Malware Analysis Report

2025-01-19 00:38

Sample ID 240503-klfasach83
Target Pindanoten.docx
SHA256 c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7
Tags
microsoft phishing spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7

Threat Level: Shows suspicious behavior

The file Pindanoten.docx was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft phishing spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Enumerates connected drives

Detected potential entity reuse from brand microsoft.

Drops file in System32 directory

Drops file in Windows directory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

NTFS ADS

Modifies data under HKEY_USERS

Checks processor information in registry

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 08:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 08:41

Reported

2024-05-03 08:45

Platform

win11-20240419-en

Max time kernel

279s

Max time network

278s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Pindanoten.docx" /o ""

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\Downloads\OperaSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\OperaSetup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\OperaSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\OperaSetup.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "78" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591992836231492" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\Downloads\OperaGXSetup.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\OperaSetup.exe N/A
File opened for modification C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened for modification C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\OperaSetup.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 4504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 4504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 712 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Pindanoten.docx" /o ""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ff1ecc40,0x7ff9ff1ecc4c,0x7ff9ff1ecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4836,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3176,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5276,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5280,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5576,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5744,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5616,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5884,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5136,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6180,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6284 /prefetch:8

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\Downloads\OperaGXSetup.exe

C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2c0,0x2c4,0x2c8,0x2a4,0x2cc,0x756b4208,0x756b4214,0x756b4220

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5584 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240503084145" --session-guid=0f13f513-29b5-4114-8c5b-84d837ede5ac --server-tracking-blob=MjMyY2QyNWI4MThjZjA0YWZiZDYyMGI1YzUyYzkzNTkxMzFjMGViYmM4MDBhNmYzMGUwYjUwMTkwZTc2ZjkyODp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX0dCX1NlYXJjaF9FTl9UMV9WMiZ1dG1fY29udGVudD02MzQzMjcwMTgyMDQmdXRtX2lkPUVBSWFJUW9iQ2hNSTNLamEtb3J4aFFNVmZaZFFCaDM2R1EwQkVBQVlBU0FBRWdMekhmRF9Cd0UmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRmd4LWJyb3dzZXIlM0Z1dG1faWQlM0RFQUlhSVFvYkNoTUkzS2phLW9yeGhRTVZmWmRRQmgzNkdRMEJFQUFZQVNBQUVnTHpIZkRfQndFJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX3NvdXJjZSUzRGdvb2dsZSUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9TZWFyY2hfRU5fVDFfVjIlMjZ1dG1fY29udGVudCUzRDYzNDMyNzAxODIwNCUyNmdhZF9zb3VyY2UlM0QxJTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUkzS2phLW9yeGhRTVZmWmRRQmgzNkdRMEJFQUFZQVNBQUVnTHpIZkRfQndFJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9RUFJYUlRb2JDaE1JM0tqYS1vcnhoUU1WZlpkUUJoMzZHUTBCRUFBWUFTQUFFZ0x6SGZEX0J3RSZkbF90b2tlbj04OTYzNTgzMSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNDcyNTY5NC44MDY4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0dCX1NlYXJjaF9FTl9UMV9WMiIsImNvbnRlbnQiOiI2MzQzMjcwMTgyMDQiLCJpZCI6IkVBSWFJUW9iQ2hNSTNLamEtb3J4aFFNVmZaZFFCaDM2R1EwQkVBQVlBU0FBRWdMekhmRF9Cd0UiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neC1icm93c2VyIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZ29vZ2xlIn0sInV1aWQiOiJmZjUxZWI4ZS00ZjgzLTQ4OTItYmUwNy0yNWQzZTQ4ZmU1MzkifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=C008000000000000

C:\Users\Admin\Downloads\OperaGXSetup.exe

C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x72c74208,0x72c74214,0x72c74220

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5648,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6424,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6520,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6708,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6700 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x1104f48,0x1104f58,0x1104f64

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6368,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6808,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6724,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6856,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7008,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6940 /prefetch:8

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\Downloads\OperaSetup.exe

C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.68 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0x7220e1d0,0x7220e1dc,0x7220e1e8

