefda0c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e04bd213e5a670c96982583d4e46220

SHA1
e5ee1a4089c86751d1339cd79c5f1d2084e60d4c

SHA256
b6749ad7deafb711bd349a81967adb258aaf0ace0cf904680910e1a1f8598e8e

SHA512
cf0949c857d95a35d73304572350e7e8a1e488b08de54d1fa5a54086e43fe7026c8cafc0a17ea3ad544a263da6da002b715bcf56474e579fe91cb410072beac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c71776c38e61f4573ed6c8895b6af1e5

SHA1
541bbe146415d7cf7e6ad1cb80451e08139538b7

SHA256
786e68182caacb45bd8eafd236fb75e85cd11ff83ec82cc178c0143848f1cef3

SHA512
138917a539b101bba1732b8f0deed713c52dc66a28f8c2a649254169e1ffcdba1b65261cdf964c1ebab1ea04a8e75d6d0b301467f97d32d464b7d38a0ef37232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b19afee46420f1bbcb3de6438e936624

SHA1
a6cf7888aa88d3dc5a2da0eb1c94d2f28582f104

SHA256
4fc4dcd7f5a151bca32e135dbc09b8e117629918cd3c70fabdbef97307d85128

SHA512
7b888153c97e152fbb4994140a05fff40feef4655ea261574d4cbac059f0bbfaea6d3724af442b1b9cf5781f097b3d453485320d17b55ee8a911ab1952c35da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cd2cc6393ba13386d8b09e98425f4c38

SHA1
db0e555067da7d42996113bbe54c1331414ac15c

SHA256
77a61a100b6c0b3703a969af819299b5713733c3d2c482a94bbac67d89b0a919

SHA512
437c7c97d12f5b6a045280faae945a75a76851baab694d61ff43a933525cca03c85fc8d145cd876e18630f95e8964dfd09e99ad7454ba5bb8e340468d0e780aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
65eff94e9bd2d57fa3adb15323569eef

SHA1
66cce5683359a3cf0c7474c1506f7ea4dcca6f15

SHA256
464b2c7aad784b8cf4fb91b5449b239f670cc7c0a729ca00ff30660a8061448b

SHA512
19560ea32c54f546976ab6341b4d244a142519a5f63c5b3fd1d8f0a1cc3451edb6ec5c3a0cbf9d2e20d930fe5891c46853e3f213a7360ee1c7fa98400fb30b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e5ad10c0fdd62f19c5757f6f619c8f79

SHA1
73199b962d09f29ffab6f693757ab7650051683d

SHA256
0830e7427ddb66601815270bb76fe7a2ac2ff216a3b8845e73b6e66a67f57784

SHA512
b21e77a4a34ba7bfdf88585ea8231a147796a8e3bf6eac0f8e0cf4145fa48ea2873d47b1363974ca3b4b0340608e9d87bd015da4c23de941cf746151afa78f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5a2220.TMP

Filesize
140B

MD5
dfee708b1554d028adc5c4f9ab4b81a9

SHA1
f902111a78db8b5e65d557e48d99b3ee5f7cd882

SHA256
8db4a3b82e42e260a44b7352d0c3fad1161121bbf8455f5f857bff00a4aaea99

SHA512
a3b28ec8440622b0ea08c4ffddb0aea723a9c448c6b2fd79c39d0e90078b89fc4f744408135c5c417b340bde85f5c73d0eb4c5cad516a681bfa79766b4826cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b7b9787f58583e52b9d67fe3637f700b

SHA1
9fbc567310312a8305c0f991c1aadc4996ca27e4

SHA256
3fed050ba529af48ef87ef6a3e0d8d74736f54ad4930aee05a443f223d2381ff

SHA512
1426e17be55cadd30dcc28214944e890ea2dabb2311aed8ba94996baf775b566db4dd25483456156bfeeccaf5884849757906c88e8c0f19e0d3364c9dcd67950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b776e7bf717e8dd546388a627743708b

SHA1
ae97cf0f4566bc7148f3f4c1c1af83128312ce99

SHA256
e74c046973cb229ae3cb17d882b5fe99bc14d8b08e26014eb62eed6a6f8484fc

SHA512
f1fb218546f0f84fd3bd988ce0ffcaf5d6a4468f91e0ad534aab97a89ccd748e40c7aa1e55f8981ff93b770e0d92b1ca187439353a0e269f36bf93b88a1c16f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
5e7534749238c8b76398df891c50d84c

SHA1
a1db4925922d5f22758decf98286dec5478099cb

SHA256
c15a79e8f22cfae798a435edabf949bbc398e1cee04233a1516c045ca1d3abd2

SHA512
b2611150c8af92650276e7126f772fc3104cf9a0c102422c70bc1482f40cde33db36d0464d6af40dd715451a4758fbedf2d89002eb9086bf85b3a345739f040d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
92062d6584970f4d516e8a7667642ccc

