e478c912ca786de43cc76bfece772eef194600726e5641dcaab4e0cb260fa90e

Resubmissions

03-01-2025 17:30

250103-v3fb8avmdw 8

03-01-2025 17:29

250103-v2veravmbz 8

Analysis

max time kernel
684s
max time network
685s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
03-01-2025 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.8MB
MD5

fb23e09da4b0ebd20a0072e75fd994f4
SHA1

bc3433296ae972d574a368d50b737fd984cf3d38
SHA256

e478c912ca786de43cc76bfece772eef194600726e5641dcaab4e0cb260fa90e
SHA512

26d8005aaedb6066b65c1d564234ce25ab0aa9c318610a473aaa7e7fc71fcf5a4cb99fc9422be932ae36367ff48855a046eb0286ac848f34d575c8d519b19222
SSDEEP

49152:SVAbwA+j3AtriaXicL8D8nqdZqb8oM28CBHmLOIt/ZwDAakqbMz3Lnn7cAWFJJx:WA+jxJIfMKmLOIt/yDh7MbLnnXWFl

Score

8^/10

steam defense_evasion discovery persistence phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 24 IoCs

pid	Process
4400	setup.exe
4240	setup.exe
4444	setup.exe
1508	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4640	assistant_installer.exe
2384	assistant_installer.exe
4984	SteamtoolsSetup.exe
2768	SteamtoolsSetup.exe
2884	SteamSetup.exe
3256	steamservice.exe
1172	steam.exe
10876	steam.exe
11316	steamwebhelper.exe
11360	steamwebhelper.exe
6848	steamwebhelper.exe
23096	steamwebhelper.exe
22064	gldriverquery64.exe
21692	steamwebhelper.exe
21576	steamwebhelper.exe
21388	gldriverquery.exe
21320	vulkandriverquery64.exe
21240	vulkandriverquery.exe
18200	SteamtoolsSetup.exe
6472	Steamtools.exe

Loads dropped DLL 55 IoCs

pid	Process
4400	setup.exe
4240	setup.exe
4444	setup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
11316	steamwebhelper.exe
11316	steamwebhelper.exe
11316	steamwebhelper.exe
11316	steamwebhelper.exe
11360	steamwebhelper.exe
11360	steamwebhelper.exe
11360	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
10876	steam.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
6848	steamwebhelper.exe
10876	steam.exe
23096	steamwebhelper.exe
23096	steamwebhelper.exe
23096	steamwebhelper.exe
10876	steam.exe
21692	steamwebhelper.exe
21692	steamwebhelper.exe
21692	steamwebhelper.exe
21576	steamwebhelper.exe
21576	steamwebhelper.exe
21576	steamwebhelper.exe
21576	steamwebhelper.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_triangle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_start.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p3_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_info_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_german.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_b_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_schinese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_spanish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lb_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_create.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0334.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_top_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_warning.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0302.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0135.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_turkish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_reload_over.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_capture_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0302.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0307.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\gridview_mask.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_cloud_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0215.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0130.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkSelDis.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_korean.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m1_md-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\styles\gameoverlay.styles_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_c.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0508.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0307.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0180.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\clienttexture2b.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_m1_sm-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lb_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_folder_selected.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_polish.txt_	steam.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\msmouse.PNF	steam.exe
File opened for modification	C:\Windows\INF\keyboard.PNF	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
17860	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803990915550626"	chrome.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 134056.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 490128.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 400862.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6472	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
1060	msedge.exe
1060	msedge.exe
3908	msedge.exe
3908	msedge.exe
4516	msedge.exe
4516	msedge.exe
3500	identity_helper.exe
3500	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1304	msedge.exe
1304	msedge.exe
32	msedge.exe
32	msedge.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
2884	SteamSetup.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe
10876	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
10876	steam.exe
6472	Steamtools.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of AdjustPrivilegeToken 63 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeSecurityPrivilege	3256	steamservice.exe
Token: SeSecurityPrivilege	3256	steamservice.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeShutdownPrivilege	11316	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11316	steamwebhelper.exe
Token: SeDebugPrivilege	17860	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
11316	steamwebhelper.exe
11316	steamwebhelper.exe
11316	steamwebhelper.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4400	setup.exe
4400	setup.exe
2884	SteamSetup.exe
3256	steamservice.exe
10876	steam.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe
6472	Steamtools.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4400	4788	OperaGXSetup.exe	77
PID 4788 wrote to memory of 4400	4788	OperaGXSetup.exe	77
PID 4788 wrote to memory of 4400	4788	OperaGXSetup.exe	77
PID 4400 wrote to memory of 4240	4400	setup.exe	78
PID 4400 wrote to memory of 4240	4400	setup.exe	78
PID 4400 wrote to memory of 4240	4400	setup.exe	78
PID 4400 wrote to memory of 4444	4400	setup.exe	79
PID 4400 wrote to memory of 4444	4400	setup.exe	79
PID 4400 wrote to memory of 4444	4400	setup.exe	79
PID 4400 wrote to memory of 1508	4400	setup.exe	80
PID 4400 wrote to memory of 1508	4400	setup.exe	80
PID 4400 wrote to memory of 1508	4400	setup.exe	80
PID 4400 wrote to memory of 4640	4400	setup.exe	81
PID 4400 wrote to memory of 4640	4400	setup.exe	81
PID 4400 wrote to memory of 4640	4400	setup.exe	81
PID 4640 wrote to memory of 2384	4640	assistant_installer.exe	82
PID 4640 wrote to memory of 2384	4640	assistant_installer.exe	82
PID 4640 wrote to memory of 2384	4640	assistant_installer.exe	82
PID 2108 wrote to memory of 4760	2108	chrome.exe	86
PID 2108 wrote to memory of 4760	2108	chrome.exe	86
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 3380	2108	chrome.exe	87
PID 2108 wrote to memory of 1216	2108	chrome.exe	88
PID 2108 wrote to memory of 1216	2108	chrome.exe	88
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89
PID 2108 wrote to memory of 4076	2108	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Users\Admin\AppData\Local\Temp\7zS4B2E53B7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4B2E53B7\setup.exe --server-tracking-blob=ZWJhYzcxNjgwMzIwMTNlNzhiYjU3YWE2ODViZjJjNjBmODRiODk1NzUwNDllMjY4ZWEzMDZkMDA5MzQyMDNkMDp7ImNvdW50cnkiOiJDTyIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9DTyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyMjJfMzY1M2I5YmJlYjhmYzRkMTEwZDRmNWUxZTZjZDA4YTQmdXRtX2lkPWUzNjYyMWNkYWVkZTRhNjc4ZTI0OGMzY2EzNzFjZTBiJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1lMzY2MjFjZGFlZGU0YTY3OGUyNDhjM2NhMzcxY2UwYiZkbF90b2tlbj03MTQyNDE5MyIsInRpbWVzdGFtcCI6IjE3MzU4NzEyOTguMzk0OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzEuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMxLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0NPIiwiY29udGVudCI6IjEyMjJfMzY1M2I5YmJlYjhmYzRkMTEwZDRmNWUxZTZjZDA4YTQiLCJpZCI6ImUzNjYyMWNkYWVkZTRhNjc4ZTI0OGMzY2EzNzFjZTBiIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZDYxOTcwZjItZjM0YS00MGEwLTkyMGItNmIxNTM3Y2ExZWU5In0=
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\7zS4B2E53B7\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS4B2E53B7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.124 --initial-client-data=0x338,0x33c,0x340,0x318,0x344,0x7438ed4c,0x7438ed58,0x7438ed64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xca4f48,0xca4f58,0xca4f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c394cc40,0x7ff9c394cc4c,0x7ff9c394cc58
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4420,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4232 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3668,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5276,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5136,i,15573220660470703318,9930290484378135036,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:8

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9c3b33cb8,0x7ff9c3b33cc8,0x7ff9c3b33cd8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8156 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,10804474885301760036,14200803391770247067,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7828 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2864

C:\Users\Admin\Downloads\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4984

C:\Users\Admin\Downloads\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
PID:2768

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2884
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3256

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1172
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:10876
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=10876" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:11316
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff9aefcaf00,0x7ff9aefcaf0c,0x7ff9aefcaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11360
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,14148958177772954470,14664772516350098719,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6848
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2180,i,14148958177772954470,14664772516350098719,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2184 --mojo-platform-channel-handle=2176 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:23096
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2708,i,14148958177772954470,14664772516350098719,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2712 --mojo-platform-channel-handle=2704 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:21692
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,14148958177772954470,14664772516350098719,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3096 --mojo-platform-channel-handle=3088 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:21576
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:22064
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:21388
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:21320
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:21240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004EC
1⤵
PID:6876

C:\Users\Admin\Downloads\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:18200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:17864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:17860
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
12KB

MD5
e2d7e515358bfc8f1026b4435044e135

SHA1
38769bd189732831f07589adf387a707d20fd20e

SHA256
b1899f15bc9402c3101440f999851a8eb570b9083f7d7108202fc3636c0a28e4

SHA512
d0180b6c2922726aadddff9dbf19105243a989720372bca7c55f07efca1cd3ed8bea9f2024278b81c55b3123fbacc83c4eca81287a7f6a3249ad7952b1adadb7

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe61225c.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
1cf75f213de26d620afa74cbd7dd2a4e

SHA1
2a06d4bedfac5438f2da87d1e17b21905b04a43a

SHA256
56cf5acb67215dbd1d1190bc344339ab544439e1024ee24773ea0bea7ee00e38

SHA512
b66d36a52fa888725aec1fc5c9c7b770986e004eadf6fecab1ea620da9e19db3aadd65f4bf30615ff00e2a92bf0716f4e5b917abf48279119ffcdf56cc5ca17c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
179f93352a27e7b3d4c067771d95b7bc

SHA1
041361ac0dd6b6c0e7131debc2b6723fb7790d70

SHA256
cc70bbac74d855ced0d99013f1d5c3a9dc9f7175823b621cebefd5acc236b5b4

SHA512
8ce229f5939cfcc0774966dc59bf02f6474c76016891708b2a2cb68673f06daa84c6db8cc2cb11d447e5e8a3d127993bf1ddf1f1f698f20a4b79553bdfdc101d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
5e6f2b6238ed94d729f6f55f737990d7

SHA1
b4dfbc85830417b94cc58bd5c474e0fccc450b46

SHA256
9209461b62e1ea34daeb175a4cb22941c600632da303600f13676aea696c46b7

SHA512
50717a6e2860d2a2db29b486f7a9829dc7a586c2f67f0388900f192f7d7a646084e531aa22f5a95816fe68d9dc3a086173af649596d43c955a4f1bb1a8f24d58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
b3739e04fa477368c77ec36dd2137df9

SHA1
7cbc9861c98e0fc47733fb3a8a9855f1fdfce7c5

SHA256
6d48b8cb35e894f2c0f43a2c672f3dcf37ab6a4f731cf724793e1952c4a8feea

SHA512
a9146d056b04a690afaddbe591858243b302db36ff62dcb862435660711853f8401d2aa03225310db331c777525bb0a6a6677d8b9243e345ae24586f51ef8395

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
c3d78ade864e2b45d77e80db9429912d

SHA1
dc7835a7b9dfaab8b87b469ec0181a817b263f54

SHA256
1d472f2e1122b9e324458ac48fd660d326d214775385e5a20db01cfc3c55a9f0

SHA512
dc2ea7d689180f48559a1d519f716f1fd63975d425d7c85d0e140d45b534398434fdb1fef788c89119039720dce6235cd0a0e1dbead77597892f7898ed36c4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
f3c98082a4c7d001e6c2b51492c6a44c

SHA1
192c30de0ec7432fbb137429a2a343672f22ee52

SHA256
7f43ee8287826f149b116b888689f40cee252ebd43594deda2cfca0a902ae70f

SHA512
8d37493a5c7c2f961c6c7eacff3aef37543c162c1e8f3760503692e7fd685bf136971301e52ce2fed8cea35e1f58cd902ed07fc91ddce51785c27b9194d437bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ea5c58125b9e59c7eff47e7d5bc8d0cd

SHA1
d000947bfe2709aa6454568cd25848931b21261b

SHA256
857ff49c1407002225b4df86628263678ac4b7d007418d60d3abf563b04e0222

SHA512
cdc91abbed9f631d35d0f0cea3e1195968e8b2ceb176ba8615bf233f5ef6b7126ceb051e0aacdb20df1e3631f3f58fae8f5f0156dba21a87c5838a3a4a40a7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8b1ff4d9d74fd863fdcc8951dc706337

SHA1
246467fcf26dfc85622a40499fd30b4590e868c1

SHA256
6cc275d28dee47263a7ff9728d61823a62379f082d23cfca851947173dd8baa0

SHA512
da3db364ab9dc8a17a7d93af914089440a36e067afca74eb474f4731cf67d821ccc3e47094abe07cd4fb7c63bc0886a8b279638ba3a906a3f403453f1f00194c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cb64c41814fb3b87e1d8de0f783c0f9d

SHA1
9449121d2dc96f9aa9075f4340a771bcf6912d21

SHA256
bb4fbe231e6d3cf81d681994d07e8df2def82a6b9534d6895cae70d9e06db93a

SHA512
c622ed578f54246f2234ccec1c06f4307af31ce5554dca79193912faf8863c70d29ced979d31c6e7bb66f6fbd24507a8c140c23bc8450f2f9db50b5504ec8192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4cb7b121b03a1fecee4960c3b313ec1a

SHA1
1f98f5b05e598e46da34c833f7fc7822386b5f8a

SHA256
9bc878734109a37916ebd28534dc14fe67113f741fd2b847751965a565b448e9

SHA512
fe59a3aa5d04f403ae96b9b65eb1cf85493d6d4fcadbe213d202225044238afdcb05728c3d911c0b95483bd3c69d5af9a8219f7f00fd2b688930316a83cd18c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
86367d91df1fc749f94e5be3d1eb51d0

SHA1
06400629192188ab858d3efbbd8ee8eed2226454

SHA256
fac229b9d1b7982a7f7cc05b71069864fc0144218df88fde702da60b4c649dd7

SHA512
423a8222f88539649d135d2590fb7b13b184209917d0af2015d8573a68cfee6d51bf38f4e054e7ae921d6eb328209dcc38e16dedcefd0fbf8c5f15ca02a1bad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbb5a7930874cfb19589fd6ae80d9bbf

SHA1
ce7c0374504501663e970bf15c1f65b4fe96d0ec

SHA256
9435a8c0e527f939a4274dd5125424605defe1a4af3a5c65c8f90dc5b663c172

SHA512
ec327e547ff4965eb9a9bcb42053530e3fc689436e317f7ca33c3169d34b18b3c15cd9394c3d0e454812dc270e6f18e943d6646b5ed172722eadcec452209efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
05863a987bfb0acef1b644f3ff8117ca

SHA1
31ca1102a17601321ea97a0f625c1af16bb4c70a

SHA256
42cfeb1d39eeaef7439f8a6e3840524528088ceba396b856be51a8e727646290

SHA512
65c7e42b2dd5e636afde66ac62e6b38d39696cc3b8d184df67976c8eed1e5fb42f578136735ce3f0c7f792a1be8e98bdc8cc92072c163ba990670aaf52af14cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
102f4b5e7e167860343fcd8b849e4200

SHA1
e4c10ef4712894ad61d5eaed5e965af96d0ba79f

SHA256
1fa9478db30d5b5a47ee8c92c0c23bdb82888189a306d75b559aacf6ea46a297

SHA512
09a8cbe3c1a7e4441f4cede28c2acd854ba243d98c5b39872091707aad5c8e386a274eccbf1d739722f5620c310b0b02a4556de316dd9193f449802a3b31ece5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
243d50005a9c117989d3ac76884a9c7e

SHA1
f7c6773b7228c67f0ae024fc4b30de99fb9fb56d

SHA256
4dae5ee39fbda292a4b1f4d99bc08509911c88274dd5f66ad2c56f3f09d65b9c

SHA512
d0efc7d0d8c32f491fc657f51a832898f1b3d4e80ee2fc3ed197dd7bc2cb84f310d8b0f4b614efd5ff60e642da87f85f8ca6acfce70280ddd45f13ce8616c3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7990210089e547b2848a7b30f2ef44ee

SHA1
a6c742b6e37bba621478ad3030ad535723f16b03

SHA256
c2fc6a02d8611a400affdb4ea44f15cd0369c9bf72ac72280048775dcece8460

SHA512
bd5b4fc6bf1b95bc0495b4dad99a6ef496097e739cfab000448b8d1b791a87445c50054132848c9af296d5dd2adb91eb7408fda9259f8ee0e9148e21e9e7a6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
221KB

MD5
90e49fbf01cf039bfc9ca8b0310cccdd

SHA1
0bb55bff08e88817194af9e4322efcb3f6e61dd8

SHA256
a530c0b37ffb7bdcc369a17aaf7fc0ddc29246b0df724d554aaf257c468fb2a1

SHA512
2fc273fa98cc9adaf6727ee7953c83794b3a403f45602f865969f494202d8dc10cfc9e399965970ff482e5264300cee3c8cc5b086baf196d51c18b3f4a9e1757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
74KB

MD5
0e9b2aabfd960b33afc98543bf459be2

SHA1
b7d3b9c9744b5c8a445ca17c585de08992f2ab59

SHA256
60bcc6ab1a056143c80d39e22c0db70ce248d054f5111b1432de94ee44947704

SHA512
f519b4da70bf731a49b90bbec04df171204050ec4c825425ab2b1db33c38878e471e834778349c501ea0bc9027a2ad03a414f38075c163be29d4e701b77caf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
23KB

MD5
5414631fc3f3d5e394323d648087b6b6

SHA1
938edef552332ee1ee825b9f08d465a0f8ad8b51

SHA256
dcb2bc0dde4f2b0820a6784482e2f6497bd3ba31cecb9c5f29b621dab679bec3

SHA512
2675f59a6d80c165aa2f58da0dab71e8dc0a64fd592b3aabb52301afa05299dd51120db78b1442fbc10b08302c0407a2b33a7806053fa511960ff9fce5ec47cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
240KB

MD5
72b726150f518fcdc55e783471754c13

SHA1
d06b987a0443bb32eb24ca50a1e0cc51e3fb7ce2

SHA256
1e81045ffe67519a3de984d87e88efdcafd857c77a5a306e8dd3f2a003e963c2

SHA512
9edf465f50a3baf18ff825f87c55d943a8ed891b013248278cbabca80c2f0c8cd798b0d4b97f12486d3056d0877a23547729fadfbd6e31f0127c1e9e9e71fb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6a70d5112df8fc7befe4a79884c58794

SHA1
091b330cb4500c8abe6382f9339567819f0024de

SHA256
bf913b1b66e42dfd59c227b496f3288820400d0e4bd23d106ec3a6e5b4ebc549

SHA512
e807436ae9b0422360f1f471b110ab5cdbb17b83ecc66489a641cc4e9a6732a218c59e46a1061a3a6ef460c82e8a0599e63f04019855b341e5c2152c26114b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5fc05d8f5f753309bbdbac983bb66893

SHA1
0f1d32d5f140ca36cfbffc977a0758dfeb8b7051

SHA256
54b3ecb28e9abe2aec2a02b064f5848920fadb3db0a759a533a3ba3906089ce8

SHA512
5383df755135dbfaff877ad991d0a8dd3a625829ab2ab9bd5c0194cc2913d91fb5c722c921e781530f6ef6ae628e60f6e16d159b2252fbf68fcbed8cd864cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5f475a2eed491f42057886516620be92

SHA1
1251957a8cc7ab05b24ea73f7b4232ec1be4e376

SHA256
de27de123ff2e5c0dc5705af776b7de2235f964cc895e5eb6747f0e6a938008e

SHA512
bc0249e2152a629e58fa8de0e956cd259a5c47c349398a99c108d9c19cca27225def23f78f443de2f0ba05548a19c43e6cd342c690b6a7fd62d5a59a8c60f853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1cc4cae4ee72492ad6c0a00091e116df

SHA1
251f04887647d81778a0dee888ccac6595af410f

SHA256
ee9e9430e2191a1317e1590100b4100e2b8286d82a05f0c2bc5ce1e099ff15db

SHA512
f95cc947ce16a9bba799043f08dee1f9e01ff0fec520901b671976c675a549d7439a8e2543fd68a13a644530bded88c502f1b441669f18be7017ee1a6b661394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
322f0612dacfb361a795a6a94be35353

SHA1
ed9ea7ac57fd190439c83c8f53bff15e063e657e

SHA256
69ea5ee742adfadb5d4356830474abeb056e28e345d42ba48e3a866283792405

SHA512
f11120af79c34b6dd56977aea98701cac4626c3ef3c0fdee80b4fee9da6e67344e2f5e1e24b237e54ca89d3baee65c1e69a13ed3ac339bf88b0be0d9135e0a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
816B

MD5
6959f2e96608bad9486881f9b7e00277

SHA1
fc89bd1aec6a5a66883a6c6b265d8fe1bf8ae562

SHA256
7103e05aa4eb8b76be3f18a2ccdb621c705794c60198c889e34171abbe234033

SHA512
e4e29d7e9492fda75af44fb2a75276d479e32c1ad611f675861e95b77160c466fba061c0ba0961f8f84bf8b5419534a83a419a66bfac6c398c11f483167ddd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
709211a02dc649806826d6e5bdc6d8c6

SHA1
e3c4a1040da928219ae80d80498b6db67390c328

SHA256
bce25e15de2b13b2e6a9f22cbaaf9913019020eb966385ac6964faa8ff5549a3

SHA512
62f5d480d198c51f27c7c26fb5f971982972739701954b2d7929e8f569f3de89fc910915cfa93ecc35c7b8390c82b4bd75a8b3f48fb68390e456670914364354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8268a5a37d556fc96b393f02fd9cc0b0

SHA1
20a908bd6abb5cf493d5944229f15516f629203d

SHA256
24e77b0cd39186b43469d9e147d17e5fb582d73942ae630b377a1a6fd0e24946

SHA512
2e25af943c5c88f05c114f0fa70153e38049d7a0f78e576d97e70ad1e0f9c1bc7af00975a4094280b14c52d6c6b6b44285209ac208c7fd321a5b5549de6f9475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0dcb3890d3fb22a076a552656b0e8842

SHA1
ded20e26336a0027e356cf67ebb88da714dd8dda

SHA256
5e16c2b206d47f7f6cc634c579c2c70e32ae656d76c1a0c5580fe9bffd834a81

SHA512
97c394084b6b92056248632e7ef133a2b8fc2828c4167d545df82a272b3470d8eb74620384980dfae91d751afaadf8f93f126eb2453df88c8bd99ecfc8c2b859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
26e6e953ae629a0922a63a849f1e73dc

SHA1
8b2b21469a7da945e80de23921beef6fcf8dcf6e

SHA256
271af9e7c386e6677981339dda85640704cb35e1e82e69bbd09ff256441f77a7

SHA512
4f45870fadc0df5cfb5633fcda1126d63f1dd2fa63467a8db01913cb4cc902fb525a54456a849e80972a7fe315427526533caef9d3af0cb169bc25528114a73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a99baf9d85645646cec1f2ccdb348a7b

SHA1
197074fbc1a66c4c4e013a026383b98207ef818b

SHA256
dabf316a656621b7dc9dfd8b89cfffa5e883d1a13ed056e96c9a3bafa3890f28

SHA512
d800ab1b073c4986c518bb457a26a6279d60ebde2e960f12d9f975f40dae8794350ad8c045aaaef35bf9343d9e2b5482bf552f27b5d1d95d0a54f01cb4f460e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4017bec983c8a927af89a6c09cdbd7ca

SHA1
732961735b5ace806beae325114ccc1640bdcee8

SHA256
6d15c6802c3e08b4b91d5a6d13bc7d5831ca33e6319bf8b6d7774b50be1b2a8e

SHA512
607227fb3a515b387e3429a86f48de9af58eddb4e22dbbd74c435208592c82d4aa54418937bc038fd67be45dff55b45aa7c71b46773dd36b951b97cf72f2609d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62562820b2f0f816f77be76724ceba02

SHA1
5fc89a1fad53e3be081b3b23dc3ae760edf2bca0

SHA256
3eb71e05dd735706aca56c45ec0de9d43d88e836cb65330559110ec5e494f107

SHA512
40877049c7ff2610157fd429234fdf3c07479a811976f1890bbd77c8a58ee8976282b18cdc020fc33fa888363fdc8d8345a5ff87c6c4840e89538ecf5605a328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a2e094a75b639749860f19c197f3ea5

SHA1
d6f66be6a867b6a3cb1b4ecf1bd25d9825b615d6

SHA256
f5ce1433510711fa81d1905a21e0cf2128b9be0946c51f446643c588dc4743b1

SHA512
bb51b37320b27383c318c490238e4f3a3612a9208f5266269ea2602472cdc9a78da6fed1830cd87d3f041139f681da10f8b287a129a8cb3d6bbba46a9a25e48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c23c8acdee17ce1df117a6bb79c60df6

SHA1
5a6ccb7c250e441bee27d4141560253ae2b81baa

SHA256
49340c2e2749aedd4a169036a9155742966510e892624ba50d6a149d64830129

SHA512
4a9b6a316c89c878e02669be3b6580fd634c008d90dc63bd649189dc26366e7522e1edca3492ea3ad8dcb470209093a946d59d7942bd2dd9e72e767203286037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
559cd7bd3a0d7b3e7d26d7f8f14fb3e2

SHA1
5c1c20d46745107b2c7530625aafb4ceaaba7121

SHA256
f4a6a8b9514748177ef34eb7db1016740d59e4b9a1516eb70d78de53c1c336b6

SHA512
da20ef0f0709c712c13572d7f0bd4575242cce7418b7130846deba0d823805f1206d302a9b54d3e930da1cde579cbe0931db72fe7a86c21d647a65bfbbbef604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
468c5833f66a25b37c8fcf9068458dc1

SHA1
9a0ffc2ae5f663b5af7c29b7dcdbd49536b177e4

SHA256
f9239bc169a9e3e20ef67cf7c8d5f0921afa2fc96230fbecbc93bba79317aac3

SHA512
63bc56891d2f881206761de0a9aa5578f9f40c58d0c88d5b8b6341e2db729ab3c27e8b7d1de0a56a22cc0afef4b29ca38a228fca142c74a5b5d9efcf2b2beef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8909aa664275c5fe01bc57d45997f199

SHA1
37110e6afe9df7cf683d4666984eb7677ae12da9

SHA256
27818d4338374eba1109fd97ef25c71fb4bb75b3f00dcab6ab2cf0492c69a238

SHA512
d2ad084644ead5c6f19c7c3741ed3762dbfa0255048e52e11844c11a871177fe0e9e3b614d16132f5765b24133d1f40cf4d3c4dd13ba9fd97a3515f3a6a66db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3555065cf561acdc9a478041256be1df

SHA1
5f78593c38ce1b49866ac5381ad00eb0ad927984

SHA256
3f5bf03007b435b49df327280380bf1bc37fafd3fcb4308828a3ffa25d056373

SHA512
5d6b1e3a473fe10ab96709a7a4e108598ef09c07f559285c4f6d53e843b398dfd37c0a4eb61a6a95c1b7d4b9586e06c6b3363fdcd5aa5798327da3ae7fe74e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3fba74b4ff3ce77ca2095538be490331

SHA1
805ccf3d0c7cb73440553039f0e268c7f263b390

SHA256
099107f95d52c16a83f83e635a2bd3e881326c0202a67b6f40e7aed2f47f8294

SHA512
ef8c04d905a61cdafffb5a6dcde3a83b92321a35292a83430022836ab9a539117a6450c284b78ba58dc9b15f5b4134c4ebe8ff13be59880d8a0e9bb46c35279c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e53d39b7f2c7690fed7476fc5cfcc465

SHA1
71dbb5c7fa15244e01e432444b6fa28f36f85b10

SHA256
dadf4561bc18c1ac1a2a1aa2d064e27b3f9962b498974bd5d36f803c69330a0c

SHA512
69097fca61136b7529ecd49de56e46ee74df3908746197aefb76e1cad6361180c9d1f135b77af8df860d491bcb40bd64ab834024f9b1932fc01940511db8ace2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33abf2555964333d11863df3edf23876

SHA1
b351a9c8efb3e31739e8dc4915011303a1729898

SHA256
b48b4ad8f06d6a7073b9ca169b19aa3ffbd01b89aff0b1ce8ce615681852061a

SHA512
547aec6d3ca4a6c7913c0b873f613d5c3477be97edd52fd03ff543f69ed7212ecb5160729ace587545d264bb14391a38544956952079e7d1aa4e1a6b80716b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16ea9f8b9731212c8bd7dff17886a9f1

SHA1
9ab6617fdbe8ed79d0dc44ecb511124a15e75561

SHA256
9310adb8a4400f824d5a4240cf6525288fc5aebbeff15c7169e951f3fb8d6231

SHA512
2604156248013fd3b72eb6c51d77f5181f2ea9882a29c9ec5d61a0c495a1ab7a920391ccba28f285856baba3f2a7e6031503c9fd5429ebde6f4cb7f8f0200883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6225beb30318503d665844e7adc3332

SHA1
fa91ce64e42cd1a182787b4c8f7ffac272d4e0e8

SHA256
c989c263cf527737d579e71e1c8e30147a24b0395b218510e3c212120fbf6628

SHA512
496ffffbcd3b51642ecf613de6a73443f5a3587f1dd98f184220c717361b2cb9418812e67410aa36f241e4699ea817d54d1f102eb390197b07aa6958a0eb4aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f81779ef1561d910c8a25bc1e52fba6

SHA1
6b24d52600d60a8f5490473a56c5055615cafc0d

SHA256
90b72d8a905f881b00c5f35d8b62a3f40c20f93ecb63a130b0ea90fa7ed9e3cf

SHA512
dec1f04becbe442840aceb3f7778bde8a65686043e740da435758a7de901f34d8561b41cd43d554ea01cd370e567bd347f0cf8ffa3ed1c6f028efbefcf6345d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96bf3ea5a8143a4a1841cf04457414ec

SHA1
040d51239fc9963a748cbd4366615e65afce02bb

SHA256
98b8f06f27749bd8cf437ad58a2aa92c93875fb86e458d87954b6c7369bcdcab

SHA512
6cb03be5d17de374e58c99fc20a938cc625a10b050ca87ae8c80bfc90dcddb62e1f933108577273fb37075fa968ff168fed810471888171f4d595db1bb3ff8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
58377c9b550dbc34677156f5b3ce8021

SHA1
762dd34ec21cfaa0731ef328517fc277b37dac18

SHA256
6ef9ac0edc46dee4a37edf7f0982bc0bd4e98861474820d3f54fa649b6979c77

SHA512
63d1cb4f9f751e665f491778fcc38eb91371bd8288b16755a08154a800afe379a64e4d10efb75b43d65d4b13674abbd500cb27890a414c53b8afaf190eebc694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6c09e35649d931a02dd3faa29aa64667

SHA1
9673aa2a6c73c2445129924b2edac925d138c644

SHA256
c5cf453cf1343909cf0abd67d730d88412615a770e4f0c12f2e454832b08d802

SHA512
a0378068e8103e949e8006e7ac0acf817a466324ae5240ea1daa6fafc00216d61b589d85abe22c34d30bfe6c07d55d60e5e0278fe0f3cc399b9d690170558414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
13dd06234c3dac94b651d84e71731a7d

SHA1
b69fe8f12ee76d59740c137252e4b4181cbe9356

SHA256
b67792cc15527ed9fc30b4ce9fce587911c0f92404ced7242179e2f407a140ba

SHA512
a5f2decb8cb04a3b401f494e4f0529da9999a04fe660d599de315b2bc35355396d71df5e279a3944fb4cca20d4c86e9307247b25e441d4c235c5b923a89564b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d750.TMP

Filesize
536B

MD5
1a8cd75dd99284e23dc30022ec1eb044

SHA1
eb4617f31ec0c4ffe9b816934eeffbf1b8e198ed

SHA256
15c04be29d4709351ad269bc5dc13f4807593c2236fb15605d9b724f06cf8fdd

SHA512
2d9ce6c7719e8d0dfeedef9f98282a81086e1c95593b16f8af34bc838e19d05941a885e0943436c8aee7c74f73703f1996231564fe5cb7db28e897d53b1b146f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c421a942-ee42-46b7-98f9-600b5b30f3b3.tmp

Filesize
7KB

MD5
fd6b1659a0d573b5d20848aa9866a05e

SHA1
bda966852b2b5efe84f6c9fa6ec62ae4e6708ad5

SHA256
279c4df4c4e099badfabbdec558d49e8b3ede73d25ff9efe3bbc5d5a9f175cd0

SHA512
32aa6e34a27b2daaeb2edae57bf7c55465a259e8d6294e531e2bd0fccf2fe7960f26224fc5ad17384a3f9f44a9191de4fe47ea97aad8a3346177993df2816f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c941b10d-d942-4709-ae5f-df4b49658ec3.tmp

Filesize
8KB

MD5
fd2a881842df2771e05a23028ee7eb23

SHA1
63f11836209e652418175258b0f1fa32675f64b6

SHA256
f14359b49e8e7aa82ea0d5ebc2d060e3f5acbb9f47f1b792b40e71bc10162743

SHA512
c9966b43743660637231a61280cb821c9fde2e0d45010b3acab74a0a807ec814c0d6d60cf9574aef56be5674582ebaa211beee248873c658e11feb0e38e3af20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d6359ef2-e26e-4db1-8bba-f060f2b8eecf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de4f76ea-7b8a-4f09-a153-783091b59368.tmp

Filesize
6KB

MD5
2bf8dd7cd64f6a36793a42fe98e5f815

SHA1
57e9e0fa88214249bb5890312d31f06df4865d94

SHA256
66fd9f83da4e25a99103ec3e18bc34db4b08adc1047d78da6f702adb2a5d9f80

SHA512
0bf7f8aab2d819c0e4673cdab58d9d2747c77e85f8fd6af997d65decbb0309a6c50e442c5c51ca780f4334d29dc8a2f95c8844def0d97e339bb237df4e2b3f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35c36f76af81340402bd097aeea3b89d

SHA1
1a927e19abf504c5d74a405859ead06c6a4c5727

SHA256
c8054a13543095e06784aa2134f6f4df5576d4977d63fa6f439b13dc1a6d2771

SHA512
bae01981e8f7839649a2a14d6be8838054ec7d035d205cc69dc2f6ca7798beffdb2f8e9819646ba3c6b46ec759f298450ec16058823efc8504556567231115f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
51af77f46b98d26ba8e939f891206b55

SHA1
90ac2fe0dd7bb618271a5fba46c654904f57c43f

SHA256
d7e32da09e37b1a0d60e37e477dd154c73cf76a3b9b1cbf1ec4b2456e2b9bcb6

SHA512
c4c9ca09ec13556f6d6b5670063b88a9b86035341366e6cd42ea2b99c0fb58c68052f2e7c2f7de773db3b2d6665c70852d7033cfb6ccf6cec9b29b9103fd31ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22c1af836f0c6cd3507b21b51f625a7c

SHA1
683839591fb107f6b272551d0e9737ff020c8a22

SHA256
75ea07b892b26cb4ca4fb4b58174256eb9a046a89e72b8244003e32c89a59642

SHA512
51f0244d4cd75dbee72dccd76880fc47ac36c5f23dfb818fc21e04a839e3c5936cf6628f3b562943b96e735d7b407f4b13f7d81477d772daa7afab93f3802529

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
633fd456df31016c2ec65eb704552678

SHA1
4d155478a64ede6623a08789cf5dc2d78ca1650c

SHA256
c85a6ff3fb418ce356ff358060a6e5d7b5e138e7a972242bac88839db1b6ac60

SHA512
d6775a512f0a43812ac53fa72a4817817ab7c95f8b9ea9eb3562dc4125d8ece61ced6f874f8f71cdf4e00e9087452be17e2af99301fe52bc14e4e689eea7cd84

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
271ec8222c01ae40c5d9bd975c5f86a1

SHA1
5e02a85d3efb71725249a16d24c380a9a9ede859

SHA256
d3a27ba6aacbd614a2633e75a7a099f36f85e6e3daa8308a3aa813cb2062d555

SHA512
8712437aaadb1529bf778b3f09d04dfbb06c982ff94e0d8ebd993f9c0060d8f7d4731a4db80d6ad7825ff96bd73026f6dc2b06c349c84da7d63a88dbf14ad521

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
36debb9dd208886f2986ec5e3b31ad3e

SHA1
77077b60f6ecf6718c6f8e6f10ec677f80c0dea4

SHA256
e797098082261ad58e73f782e928e87eac905dbf5c107fcf8a562ceed88def39

SHA512
4c349d5287c3f46582068b1896780f9527761b8be1a3dbc5d5d098f91fea78538cd5e2382f1dd3e082069cb5e8f83d7f48dc1229df8f6f81cd88a4c267c28eb3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe615d52.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501031731031\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2E53B7\setup.exe

Filesize
7.3MB

MD5
a147d284d9191cd8783a8055a21bfcce

SHA1
6f87e8302e28192475a3c362ec1d7597427b016c

SHA256
f7b4074a646e742f61d2ecf4b1e78e56216748a35670e23e8ef585a8008aa761

SHA512
37d4de184b8b41a41324258ee4e5de5429228bfc89d1c9ca11a786382f11741e4741d11bc392351ee0620cb08151d710c04d92ed5e42ee165c4463d5897c5984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501031731028454400.dll

Filesize
6.7MB

MD5
f526bf02296cae65098cd1a01dd9ce60

SHA1
58784200e942c798ccbe2e9030826703f3a0f985

SHA256
d122a48b7642d0b49b0c48f3d42d43aa18cd5c60d6497d8ce42b567e4d580b33

SHA512
6eee16d9bbe45d82473f302f513be8bcc84dd02d546b116f71a319b8f832df6d90c8e3469305fe18e2059842f02ea74f4ddf19dab8e4fe816eaf105fd87693df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8AFA.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2108_797013263\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2108_797013263\ccd6b876-5039-4fd8-8a96-c7516ccf16b5.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
0ad6ccc8cab7fbca042a266cc35c6ffb

SHA1
0f5c2039d8a112f97b3828a2f5f446f06240cd6c

SHA256
ffc27ff8e08b561f4b9a6d633ccb9c9400d42e7c769c3a4366a0891f411d4b92

SHA512
c8c4f437d3d4f2b838ae7ceb81e7fcd11da71eac3c2c0b618cce8fddddd72d1aa14eabacddc6f94cd19bbf1d2ce531a9b486be41ef3a0d99806a1c6d0a7793bd

Download Submit
C:\Users\Admin\Downloads\4198242b-e0cf-4d5c-8a44-f9646552e335.tmp

Filesize
837KB

MD5
93ef55f275e12608889ba7c2e908e6d8

SHA1
969a31955b49a8bd82567fa582b3f29528ceb6f1

SHA256
7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291

SHA512
fa3dfb36608777a5942cc3ffdb5d1599efd0420dbd436def11d860312b6dff64af6d9c3022964c78eaf34c3173a8907a3b58e88fda8f83a4e8e4063287ba7c53

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 490128.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/1172-14364-0x0000000000580000-0x0000000000A32000-memory.dmp

Filesize
4.7MB

Download
memory/10876-14510-0x000000006C640000-0x000000006D981000-memory.dmp

Filesize
19.3MB

Download
memory/21692-14410-0x00007FF9D0A20000-0x00007FF9D0A21000-memory.dmp

Filesize
4KB

Download
memory/21692-14409-0x00007FF9CF970000-0x00007FF9CF971000-memory.dmp

Filesize
4KB

Download