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\Downloads\OperaSetup.exe

C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.68 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2c0,0x7220e1d0,0x7220e1dc,0x7220e1e8

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,12170589677750863147,4673368986633199129,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3520 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2157238

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9fa113cb8,0x7ff9fa113cc8,0x7ff9fa113cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6230304909674496456,3036969798950349627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39fe055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 47.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.16.238:443 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 play.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
DE 18.197.25.31:443 www.opera.com tcp
DE 18.197.25.31:443 www.opera.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.200.46:443 www.googleoptimize.com tcp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
FR 104.123.50.152:443 snap.licdn.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 18.239.208.104:443 static.hotjar.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 151.101.1.140:443 alb.reddit.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 18.239.208.34:443 script.hotjar.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
DE 18.197.25.31:443 www.opera.com tcp
US 204.79.197.237:443 bat.bing.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.46:443 www.googleoptimize.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 185.26.182.112:443 features.opera-api2.com tcp
NL 23.62.61.162:443 metadata.templates.cdn.office.net tcp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 142.250.179.230:443 11199305.fls.doubleclick.net tcp
GB 142.250.180.2:443 ade.googlesyndication.com udp
GB 142.250.179.230:443 11199305.fls.doubleclick.net udp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 104.18.24.17:443 api.config.opr.gg tcp
NL 185.26.182.117:443 download.opera.com tcp
US 104.18.10.89:443 download5.operacdn.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.179.227:443 id.google.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
DE 18.197.25.31:443 www.opera.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.178.4:443 www.google.com udp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 163.70.151.35:443 www.facebook.com udp
DE 18.197.25.31:443 www.opera.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 162.159.153.247:443 a.quora.com tcp
US 52.5.186.31:443 q.quora.com tcp
GB 142.250.180.2:443 ade.googlesyndication.com udp
GB 142.250.179.230:443 11199305.fls.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 184.28.176.90:443 tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
NL 52.178.17.235:443 browser.pipe.aria.microsoft.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
NL 23.62.61.162:443 metadata.templates.cdn.office.net tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 2.21.17.76:443 account.microsoft.com tcp
US 204.79.197.219:443 rewards.microsoft.com tcp
US 204.79.197.237:443 bat.bing.com tcp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 20.189.173.27:443 browser.events.data.microsoft.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 52.2.7.148:443 q.quora.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 184.28.176.90:443 tcp
US 52.234.227.128:443 2360e70e832f2c9013baf01f5b23019e.azr.footprintdns.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp

Files

memory/3760-2-0x00007FF9EB3B0000-0x00007FF9EB3C0000-memory.dmp

memory/3760-1-0x00007FF9EB3B0000-0x00007FF9EB3C0000-memory.dmp

memory/3760-3-0x00007FFA2B3C3000-0x00007FFA2B3C4000-memory.dmp

memory/3760-0-0x00007FF9EB3B0000-0x00007FF9EB3C0000-memory.dmp

memory/3760-5-0x00007FF9EB3B0000-0x00007FF9EB3C0000-memory.dmp

memory/3760-4-0x00007FF9EB3B0000-0x00007FF9EB3C0000-memory.dmp

memory/3760-6-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-7-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-10-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-9-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-12-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-11-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-8-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-13-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-14-0x00007FF9E8FD0000-0x00007FF9E8FE0000-memory.dmp

memory/3760-15-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

memory/3760-16-0x00007FF9E8FD0000-0x00007FF9E8FE0000-memory.dmp

\??\pipe\crashpad_712_VJZABEXYKCPMQDDC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b8bface2b85c56c6316439daa29ca02b
SHA1 5c8669c4e2c2ab3be03cebc72e553f7fb1015ac9
SHA256 8ac344874b584c880a9d9a7559a1510dcf9ad9cc256961b12796ddb6bbf8ed0b
SHA512 7ff7802925b3107beae694f881b79aa31a9a6caf4228e0d8b9f500891a9ca95d9f8506bae0701c6c301c1d0b436d0d3d3c98c6f9c259e265548151641d3460f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8d22acd9e60f1b0fad42dbbda383e515
SHA1 69b9441bcdf30e98bbb8dc573ff315c4523cf96f
SHA256 842b461fa647c3f601741b15a6ea1341879d8cc1f3ea1c28b7371c315b5fd46d
SHA512 b2ece4e2aed3125c35dc1cba2c4dd536ce55bc5c90e2ac12bd4b691090b9340472dbd49473f22b0727ba2a84553489769478c8d70c19f550b32bb124e42bb4a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 edd3269b026d32056d7f2dcb97e3dc61
SHA1 a73779bb7bd70b75977bf4722bc37f624379797a
SHA256 c8895da57c31e0d39656335b92d86f8991a8c2e064c6d011ed3094df3f0b6fe7
SHA512 c7de9bd75ec278ddfca3e95a7bc74d62993210dd7c05d0522d886aa86420a76baf5a4eb070988cb0654a7c6bdb2ad8cbd3048cf5fef8ad6bb94efe3b58048477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9362de7fd8c20d76bb41283527aa4fc2
SHA1 a0084d6973bc60ed421abd095b36fe3b29da88c9
SHA256 909bdaadf66a3be9b3be1e5013a674df4d0cb257778996dc1d68e394a37d3cdf
SHA512 61e0030ef4424d7c34d9f1b9bec96b77b524ddde9347bbb66c67587cf33d094ad258c1bf3d47bae3442993a92ea22ea6089eec745f22906130b4cac1237724cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5c98411f0209f005f19ecab755accbe7
SHA1 1d59783d569709b0150621cac71a68e0831a14b8
SHA256 26bb40e07c547bf0e5761f2583ddd4c8b6feb5dfbcfad4f6add381080f5b58b9
SHA512 467bc7cbc5fd20a16147cb4df6ee94102c826d142e8df5edaec3cff2bcc3c9a81daab7dd97ce422a3d8a5ed3d59179388e1d9c819353c03a86de3604d68efa64

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl

MD5 51d32ee5bc7ab811041f799652d26e04
SHA1 412193006aa3ef19e0a57e16acf86b830993024a
SHA256 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA512 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

memory/3760-792-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 527102ff44d6e9855e35c20e3c6c9dd3
SHA1 92bab5a6bd9e36b5d93bc89180ad27211cb8878a
SHA256 22e9d5d0cd3ee9846b9cebdb0197e339fd486405af7ccb4d86c019144185f7f2
SHA512 1b8730bd16e0c00b7aebef51c1a99b4193938fae52e0ac2d421a02a70b5ecc5c050d8dee289f461d58a6c9c73710261ba671a1f62398c699c5925a52ff06585e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6776c9c6614ad0fd8e705b82e2d24f86
SHA1 5c8b78bc51ed6d982c33dc460b76a746cdbaeb95
SHA256 f2bd8224d272f973b6b93385af769eec50227f32a13116e84fa1db150a2c568f
SHA512 49df5585f127e7f8d559f34d5a9068ee2a85a83f263547b1af4cc3933b80a83a0d1054a88b429e833bce86e7ad7d3b8bb052522c7ee059919c96b2d3c83c75f0

memory/3760-813-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 4b70ac5fb714595fe6196800a5095e4b
SHA1 9e7097d9a85ab913d261a988bb2f5e3f34b51f13
SHA256 cf6aed345542edd91837b92d754f8549d021d47e8f0685d1930e4262e06f3d6d
SHA512 f9c3f8c9582f70f3039f3e4db5e634707e38d1f6c0e631bbe22d35d304d9704a6d051ddf259edeed6f2574978b2475819ca40483910e951dc04f1c4bb82c0f96

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405030841447555584.dll

MD5 c44227f38d59c590106f011b17eb90d3
SHA1 b99b310fc2249a7879290ca5d2ad915ef588e76f
SHA256 c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94
SHA512 0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be

memory/3760-839-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c5a0194eb5ba904e25b0832e1150cb4
SHA1 f0965842b44c48fb7839beb276fd279d72aa9aad
SHA256 e22fecc0f471a07e4745be0c160c09453427028ec639bdd754ac1cab39c4b2ab
SHA512 d06cc643b753531d9562130ec4bdfe8593bbe114f7628b2ba63ad5a8a60cdc11327d62cfdf1b5664aff1ea27eb8463c092aa1df0209fa91c24afd6bd3a1c7012

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 aeb9c0f7e373bea6960825e7badf0ff5
SHA1 545d22f70f56813a98c666f65ddec260a8eefcba
SHA256 b8c43b3fb76d559763982a53c91802b5177dc616a7a72559116423d35022b19b
SHA512 ed24e46d79d0f7472e6939ef058cb593ff6eddd37cf19946f40f77540194d9a600e754d14fe5324db4ed09a756e9162e251418138dd2f67bf5616d078fb7a028

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e9586d0d4e60f9b9de00247bead948cc
SHA1 33926149135c86e0a37d48a5296b334dbba20890
SHA256 5224c21634814713d4cc7c0d446200ab9938e6545c69902116654c43e4971fa5
SHA512 02319dee205aeb73f052e8bc844a23c5208cf96eced7f91e55c9c29f991eb1a9897a8835659c09b688ac9cb6ec861e1661afbc1601670815256bc3cfbf4b3d29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 bca976d6a8df3e4e32fe1775a0019f9a
SHA1 8d8be365dd8d084c590107350443135d9d9718b9
SHA256 eee61d058403d3e466b5cfd59d55660d07e571e8b5e2f15a88c6148113e9119b
SHA512 4798793992e668dc14d0db2d94827fff41686c65c896d866872382bd730d021b7a658bef685c968e3e53098ff21aed75d185adbd35d79614c5892ba7cce6171a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 b3c0e26ced5015a937a567902ed839be
SHA1 ba5c753b435d3d6a5b5823735b3f7ad3bc83530f
SHA256 0957866acaf3901b3e8309118ed08e194da7f0cefb362d78d477fa3af791b194
SHA512 b1f7a5b0b6309ab973e18e937f52f3392c0c78660a27f20cc3b07c6c0136eb051d9860adbe111a590f09c4d8e998b20f8221f8d78c1184d9db537131b5bcfe37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 1c722262e108ec233681c06eac5b12aa
SHA1 daf0f7cd13d56cc14fe86882c2c13220148cb105
SHA256 e1450d539e8fe442a75a55006dbcfc47a08c64dedefdadce1e7e84de1eb33c3b
SHA512 c77f2516cf4d4193611b14bd6a653d11d5ee9fdfc032a6da8bfd69a548e3f12cf9b4579ee95cbe6444aaa95e125db9f882d8b76d22c92d7eb63db0810472921e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 4cc06221809fafdb51ce64735524350f
SHA1 03f34273352731e39d8fb4a37b2e6cdfe380c085
SHA256 1ac03a272dc172a2efb8b016bedb313fc6a4402933547b153fabce7004747a48
SHA512 56a98572c948861c0b10f1376f3e11bbff570339928fe833064b6ea4832b4666c0c8002c38209271b0f5cd20c4fc985b6a3297343a1f1ffbd3233be07ad8bffa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 ec1935ce336e4f95f5ac62b0464b8d11
SHA1 a8ce3584f9f7e03f6a1d6b2d157fdafc20c24a1d
SHA256 2bab8622057fb1e14b55ada42613d67a8b2cc3ef69b1cb3740215e0bde2e5be9
SHA512 e8dc4af7fe42d5b4d0d43b88169e2c9f49bfc53d9491a7e4881e7bd507e7fb82a86cbfa228836855b2c2c56f0dfd71698c126bc0143c48256d27c5badc083047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 d190fb454568a217de72a718d2b6f945
SHA1 9bc15378a293032d990f44a2cc47913f57d22dfb
SHA256 c3082d52dac402dba2000b4ec3f94baa6ac0b92cc9ec0165e25000effa5e2464
SHA512 9350839b154854f3535333f55c67d14c6aeb60ba4e4f1871e0931ffc63ddd1751df75aba99bfa8f8abf1f6fe9dba93cfb9d07543760d9a7fefff03067bd36518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9d88b9ffbee610b0877768833ab85688
SHA1 0c9a767c25a624b702ecc90262cd0261eced7651
SHA256 ddf9da5d20f35aff7436f0d5e11d2bc5cd7dc846bb67a8a58792b7dde31edd9d
SHA512 3dcdfbe77e8c31fba6348eac65084fc18209bb92c09ce3c188d2cd3763bcb62a7ae3ec7ad73344defb59626d76157f3d15732b29cea782b3d787a358cb5bd302

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405030841451\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 e833d28d0aa9938251f710f48a1e2a9b
SHA1 900f4a7b5f887d535cd80da3cb6938a9cfe56bca
SHA256 fff77544ce269a8be423eb854e74ee751a2473d8859aa0eb6417cdae10df6a84
SHA512 7f4580a1c1c74536b6a2e25c738dd194a3dc22f3ba5dfc5e06d5ede7ff898e2d72dbc25d98179f1310c716925af96d179c2d50ef8a91790a02bc59afacd6aa3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 ebd317df9b0dcfc8697edfb5a2d76e17
SHA1 ef69c741f91256fdd86320b0aabf3097df83f807
SHA256 46aa719a6fdb3945ac2ba05dd18213f71aa2339d7d5dbbdb76c5834a62419c8a
SHA512 4d74ed16bd17f621737c269e1e3ced7174ce0f492ef029ab4057aeac001ffc93dabf4974a646d4e6075e0b5fe1ded745b37ae48c35660a00c8863c7e2e5368e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 06391fd8f3126494708bc0766c496751
SHA1 dba6e8f51b05a5cf06ecccdcac5ffa0e828e7d7d
SHA256 aa15b6a8fe1389bf13bf56baa24419a05a43155adaf4e8e33df2c059fdcd2620
SHA512 77e8b8cda6564cb8f1e4d73d26287f59d6a8a45e5a19568fbf9dc6485fd88d4a6cae8d2fff3c36544322878e90f8ca6df3cf5b6891efe3b5bddd9bbf181ccf1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 f7760ab0d394252c74457fb03e60b443
SHA1 eded4ce53d7014e27d102c4cff1288e90885f4b5
SHA256 dc78f5df6729ec450bc7a794fe46cbb1a0b05dd6c0678aed2d7bac4efcfff0c7
SHA512 9c8843f3e3bc2f032fa73ab505bd7d230014e898d52056c51e4d28154d3f2a461dfdc0f84fda1c916c1f8598455fc1c668a02522b3ef660614a506c29a351a9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 f27d2d9a453e162eec63180cf358c726
SHA1 19679c927ce4d48764454bc98931ff17e882c730
SHA256 a5ea7f237f682f7db64d7a233d47aaffb7851822f92725dc20aba79aed3a7100
SHA512 e783b491418238cab641b3943eabc196f0118d766086d20c368ae38b5c3ac50388d225792a5b103e515d35319f3f4877af14f0c829de3ac1bc453ae8e7383fbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 1b7ac631e480d5308443e58ad1392c3d
SHA1 95f148383063ad9a5dff765373a78ce219d94cd7
SHA256 7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738
SHA512 15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e268a481e3d980f33e53c5b706c5702c
SHA1 c8944254790fdb10aae94f1c5621736ed1eb5b41
SHA256 c5d40b94b787be86e7f7ebd6b74800ebeb2f7743fa1a89b1c3e91c3ecfe2fcfa
SHA512 718fb3b4b8aee9b125ddc431242fb1955736ce7640adbf553a04fe26ee5a5cdd3445aeff5efa53469c5050466f0c568d269dcef036fd14363bc9d0c943adc195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3ea04cbff85691294bfe9cba7bae8786
SHA1 b9b469df8d3c3f17e630b281557d412ef09a70e4
SHA256 ce808f8c2a8f122c64308887a947a9ffe4a31660c6505a35aa4b2aa98b7fe243
SHA512 ba3e698d7d5e4a757d447780522fd80bfa1e8b5262dc859bc9a8737f1e2b966f8b14f28e8b98c354ec7a8f483be5cd39a375b1c5cfac2bb140fea79f8137ff10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee1d3fb64a6736f75b91dadcd3c3c5aa
SHA1 925533e5acb66f2d3c02068040f5d9ff131216e2
SHA256 86f51b28e24084fcf882be0261e0df10f6a0eaad65c0b27d6e7166c620457a91
SHA512 a265781b679c63d8f27f60c7d0c87470e6fd904f0300e32846a42b75f254f1ee19c4e56fc79c9a987786394cb7705f735d18b0c6606e9e6856f939458bc0d100

C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier

MD5 4f0389bdfed215bcf84fafa2527269a4
SHA1 ee745b918dbd9868010876458b98564db3c989ab
SHA256 04c066cb92979230ed7627d19b4c40a5fd8b1b6bb8165d956c88acbf5aa32e8f
SHA512 428f9f1db3e92d15d7d1266d40ddc5114cf2b265677122ec6105c7a2dbd764c10926a5b99fe6d236ac9af8e052991342390c5235b5bab3c0128927ff9d499f7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f960657c33f3e5e2fb92d5f69e4c898d
SHA1 805d557c85c1d9a361c27300c98ae482346ef7ed
SHA256 4c6c770da7b5c7bd5a7538a32180b79d2c9e6f0b0db21e8ac38d5d4daf896ea1
SHA512 a4af282ca48fdb13d33487b68dae2bcd3f962e65eba6be4d5b751da7a709a2a9a20afb4aec679ee04875017248629cec2083d27255915116e341a9659c38d1ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f23247b50a229bee2597ebd83cb9b89d
SHA1 e64d514b8f93fd6f11b5fd2b4573889d61cfddd7
SHA256 43bb5afa956121fb5821fea3bf7ec5b01b9fcc011e1fc2f75ac1dca2ceb9feb4
SHA512 70b8e3c34b2745c83bdd87df34bd340558531c3ef8835742fe41dee3540d3e1fe9ed57978d0ada454c67a29b7f7f7c0166f3a9eb8f9c7af7fea4fa573e9e8dd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9a3806d24a563bf062839f6283fa9b5a
SHA1 6d3f9f40820db73f66e5f7321fce0ac11475c632
SHA256 f1dba4c57b025d66721560f025b7fd3819539da297ab5702ed0cb6233095ca5d
SHA512 539260e49a623d6c88ec49761bd85abaa20a52e82b04d930bbcad92d8d43540ee54cd4aa156d700d542bc7fe97930a62498d4e3ea8710eb654741e7b5676fdfd

C:\Users\Admin\Downloads\OperaSetup.exe

MD5 51a9afeed36942c30d4768bc161180c5
SHA1 3e3058f3d4e5c988fc0cf3a75cca43b44ec0a6d8
SHA256 e235f3847cb6b76c80f79e52c1f986e7990aef09e8a5bcef467e300812baaf71
SHA512 9302dd80d182d68e780a0aac80550ce88cac6c0b7efdfdb0e57154a72e8f5bcf93c91983f2d4c14112ec37ddf3c9268a94e0a39a92f686b06dbadf5b09a90d1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 e512c14189b8d3f487289faa8deccbc4
SHA1 cae01403a3c057286e145a3165de1c0493ab1a46
SHA256 b7582c62853acc009ebd7c7961912af512872d55e3fc6b8a585bc8a133c6eaa4
SHA512 35ac913abb89a4014c493f485d0209bce837806f45eba8fd5e9b1f6e727259db4a6ab1f7a02af581bf5a41204b9fa8e61aa3ca4c6238624bc6962da9e9bae7ee

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405030842411654596.dll

MD5 45fe60d943ad11601067bc2840cc01be
SHA1 911d70a6aad7c10b52789c0312c5528556a2d609
SHA256 0715f9558363b04526499fcd6abf0b1946950af0a7f046a25f06b20dddb67add
SHA512 30c82f6b329fefa5f09a5974c36b70ea2bdab273e7d6eadd456fddcc2aa693f8f1cf096d57c3719d1106e9f85d50a4ffbf0ed7e66da2da0a5f23b6ee8c7194ba

C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

MD5 456b225a686fc06f00ef2654305ab499
SHA1 166d870f2ed1c9b8769ca1c2a2d0b57f0b8eb7d1
SHA256 56b388475bdfb68c1719e8b45cc696c1d179fe0f5a42b1469e0592d435aaf0b3
SHA512 69f789c7ac62ac8f9649f61547299cf0050f6d3f426f3e9bc129c51e9dcafe0eaa2814d24be039e36a2425d4f1fcc2e1acb1212f5bfc66abde52f66adca05f88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bcb76de1d55201cac45e77e02a16da62
SHA1 8898ffbdab02af857d8583dc8623fb65befc9992
SHA256 fb62442c51bae5f004b623b65217d2a71d53c088f4e15c82af5378ee4a1c4fa9
SHA512 4f330146c48a73208ef7b878a540f9d767cce71d6b7a2858abcb172317e3e7cf31e07881448aa9c71df5f933a79465ac072c522502e9dbcf9ea722bc611f509f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23d0781259dd013edbf57476b645d826
SHA1 653dfd01a21e2edeefe6a8aeedcad506ed6edc07
SHA256 5ac17ed06ab37bd7f513af6dec85f1120d9c3f62ade2075ab60b0129ba31d4b3
SHA512 6553e3f48a09559b55cd39db4daa26b769df59ea2395c9ae3c8fdf055b2dc8e89ac2e04800ddb197994c39f267a393aec60633ab4fd3b19f5cc8ca00fedbd72e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11e4fae8b50eaa724899dc13cc575d9c
SHA1 104cc6a6866792a7c8b68fbb00efd4ed15bba893
SHA256 5a031ae924fe588a44d0ecd12093d18637b28eece997c5f5a8b55d876227cb62
SHA512 6d92994beba721fb360110f5e4b259c1a07e975190f6bb3c9796fd7c7b5c4f1151daa7458bec9b4b8707feaba3a3db33d0ab8195476d49f0c43f92f8a501b446

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2e49959fe07e4fea29b110fe2bc5858
SHA1 c586d32e9295de7bf9a19e1abf6b8b54f749f6f4
SHA256 92f7bb20c38cb00518f1a8a0a3e1940895409562d36bc0f7d234624febd864a9
SHA512 d16eeb7164a79d38a1a19f50bd274d937c02a40d097782e4988f82872c45392f4271bddc851d1f70912d1024b86aedd30ed9d1202cdb5d2d0668a9fa7f967c23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 81c5bb8ea5774c0265a62c7aef3542da
SHA1 8683dd9609f904cba84301a1f77d836279f44f97
SHA256 fbe9dd0dae0a1cccacfe6759b3a68779ac9ed92f4c56d157be3e1221d61bfdbb
SHA512 dab11995859c0bf818804ad2485a2d00096aabffd723a037144822080193892caa0681ff55e1011b4623f046f4c4f5aa18b662a6a4cc04b7c5e8f03a1563c119

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2a9edfafe676280297569a7321fa3bf
SHA1 ed3ff12a15bc1ca80446e1f9108c9e4a4871de92
SHA256 8ad75cdb354b3fec0af108f6227da8a711dac8c5c56d8d5e5e7867698b61315f
SHA512 352db4a5ace64f1ea59ec93b0a24bf176a2c37e0f619ee5b30a373b375ac9102900883afd25ee63f573d60d8ab2d34a20db781ade973b682ef05c21336e2890d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd5f6cc1a687529c8ed11d2fc4a6cdf5
SHA1 a012b2a211e96dbb9a53a46f305eb0d2c2bf7d5b
SHA256 72ad1864909d1b548d8ecd63e07369402788a61a4e36e0bae7384992bf97e2f8
SHA512 bbb8d088213ab5b0b96cde81766c5fc353d60df6854ef2a91a45862cf0c7098c37a4698e25fe98bbbf3cbceffa4180930d955647a447702051dfec299343c756