SHA1
702e87eb01167dca362dd6e72c8e6757213f6d87

SHA256
ffd4c43fe312e902c0731cc65e3b20b8372313dc673cbb200036f470994d9572

SHA512
40164ba4f5bff730be49115753c0b73bd13c06bc8572debbeae1247476c92ebda4c2f15c8c32d45b0b7b32af16cd691d95acd7c87f4dacb461903f033d3ecd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
d68621e50d17faf8ca1e953f0a810a52

SHA1
fe20b097f8bd87bf667a68795e0b41db31e79c57

SHA256
bb72c9af20d2b214d4366b8ced55a077a15c61e9c42c03f4f7680ddffde11df3

SHA512
c101c66707bc855a181166465f1ec6d6f8d8be2b656ca4d11533deb6b541c300ade349bbf28fb099d98f5890c1f1f77ab99ae27d0c5b618068eea57f9b62aba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b908abe81b2b5f2c18961c3d4a8e75dc

SHA1
68a5132508a3cafa7b98cfd13d3afa0d1ebcb146

SHA256
40a84d39e5cfa06ea4647575a023e7b372296315691c12906037b478c311e82f

SHA512
a184197c93db5c6899b7342440cf288655cf4bb4a93b6e583564f208f82a46290dab5ba96efb4b5e2718a727125e6453e5ad1a77c19b2c24d4106eda5c10d00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
c8849601a5aca9b980df58ac4046deec

SHA1
8b0459ba72ee5f04eaebc10d3a0e963afbcaaa97

SHA256
e7d9a8c12ffaafb037f1d5322fed2d2e7701d3a7a82942732391099a5dfdafb9

SHA512
89ffe8772fa10f16a5761564c01b0a684ac32b4a8d42806971481550102c3a4069ab47b1a1f2d39d197543c8c670047667eccffbf456a62b24b9c1ecff1c5950

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\1d206f71-4fe4-4fbc-9e95-dad484ba51eb.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412041804431\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.3MB

MD5
0f82fa9c0b49e161711a09f08656ee34

SHA1
aa34bb01c9cb1fe586a0fe9857465d8768743c81

SHA256
2143cd5fdd9cca6306c658fe443cac958d7815ea6c126ff176f28a6ff3ae0a0b

SHA512
f61e9e7f341c5a65ac3956006b30e3b6419df790a13512281b1687b14e0f8efb9323246935c3788749db98e444ec7532be3806a5a3cd3806c4fd8e0ed6697205

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2412041804427581652.dll

Filesize
4.7MB

MD5
9389caffd24ecacabaaf8bcaf8c39298

SHA1
0607b3a19b1f213bfee65422ef9c645e4ef1cac8

SHA256
7be59d30452748b6989887ea9668b239fe131cce3a60145075b3a122d09ff59d

SHA512
9f5a89300a5ea734eae6b0a6e986549baa8a1abe3aaa176e3dd64b3dc2bab4b52cb44a7c897ea8e1ad7cabf8adbfa2fbe866823ef2d23374230a2b4cc1ea47e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_46945491\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_46945491\d7472b6d-9b87-4e1a-aa81-69f6469a2c29.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
51c1c11b866c38fa57f761f80e3bdfa3

SHA1
172cdb796a74af1ec9dcb0daac21320e73e9bbe4

SHA256
49a0f236b0cda1dda87c063d2b2539c546dec0effaf9f9cc64309f0c7d4c4f66

SHA512
1dafdc220ac8bb0977cdaf835601a763fae600bc5b41d35f4b702d08857e601e575993dc009e5ec9ec29ebd8025af2f6164b53dce9ed5f16ffda90d3c341b8fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
4f9f4adb99badc1ddcb6dbb1dcb7565e

SHA1
647480fac6a1a06fd2fc541c981764a8d3a1ff26

SHA256
48fbbb4cb6740690e087fc0627950f72516dc1bca46529eefacfd68f291c1d86

SHA512
23e753cbfed37a01d5d8bde9b8fb58adb62d795fe4708c989e1b0fe09f0337756968bf9bd968c11915c79becd7649754bac22df746da74f0c3bf7cb9b868446f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
b5c9eb597ae8c47bf156f138c277d076

SHA1
53e5c3ecd702a08ba214c5fbfd02bdd46711b666

SHA256
039a87b978d7c330e66bcc18721bad372667fad79ccadf1868ecee63a0d1871d

SHA512
e22dce350937433302fbc7ed2c276d26de5b6050243c68ae27e5c10e9f5af09d3829213f4c73dab5a2fc514380fc7022d4cfd146be272172125453121a884ddc

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.0MB

MD5
1f3f27f2edbc004fff1bd87f5b19be5a

SHA1
a1eaaa87d876368e4a866c4ac69637ecbd1cabfb

SHA256
776b790dad6deac1ae264593ae40a4c87e3a986b6e07383ec15243704c1cb0e7

SHA512
6bc5c4ed7cb672d4b4d3a48ac8b228e1946dff7d52855511bc7b5553ad55318cb64d466461dcf280eff9bf2e29c259572f02da0e24e55b8d1b2ed5658429c728

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads