e60c452bf67bb4ea722a1616347102a1870c9c140976045d88e365f1304d73a0

Analysis

max time kernel
300s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25/01/2025, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.8MB
MD5

8decf1a7f7f888f72d81104c428ea5f3
SHA1

45508acabb009c8877d86bbb931c5f27b22a748f
SHA256

e60c452bf67bb4ea722a1616347102a1870c9c140976045d88e365f1304d73a0
SHA512

77ea49f934d0ff76e6767911a63a942d040321723548b6ac6aca48d072118b8eeb0eaf596ec2450c4f874fee880125345e6264a98056d1123a8f8b88e5eff4ce
SSDEEP

98304:SAUnubuV70ftsOmh+xUYOfxVkvXbd1YSouYBA1pm/VrB2:oD0fts+eZfiXbfYJuD1pmz2

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
552	setup.exe
5108	setup.exe
248	setup.exe
3468	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5880	assistant_installer.exe
4688	assistant_installer.exe

Loads dropped DLL 4 IoCs

pid	Process
552	setup.exe
5108	setup.exe
248	setup.exe
3112	OxygenU.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
158	raw.githubusercontent.com
163	raw.githubusercontent.com
5	raw.githubusercontent.com
95	raw.githubusercontent.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Download Service\EntryDB\LOG.old	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\ExtensionActivityEdge-journal	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\optimization_guide_hint_cache_store\LOG	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-ta.hyb	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.json	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\basic-languages\lua\lua.js	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\BrowserMetrics\BrowserMetrics-6463B62C-6D50.pma	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Session Storage\MANIFEST-000001	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.fingerprint	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\ShaderCache\data_2	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.3.1\crl-set	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Network Action Predictor-journal	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\basic-languages\java\java.js	OxygenU.exe
File created	C:\Windows\SysWOW64\bin\vs\basic-languages\st\st.js	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOCK	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings	OxygenU.exe
File created	C:\Windows\SysWOW64\runtime.zip	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\BrowserMetrics\BrowserMetrics-6463BFB9-7128.pma	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\AutofillStrikeDatabase\LOG.old	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\ExtensionActivityEdge-journal	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\History	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-ml.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\language\json\jsonMode.js	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Download Service\EntryDB\LOG	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\heavy_ad_intervention_opt_out.db-journal	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOCK	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\GrShaderCache\data_2	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-gu.hyb	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-kn.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-bg.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-et.hyb	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-ga.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\basic-languages\php\php.js	OxygenU.exe
File created	C:\Windows\SysWOW64\bin\vs\editor\contrib\suggest\media\String_inverse_16x.svg	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\ShaderCache\index	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\runtimes\win-x86\native\WebView2Loader.dll	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\AutofillStrikeDatabase\LOG.old	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Code Cache\wasm\index	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\GPUCache\data_0	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOCK	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\README	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\ShaderCache\data_1	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\editor\contrib\suggest\media\String_inverse_16x.svg	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.3.1\crl-set	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\DawnCache\data_0	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Extension State\LOG.old	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Favicons	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Web Data	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-de-1996.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hy.hyb	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\GPUCache\data_3	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\LOG	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\shared_proto_db\CURRENT	OxygenU.exe
File created	C:\Windows\SysWOW64\bin\vs\language\typescript\tsWorker.js	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Crashpad\settings.dat	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\commerce_subscription_db\LOG	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\shared_proto_db\LOG	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Variations	OxygenU.exe
File opened for modification	C:\Windows\SysWOW64\bin\vs\basic-languages\mysql\mysql.js	OxygenU.exe
File created	C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\Default\GPUCache\data_1	OxygenU.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OxygenU.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822461493422015"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 9 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\oxygen_u.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
2348	msedge.exe
2348	msedge.exe
2272	msedge.exe
2272	msedge.exe
4024	identity_helper.exe
4024	identity_helper.exe
1904	chrome.exe
1904	chrome.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
3112	OxygenU.exe
3112	OxygenU.exe
6080	chrome.exe
6080	chrome.exe
6080	chrome.exe
6080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe
Token: SeShutdownPrivilege	1904	chrome.exe
Token: SeCreatePagefilePrivilege	1904	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
552	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 552	2520	OperaGXSetup.exe	79
PID 2520 wrote to memory of 552	2520	OperaGXSetup.exe	79
PID 2520 wrote to memory of 552	2520	OperaGXSetup.exe	79
PID 552 wrote to memory of 5108	552	setup.exe	80
PID 552 wrote to memory of 5108	552	setup.exe	80
PID 552 wrote to memory of 5108	552	setup.exe	80
PID 552 wrote to memory of 248	552	setup.exe	81
PID 552 wrote to memory of 248	552	setup.exe	81
PID 552 wrote to memory of 248	552	setup.exe	81
PID 2348 wrote to memory of 1448	2348	msedge.exe	85
PID 2348 wrote to memory of 1448	2348	msedge.exe	85
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 2364	2348	msedge.exe	86
PID 2348 wrote to memory of 4932	2348	msedge.exe	87
PID 2348 wrote to memory of 4932	2348	msedge.exe	87
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88
PID 2348 wrote to memory of 4628	2348	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\7zS8D9EA7B7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS8D9EA7B7\setup.exe --server-tracking-blob=ZTQ3ZDNmMDZkMDQ5MjY0NWM5MzVjNzU2OTg5NWEyYzU5NGIwY2NlNDQ4NDVlNDdiNTJiMDY0YzliNmE0NDM1Njp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1iaW5nJnV0bV9tZWRpdW09b3NlJnV0bV9jYW1wYWlnbj0lMjhub25lJTI5Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cuYmluZy5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NDQ2MzQxMjYiLCJ0aW1lc3RhbXAiOiIxNzM3MzU5ODIyLjMzNzEiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTMyLjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEzMi4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJiaW5nIn0sInV1aWQiOiI4OTk3MGRiZS04NGNkLTQ3OTUtODM1YS1lOTUyMzU4ZjY3YjgifQ==
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\7zS8D9EA7B7\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS8D9EA7B7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.152 --initial-client-data=0x334,0x338,0x33c,0x330,0x340,0x73e8fd9c,0x73e8fda8,0x73e8fdb4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:248
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3468
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x5b4f48,0x5b4f58,0x5b4f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ffc97583cb8,0x7ffc97583cc8,0x7ffc97583cd8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6424197298196355819,15442574860358987624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffc85e6cc40,0x7ffc85e6cc4c,0x7ffc85e6cc58
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3592,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3744,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3904
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff70bbd4698,0x7ff70bbd46a4,0x7ff70bbd46b0
    3⤵
    - Drops file in Windows directory
    PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4332,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5336,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5012,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5464,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5472,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3344,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5252,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5340,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5260,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3356,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5692,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5516,i,1481222215464821275,1342999480733079368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Temp1_oxygen_u.zip\oxygen_u\OxygenU.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_oxygen_u.zip\oxygen_u\OxygenU.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://oxygenu.xyz/KeySystem/Start.php?HWID=978684b284e711efae90806e6f6e6963
  2⤵
  PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc97583cb8,0x7ffc97583cc8,0x7ffc97583cd8
    3⤵
    PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
9f22507b09ea5798f32cfceae6f64dc3

SHA1
9e1c2377ba7f6cdeaa205caa8c0ce663bc6611fc

SHA256
2a94ef50b7cb0c4e3695be4eac43c501bf959da478224c9173628a6202654307

SHA512
c18d8daeb34c8e1d1864cc79b972ae42cc1753961022db4fc3bc3893e55e3360a9a0791549540d14c53babb61894b20835b627e1205dbd502c316387aab72434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
3d9b4bd69a21fcb2696d9f98ad73af05

SHA1
270fd64b5f5f7b9ec3f7574b616aaea1ece5a76d

SHA256
e85d003f36a6d9585056f7fa770965edf29f3057ebffa897a8ceda098e1105df

SHA512
58a98dbfeec2bd3dca85b48441adad6130052bbb5a9c8ef9d547d37440e48f733f54c7fa84c442ce05a51967aebdfbe2fcc7ad3f4b931f8b443fe85a4ae60096

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ba752027bb110b54083c58f1f182a111

SHA1
b1e2c185c155bf4689adea2ed77402bb1a50ed49

SHA256
85ac307397a0f746793d7b82c37d7771ecb572d27a071d639b8e7d9d4b0c320a

SHA512
6f1e1950fb03ddc7ae5b7a9d639ada8a444cae351cba79b8ef9798a720e21189a17b1c40f0b3ac1532e215099f2d897488d2120bc8f1eae293ab2acbd63991d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
108KB

MD5
01d099cf1c80e91732fe9b1b3a534832

SHA1
d0b28f5ab5f131a4347c20bda1d2370abc707c3c

SHA256
c6eb0413ceeb082e3790a9de028823568b31015eb26d28b203ae36ff7a79adf5

SHA512
8c4f7d5fa45c4a0dde905f0a22f9e82450c36ef833d93121c147965d35b6be086d0e964f39d156a7dba2304247e684cc365d62f4b93b880c397dedd9dd2d9f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c16a5f69947fc753dba39e2ae2bace4f

SHA1
68cd70be67a9f09cc05e1be9617d6e8d11165894

SHA256
742b86ac04654e6be2e7991419058832fbd8384974b9de6757be649dc01b9a20

SHA512
088a8baeaf9a5a225a987dcd45e8165e256a733e17b44c701fe84ce543ff17f61fc4b424cc6e3dcf493d8ffdd0e6c6a000d0434a7e6a6b4993ba1966f51edb83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cf41ad3c35a693d1f7240e8fe256ab16

SHA1
d63ea8f9dcebdae76754edb86c21d083efe8d509

SHA256
637aafa4c0aa56d5ff812dd2e5ba67d11aab4840a710ef340a7dc0657106c286

SHA512
ae47a99c87eec5ac66fb8e19c2c94aa9b20e58a9d0ebcd63d030ba0b51249f74417b3606e25fccfe64358f51cb5f450d96447e17105baea23a80b76a9924b1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_pfnbw.developedseve.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
2fb4c013549a28391bc1ec6faea7d852

SHA1
ae7aa420c2655bc8efdfbb58c64af2f78d0a6691

SHA256
b1328fe9dd03039e618ee6a4344981b43bd81ff4a03027147ab76ffde4411321

SHA512
8513facd099be258d65fd609bf52c7e2849c00c5e9402b3630f8cd446640fd2cfd25c96cb2867ca97b874e9b23e1c4d1e7d0ee8a190508d11d4ede82af09b882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
634a362211349bcfd3b685c04334d117

SHA1
e4b6e7cec65b3f313a122af44cda14b2595c50dc

SHA256
14e866af401967fe10250ab78c79d120e619326914b37c394adbaa2b9fc63a55

SHA512
db0dd7fa0c65c722d62706ceebb0177ad1ca6e2a54d4a390b86622f21c4beed95fc9ff1e0a786385f54214c9d3d1d28106bb11639ba91ab9755eaab46e1fab04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
4d7eba806ac11545c43bff2bed4609be

SHA1
dacb32722b757b7c98ed1696ee1122f81ffc1a13

SHA256
cc5eccf64e8a7a51ac6d5870659a95263f5319918899fa73f3c47a360e219f58

SHA512
5b4325fdaeb0b51da51034ba06a330ded386d260abd6a841b3dd7def56cd038d9be1a0db7d53b488c1d371d4c4a9a9d0f526762b181f0b1e2ce16d93eab145f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
18844249dc58e51916812e6ad8d5a84d

SHA1
b31b05145470620ee620e6b6845e953906cf5178

SHA256
8e9d44495e4ff9b25d57fedb3363e2e40cce86a6810c02676c7cd2cbca4e43e8

SHA512
44c896ded4683e2b522621133144b1390fbd9a682d11b427ffaf0dab1f68e15c30e867f784f444489ff00c1bcd7c19774744e696337ad0b5c2a3dc6d65822ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
88aa1cb27cadf4aa23481e95d0eaf6f6

SHA1
1d88643df8c538599602b4919a30cec19f1d03c7

SHA256
812c9caafd7262517fb559c349db1963bc53698a97bd3e314f1ed3cd91e27d0e

SHA512
903ed63d790ae837b969f5f62a489412e36bb6c1a51d078fb165e1d4d73a6387ad0e0c874c7765921e4ec75fd76bf996e135a9f89213c33668c66ae5a4366e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af617484b293af41ff3f467301be9bdb

SHA1
0abeff3701628b167d5d48297f2d3062cadc9fba

SHA256
d371f25cd773adc378fcc10c3c40a32f6ac7c49c39489490063fcaea4e6d47cf

SHA512
ffa943d9ba4c86491dc998706ad91d559b194487f4c1abdcd86eb4be3c8c0ec17701eef630cd5eb97f25d290ebcbcee888af8636771062cb76fd0001ad6c3652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a332ec527bd13208a495392e2924fa12

SHA1
ba32150e799e14f01ea352710d0b3bd6df210e19

SHA256
90807824d711e96c87c1a42b1aa1eee39b9291ac8dc7b202eba527dc5d2d0f83

SHA512
c35ceb290434228db00f9b8cb05409fd6c138c990ff2a48335773136770e1e5a916b472e837d75d1043f0eb2b68fd42c9df5bf4f797b0d5db2869b28172f4443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
34cd9a130f7342e5eaeb0c7eb180548b

SHA1
7de97ee17d54013ca0f49702af67c2fcf45ac7bf

SHA256
57c5947eb67be0d580f7de58d98d1f975357016af087bd36a33d4966a8404e64

SHA512
352f9097e542bb675af1c82a3a904a1ca407008418f76cf9b7120806130eefbe77018669870b8dce4f127a8c488c5f58545068469e40d4e991dd17c38d539659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f9132c58c9e94445cf1669ef8c3ae7c

SHA1
8097c95ab9d0026fb654459cb344cc19774963ca

SHA256
24a5f3115f12860df4c0c8907580eb956cf522d175797042caa88b16143b6272

SHA512
9960531a65f79e1a24a0306d833a979ee53b6dc80901072b627d44c2a475f173f46957cefe3d677f7948f5771d51a4a262025c1c23e58b20aab336d8c3cf9e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70e0b9a2828d25249e858ca1a4c41adf

SHA1
667a310773c6d398569316d5ead2f428c37c8ac7

SHA256
66cf6206bdedd4f46a7807c33754cb17da12f844eab4cc7692a5dad0eb133fd6

SHA512
4fcccb4d14afe2b3f001ceaab33430b6960437f711a8c5f6ec1fb186c307a2e727d3f80630b7ab726545054c8fe822cfa995b6684dd104821808784506cd6113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7a1e7e1aaa2f642f8b879f71f6689ec2

SHA1
1915d4ed75470ba2a00a37924f9badffe6f38a3d

SHA256
e954f7ee67e5d7fe924d81fbbcc4d46b8081540cfb8de9537b852ea22de91b44

SHA512
630068fd41332d410c88f7751c01e4883f50fa48491149e2d67c1bb0fd299cf5f4b7acc2fd6eaed258430400ae412575fed156fc41f8e9cce7165d4572c1168d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
88ec5fe94dccb3dbe44e484fa7caa058

SHA1
1ec76b284d60a5c6c9a3ce7ae747114859a26e83

SHA256
35bb252c96634917e732961c803f679a73cad80793963db6a75374dd5a67d6ef

SHA512
6a727007a61fd3f387e9ae716d5a5e5fc5b44a57df6e5a319323637f5b3ea0a8201dee5f9de7ea1b2888ec011cb68d8ccb0058f55b45a161b1663ab5f0b6ba88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
afbef5694abecea695580e15a3556db8

SHA1
39626ed02b292e7510f12bf92c2cd51d8bf5f87c

SHA256
43be66c5e057c188dbf12378ec0558505411a9031627f9f50adf238112ab3d59

SHA512
73033c8840c3ea2b9ccb2a7ca5c5f8617f52ac02cb65e8f6529112082772c59b6182ab4bdf1ef5ed73ff820c146521755a3f310d39c3730fc5b10b18fe31f670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
034dc4102df9cb28bf4d96f59199182c

SHA1
06655c816e28f9b0759c696d13a0891729fb52a2

SHA256
f7b04828086096fdbda96f4d98f8a676d8cbbb82b9aba65bc880f404c548707a

SHA512
9e9a49b7d3a7b9eba769a85c7556b99dd39b78efdc596238621722da60eb08a310ab903bf5059f4fb84b8bb118aa70caef73098b5de5e61b5ef0c8b674f4ccad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2dd12f078922e7314b4aaa491851a994

SHA1
8fa549239b003cdf835f27e6bb5a0bbb9971f700

SHA256
21985ef6fc809aba5b53122d7a981742f75d70c5cb619415edc090bf6528aff7

SHA512
c282204f76e6128f35612adb18ced52c8af31a63f177c17e4d25451f5f797daaa39b878e762e67dab46541460f4585b0bff08d7b529cda807117b594706d2fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
291abe6de8ef78f2cf5a5f102d0e5e3f

SHA1
68182e131edbd60333c8348230e3224d93174270

SHA256
ea7a671d332fb40d90777bde8df241fdd83ce233f269d485b25a4b2884eec5a9

SHA512
a7a386d7fd3dd3322afa3c4aa4e777d7f3cf9e390287fc8c482452c7720185d536be01bcfda78d721a6c39461e528029deca49ab5addc16a2ff5fd94f2096a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8ba4a54cc55c73e4be2870a319b1c324

SHA1
fd9869b3c3431c090c5fd7c6936a249fb698f1f9

SHA256
ae84a96f60ec367e57f0f1f69b5bcb45ce23614c847a3652ac43300aff2d6c21

SHA512
4f988a3b95ca409a1f72dc7d3805a25ffd783347c7d6a55782251fc38b70e0d083409e9c9c96f3198189f7e48a02f328eee3a7117f942d961228502995cc64c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4956787d03ca161f124260a533ab9b09

SHA1
daf169d1ae8d9b5ffcee5cd55bd42bfcc590041e

SHA256
7617546ea3cd6aac5760b628e95d1ea2043f1e280002c7357286eef932f4a595

SHA512
b039c6242968b08d20c2d81bf49b157c372681dee078a58273820a91c10ccf813fe98d7e47c17fec812a7ae30581b8481907b57cee90e698920471a2f43f00c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
933ac1040ae7b7f44df469eda62ac250

SHA1
14577cbbfbe771878ce3c8bfbec6fd6fdda63dda

SHA256
de9e542f0589c048f127f75589fd5187c7ef2002df679e42acd427e1047dfda9

SHA512
ab09ea31984381ae71057fc2d510253a1532d70fa8f9af51e1a510fdb53e7cef2ac125126988b11353d781ee7e6e4cb3c88763641832298b1d8f0977926f0690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d89465eb50c91a06f887fe1e2f5a01e

SHA1
34a196d73901be4be2e51ffd748d3cb0cd9c1723

SHA256
6388d5f6b3fd803c7166773465a2051ada9ca2a76f79acd7270f16357e4cf38c

SHA512
e0bd283e86c14154c79b8d6b0c35914cd06dc057986e568d3fcabc1a4e948d475fbbff40f6d12e045e61287f231ccfa204d1e380912cd224de2275721ba7ae0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bfe14b9b2be2649127a48ab4048906bc

SHA1
436a0f05c1d96a0a9801e441c84ea9430941714d

SHA256
36be217cc030afba520a5f6dc6dc3d6869b60e052d6c3c2029810f171580302e

SHA512
91f9f4469d2bc9bac4c35b7b3e2f6f2d795371487c361612221fc6d4cdd93c3b5ea0ea0bbbd8522504963f2ce178bdafc4f2561d6fa27fce7329954bb8659368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b4d5871b78343fce6eb4fdc67d133128

SHA1
688c340910894b2ffc13773d6eb55c2528a4977c

SHA256
5ebfc4cc86dbf47eb558a9e0ac7f081cefeedba0b3903fdadcb400bc5b9aec0e

SHA512
5ad85d79d7e62bf5b873d306b79d8d314bc6ce04f3b23ae839e799c1b898791d4731bccaea0bc4aed7745a3727232ba8948cea951abf64195a36b851a27a2be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b53a19c8b3fa50d36c1b025b8daf89ae

SHA1
e7128c29467413ca875ae4349aba5cb574b743b8

SHA256
3e36ab3273c4ecfe1b0ca961b2547bd8da5f60630ab255dd26c212fa3cfc3f97

SHA512
7c30689b5119245f4cae20c47ee717610a2e27060439635da84ac60a9e5cd1ab3a5cc287695ed7ab1787e04abf0d2fa95bbdc42ee324cbc95d0d091c28ed5c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e338620cafb675116783a6bff9bd68ae

SHA1
f8121e4023a720d258d5e2c56de2199b827cf66b

SHA256
cb71226a7934f9dad2dca23c1fd378f3f6f63d5518705ec24e71aa6be678f248

SHA512
c38bd3586267afa3cf8a46d6e299809e3ec1d9c47ecbec43ba25706f6f937b1f31991b9b4789700371c25aa0a58eee9699d35cdd4e57ccf5709a503ec7d1bd20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06ec6ab7d05f5de76a70fc31f759ca41

SHA1
980b9bf408779509fd830ed74570a8a7d1be8d56

SHA256
8a517b90518e9d40f75d0fc90255319193e84a88ff1aa6737452e78ef9e310fb

SHA512
e7df3f1d067e60a1c62de3298a1618de4dbb1aafe3e5b00de058b4ce295dd5e041946f43ff993425947e7874a2c524500b55a3243a9eebed4983fa0f65932676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8250e600d8997c89c27bce4e2646cf79

SHA1
c9e4cd43ab8f40fe293528e85a8ccac92c82bd5f

SHA256
7e8cd7988946a2f6d4ad6e2e3f027ab25d150e32f0e9dc8a47736e15eb5c91ed

SHA512
cb28589dfd6b0a7e660e6b91d8eb6b38298b001754a7e2ea027764985b3fd5cc08824b1a507c6956afa44f7645d5d2b93c5ea5d074a876778d15ac31fd07080b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ea1d945dfe34c47b4950d02a537398a7

SHA1
37754a0cf2f9636af9604b00d59d4d3fe85542e9

SHA256
d96d91484553df72bb55f909a9f0654804902a58432e5689f6806a8959151ebe

SHA512
b64c3d0f0a1fffc48273a5004e89159ce0358f7f7a53f42fa02dfd7685ce79cba5c334bc0ab2fcae76432d9b0b206d1ba9f66abad1b304d86eaee8bd2c2e5fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4332c684688a60896947620c6b0c6d03

SHA1
b11bf794c9c4a47e0a58184ad46ad353276d8521

SHA256
f49196d1b0aded7657a64c20a755c2f0b2ad10928f33b23b91f88d5fc33db6a6

SHA512
a3eb38c9ea69048a161f0b9434e9b4700f965c4c67f47804d5cc5b93b345f50db5850d24c3068f25f611d88e4ea67545db34254ffc484c9132cb2aff06f3194b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c073a0172a9456d20454b3994a2abd28

SHA1
0ddbd3e477f28916424aa662d80bea46d1aa8c71

SHA256
589ad856e8cb55516edd29d6bee1a80215f60d7d3969267057de2468f25b5852

SHA512
346a856e63a8bd4c0d1a9903632e6152033bd90406d8cac2dae2abfc3ee5e6997e0cc2699e677baf568dcfb9da6a4a72dc1672d5d42e7bd3b9e9243a20f924bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bbbbd681-ef5b-4a93-b4d7-e57a2b1a9de7.tmp

Filesize
11KB

MD5
bf3ea1b0cc4c046725f1a081845a32d6

SHA1
7b3d13d13363be2190412e1d69f6aed53e0b3340

SHA256
9d2d480d298da54d50bcc769d6d6fae0a94d81f07c81dd490fb53dafba2eb1bb

SHA512
47ccd3bbed4fd23b049d56074b6193b3f3c804f35b20a33adc922f4cf2d1cbb2afd79a5c705b6401e37c7c27412f1c23ffa5c9ac7cbc134eb918af0732e1e8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a2455e32c363be57f3db01fcec10520c

SHA1
90e2baf16e2e852d7cff87e8b7be2d772547ca21

SHA256
73502d28ee17ebef1e97d03f46138b1f3b9f4cbc9a3577028e36d1d2d3217a32

SHA512
8ac99f2e6add8e32dcf3f347a95ce61402a58f8bc8215782dc7e674e40e9c2ae2e61d6ed86ba288e519126d70f2e7dadbb0bdca5eadb2df28db360f9328edcb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
dc1d63e6fe0e5c8a7b908d4db2421a5b

SHA1
afc9a1c1900576b7162c468f23ab5fef6d697f4c

SHA256
a53caf073f29dc8e89c480930d97cb663b779a0c4183bdceaca87411ffa08f99

SHA512
6bcb92dc86ac8dfcab4e62bd6aa73f554106576dc430c086138ef35aafe6a83ab6746dd276a4ce1f4a8a6cc51e9dcb3a8e8c2574e05c56b072ba67b456e525ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
d94439fbe6573612fbf33392c107b15f

SHA1
d0312cc40b5b5e0aae27fd6da5097659cfd31106

SHA256
0b9bbfc413772e5a562322aac9d8a98790c7df593d6b15156d1a95c0a64c4450

SHA512
926d1476957c176a313860dc2744dc548b61480d8e6215c670b54b01a5318bdfa7ef073f5d8d75063d82bff3fd87d7a6bcc7fa16022ef82c635194f01827dc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
65190c0cabf4b3c30da8753a5d34cde9

SHA1
416a6455c758022d59facb71b17b16c295f54785

SHA256
ab92945b5dda0fa5219f11830bdfe0a24141d4dcc1daa7e4880b81ff600b219c

SHA512
4c4961adc5bdce71fc7538c36a4046e1e458ec50e0dcd61be46be97eb6add2d71e1f0104ee2d491bb73ddc3285f3026b171be1804c85f284c5f849dcddce8c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
08fb55fbaf40aedcaf85acc0824db49d

SHA1
f3cf41c9c5c586722dbbf7f23fdebf77f573f56a

SHA256
ce3332933a7e19e9efa2195e57674a521b3674418f30c497a0198655edea32f2

SHA512
7f6d03775c4bc6d79a44d11c23bc2c412a31de5690cf476269daf1e0f45fe238f5425606bedc685e7a7bc0003c52f4dde396b0be35d0026d68be46b91422821e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
540B

MD5
73e8825e2c9ce961514fb4aefa0eedcb

SHA1
7a191d563435e76b29d8a258ee764ffe02090ec9

SHA256
d94aad3167c35368e99da5ff4f23a7789f9ffadd308b919810907ddf7552a752

SHA512
77c01f619efb7b9400cc1fe8cfc2c146c3d7745f270eb58c83a730ab81916d47eaab7af033390bc48076d2bbe48b6532ffdc75ffab9e28275ac678bb81f0c917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d40aecfba1c77b95c7ff8bc893c2e253

SHA1
d07f6cd01c654e324d95c47162b114b63cc9633e

SHA256
523fec87ac77b6343ac51329f4fa108a723909b04fa3ca5efd92a47bcaed5238

SHA512
0ecdbf6d01126b0431b4cb83745bd8ba5b0e0650d7df452dc1d513748cdab4a76748d0f05878c8c7b42ec59ece91ffe99cb82368c69aa4370a9d083fb5dc5fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
696B

MD5
0a7c35c2b3b82ad3097b7a6c88ccd1cd

SHA1
a5cd065eae1436760c3ea631f7a1264f3d59d296

SHA256
73e99553d9e1d7b21437ab3f7ccbbcfd9647d26949748ee37032c4396941ecd4

SHA512
c4c4e035ec24b324d624b325542fc6bfcd602f4ea8c8efe00f259679d73aa801376c51a66ec8fd0780fb4c8f004bf8a209f4870bd72bdf1d0aee98a83352c4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d70bad2df4d0bc3b5f9bc17f9130618b

SHA1
b7f649fbb08e75cce3c6e04e6826fe17388dacdc

SHA256
fd295f43bd8396648cfed1a47fd529faa07a5cbe7bdfc78d3e68aa9e101f1e3d

SHA512
d5b1154d9e25e2905e9e165e783ed6e1fa4183ec8724a5ee50d3196d3b1681cb2ef3ac8eaacaf9234b3ca02aaed41a21d4d29a00f908cc35c72ab1ca611a92e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd26ab1841c2a23978ba74f4630f4f08

SHA1
69d4a94a172208f349fa375b00450d607185571e

SHA256
c9267397068744eb958555e308a9496e3bce9e31365541cfc6b912788eb60c44

SHA512
15689edcdf9afa72f3995f1ac3d15df18a75e67901e972cc65ffd0a0d9ecb4ab2b64a6b22187833575c21acc29c241f1bab1d48dbfad92a6cbf339d816cbd975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ebc3a64dfdae57600b1fce92bd30fd5

SHA1
5eef41b5180a8fa8db81c23a650e9b5f0c4e6aac

SHA256
88f0fa9c53a5256cfc4f256ba4cc6ef3d10290a7dbef30cd2314d909d95156dc

SHA512
f5b02c35d051603fe34e4502c9edb0a19adc4232da88cb4ababbc05f5dbccf1b8af41c783eeea794c4cad47ec607af1bfa11a7c105bfac279f8db13ad6bfc483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc200cd37e2183683c2d680bace7060c

SHA1
ac3630c5d616c2da3924c0d9e26e10017d0d6684

SHA256
8083a68f5d690ad915b01d6b7e68b8a6d09fffeedaa2fd8661fb19004a9f2b38

SHA512
74a1d68d298d4ea351ade45e5260970bc3ccb8a671fc492216c0e549247dd852dd35a3d9dc0d61df3b862dd5454e6f4c28d6a5a7954c703cd1d7cf65f0c03ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52882011c73ce5ce822699a196eca957

SHA1
a200f3293f3ba1556cc742156bc99b518ec6e308

SHA256
cf6407e169fe4523b67cba4365553ece334ca418c4db948ad2ad4a8abce698e8

SHA512
34dc4f6c75c8c7a114751dd5f8ad73bd78365b35126de40e51bdd6d347335dc8f6e434e81c01c1145b9da488a88d1ac0f09595306aebbbd4997e90e05ef94349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c6f52260847d1ee39da27b4a067bd3e

SHA1
467fc79db2edb4dbc42ab665b618d796306a850f

SHA256
b2e69f0fe8c5d3962937a1c374d3fa6a9103a92b3afdfa75ab17f90f35e9a906

SHA512
136fcf02b197ae891123817a6e2ec36604f17e2333ecdebf743d7a9cb8cdbb7d17f4e86501fa560edfa07e41e51f037384e2e728f2b88a86ff458d7749783dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05d6e4bedc1cabbe895ba1ae7a6a604d

SHA1
361df2c6c7180881df7d5cd2a268637947dfcdb5

SHA256
793cd58661b6fbe93ac40454fdcd0ecec5827d6434894fb39ab5adbdd7621266

SHA512
f2a37dff2cb6ccb4d2541a6b2697cf5921c435201a8447ea159b8025b379a8ac74dafc2b91a0e498094b07c420699f6040ff01508f99e6f1e799511b704bcbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
3f25071eb328a197018f919210ba414a

SHA1
6bc62044e063a7f669d3bf88094e8e4e20a7cb85

SHA256
d7ea5fc7155503cff090cf6d59d090e110b49052f032f3e9024c845cc9e13e9a

SHA512
657d42fd7faa8bf5ce73873559023ac48acb05064745bcb373402bfbd15c3ba62104e7fcae5a64cd4d2de593c1aee78eba997358f4d063e00458cc4708247064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
280eb6ad373530ebd48cb3fb751b000d

SHA1
c1b161b1664c400e05557fd8113c096f41424c25

SHA256
25be0a5904ef8fb96b931e7e84fc205c655f63718a082a721db00a9e6d9d41c1

SHA512
72ab01573250244a30604dcacf1e3fc85f7e4baa716d4907bc3031e44b19b6a81d7e5072aaa477933922c741a42bef91f3f3b6d02e845bb85522b093736f4a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f59534fdfe24953e14aec9e05d8b21e

SHA1
053f873f7fa96307d11d135a3b13f973ae18754f

SHA256
74bf91acd4a0e107ff5f3613e23e5fb0c6ed0b6632ff8a22e7a2c39b9f20eda2

SHA512
661c890fb244322f420982cc5a0dc99237f14381d2f63eaf04262afd7a0d03032fe376fdd6aba1aca91ae68e446fdf22ad5680e197da837a728ed5b29177c329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581671.TMP

Filesize
538B

MD5
4eb6c686977ce54be4a6d58a3bdf5d8c

SHA1
bd8d898286d5a0a836e58a01fe44c1b7cf2517ba

SHA256
5eb7e5867776986071d075cdd159f4821de47780e3de08697241aa8150fc9553

SHA512
bd2ba584a6e9a11aef9db78a31e1b528886dc38c685a4bdf47448c2a2c53e2bf7aecd81d3dd0d1b6915b3a0b8403c0f9d193679660f047c3e938b52a851fcfc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c0f7978cb62eae704b84286d30e5a19

SHA1
95f6419cb2857ed6e7da6961e60465642c2664ca

SHA256
3fdb33a3bc6237c44bdc536630039cbf64e613e51eaeee803f69392752f77493

SHA512
4ca370e8fb75daff85aa1395fdf4bf3c1062c99a211a56bcd58d12cc196e9499b20b5330afc46e01b773e4074b27c3c8a91dfd92dd184bc7e907f727a0daaa92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1db38d70398492536f0137369da8eb8

SHA1
d4ce862eafdc01879053f7953a4b0c2907e37fc5

SHA256
08293423deb4b4ab4763230d2e226784d55d4cf62c64dab26390bc9030f31618

SHA512
efd7cfc365dd294b68820437d4cee76df8de77c66b62135a1dd046c284158df521d12a54a644202fa31c1f86c605a4d505318533d792c43f7d7b0416685d3e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501250235181\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D9EA7B7\setup.exe

Filesize
7.3MB

MD5
bf8c8a0a925cecc534a751d5e3deb802

SHA1
2ee09d450b422aef9bc659b92321fd7390c29c19

SHA256
c917279e80fb5973ac27e2ca5a9c2f6bc195383760dc08917bf20bbeb2a5498c

SHA512
6db4bf0a8954ea2fb484fd49c0551668f19d7a63258dd18f6980451b34e5faeb36e7d988332f25161627199568d4d69ed5658e73d1e126c8c2e857f13dee4f78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_250125023517955552.dll

Filesize
6.7MB

MD5
658d2d0360558b8b507ee5b3f45b7df7

SHA1
396f70c0c5edcadf807af9cd0eed0204fde6b00d

SHA256
04fddeb823dd6869360d2c9bd4a6c340ecf2f3178d4a7cd5293e5da631bf33da

SHA512
496ab07ade095af48ef91d60eef43a75aa39df77ef362fd2a68920bb9965dd70ebd762a1bc59a77eb5951e784b537639fbbb2915c9144fa793b9403ecfe1be66

Download Submit
C:\Users\Admin\AppData\Local\Temp\bd2ba828-dc52-4fe7-abb7-2159f430fa55.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_943958433\163de07d-1d64-49e4-9ce0-4f5e923951f5.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1904_943958433\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
035d9af45a4ad04720245d2f013a1c16

SHA1
90a3683f7af979fd0db870fa8f698d39782d388e

SHA256
49e04bc2752b50d0843c5a92bb260ae5addcd387032f7106d731b3ecbf5d3214

SHA512
03ae398dcc97f5757e84274a9cbd0a3e7f5fdf659382d2fae93c20652104a7dccc2872401183acc360a0203d9d795562a5a9b8ea00f54b238f485db4ffbed9e1

Download Submit
C:\Users\Admin\Downloads\oxygen_u.zip:Zone.Identifier

Filesize
61B

MD5
c3289a1094ab8b0ed67d912a2065e0ea

SHA1
a9623c89dfbf3543a4402d3c34f69addeed45d44

SHA256
ccc9c2e046c892e9e8811c909aba6dd7d4f13edc88414972fc05673e56e3df1a

SHA512
591d758a7503350ef2a493eb186466e204291522845849be2aaf27fc7c35eb33f90778e13df024c0b8cb802e5ac72f344ddcecec36c8f9b986ca7a55f152b4ef

Download Submit
C:\Windows\SysWOW64\OxygenU.exe.WebView2\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Windows\SysWOW64\bin\oxygen_auth.dll

Filesize
5.6MB

MD5
cd3e516a5b2611997f141863de6f405a

SHA1
d1e1ba9219e32cea476ec58d5013d6c2874112bc

SHA256
48aa0793a1fc5e54fbd37268019ea7e3aa9344c6456c41854a8e2e7c3a39e857

SHA512
a43ed6168af5a8f3976c9d4a435429504674ba41f68e332c4f01c7634f0314f8356c95082d886d6ae8b760c5af65d573c8a8cc8bde2728cd029a72778e674646

Download Submit
memory/3112-1107-0x0000000009640000-0x0000000009678000-memory.dmp

Filesize
224KB

Download
memory/3112-1109-0x0000000009610000-0x000000000961A000-memory.dmp

Filesize
40KB

Download
memory/3112-1108-0x0000000009450000-0x000000000945E000-memory.dmp

Filesize
56KB

Download
memory/3112-1095-0x00000000003E0000-0x0000000000668000-memory.dmp

Filesize
2.5MB

Download
memory/3112-1168-0x0000000009D90000-0x0000000009DA2000-memory.dmp

Filesize
72KB

Download
memory/3112-1630-0x000000000A1B0000-0x000000000A1B1000-memory.dmp

Filesize
4KB

Download
memory/3112-1631-0x0000000069640000-0x0000000069F6A000-memory.dmp

Filesize
9.2MB

Download
memory/3112-1634-0x0000000009DB0000-0x0000000009DC0000-memory.dmp

Filesize
64KB

Download
memory/3112-1635-0x0000000009DD0000-0x0000000009DD8000-memory.dmp

Filesize
32KB

Download