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 686c3be85945028588fd8641d0bbbfb3
SHA1 a91cdd00dc90e2de47899e4d182a222c1bc5a361
SHA256 052d452c08e66d6857a1abde103f253a296b61c4225c7b56a059966478e11d76
SHA512 5ddefb1f6cfd4cb95c382df0978bac759c1c46a7e42b28b2b5e70e9c823baa13bbca43b1a85d724f2309ce2f2471b6a70f707c26e9bc45f9be9c97ee6bfba979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 681f3df96cbee236eff20268bd0ebcf5
SHA1 4bdf7e5713ae3b085fcf9b29d3dc99a63fd584f3
SHA256 7a64bfcc0aa00eef9742948011656d60fa85061336ef9e296f66430761d85b04
SHA512 bd63264abb32671ca4d7f01fc0b84fefefc9811bd874ba1d74383fe24b07a12048a13d2f43f5b7baab0951c6cd3feab98b5eddddbf57b712818b66d3953624d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a1afc1e8f6a49ec7b083a640d5ada79
SHA1 c508be8e44bf49684635fe8e0c72047b259e786c
SHA256 3b605399de9479065b92215376667d15133f5efb11df68559e6c390b386a051f
SHA512 34041571bc8e5085b9b99a9b8c913caf6afb1a068989504f7681926a6146e5315855af9a3a1e0dbf005960d434e4cb1a28a30f8254d348ca350c068a6320fa2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9cc6a936c03a9bf17d5b07c24d7df84
SHA1 19754eae979e047a1cf90f8d187458bbe4e0426c
SHA256 1182503e9b55e5a59623f9921c6c5fcdbb4999c6e374038b1168e69e32017598
SHA512 75cdc43ff33f404956b46a8f0b4cdde995a8c6be84490fe49971cf20f6e371cf345b44392339cf96adca42a28130fad3d3c28930215777d26654b543a6bdc8fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8b53ef336be1e3589ad68ef93bbe3a7
SHA1 dec5c310225cab7d871fe036a6ed0e7fc323cf56
SHA256 fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1
SHA512 a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d98579d3b0d2fc74a0dd4a7de0eb8295
SHA1 67026b1b34a011ff50f6671122c6969ae47e80ba
SHA256 22af855257d959a4b80258358f2503a3e9d1d3b58366cf9acfba3b1613f536f9
SHA512 8a3866a6c37a28afb7eb89f0b5940ee0342cac33da8210c1c4484ba7be34c9830227d2d8d3150bfc0868c882b89839b8343347e2b17dafc04ad0ebef9aee0b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6e498afe43878690d3c18fab2dd375a5
SHA1 b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd
SHA256 beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78
SHA512 3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0a79115b9a627a857a5284126071af5
SHA1 481ef2cce45e6e350d6dbc3ad9189c8a75fa0698
SHA256 e57081d659931d1877708165345eafc0e6d9faf5df1927bc18a2b500474a74f6
SHA512 6b25a53e970bc00a97f7f8e1048364ae03d5a21db751cb7800121ef376fccbb13783f5c3862ccb2f221b574015b97973ae1401f85a861963c2d4e04adbc72e8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2c1d723578fd78b83260c83c337fb45
SHA1 1935a8a90f24fd4005d7729b3680ffeb65b0ff32
SHA256 996413a6c4d6e3956dd5fb139a2ffa0454c5f47a70d30d1fdd7b8e74a13b82de
SHA512 b7517297e7b8f9ba18bcd25a173111a4eb89aff15cdc08f8e2f477507568369f9859e350e4f17cfeb2f49eed127f1c4eba2beee1a9a6ead361c45a2dad050fdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b5928eed81d7f7822679f68d776e097
SHA1 72a8cf31c8034edeea38b76ed650c932ff391db7
SHA256 5716554117f55db66641ff1eb5194cc42fdf6b3abdbf1fbc752fea7f3ac9f926
SHA512 a63750f048a687183eec52fa2a58b68340d1ec1b3d7ff4f9b786d25c2ee9e64ff8753743783db0e15123d50dc2133fc35781e78f816868873661cc06595a4d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7d4cd7404049eee02e73fddafef7dd8
SHA1 76cb065342188dd21261a5fe5e3b1f0d8eeddb5b
SHA256 b7f954bf5354243cf699da696e4be7655057ed42e4e601b4c6ce64770f71a538
SHA512 88e20f3ef4329903de08071a05ec1937bf7283950869b98489394adc8b0e2b0dca3257f50d4e98dfba23dc9fcfe4b218234132f0d6c71505640fdfc2fab534f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 515d56af87b12517b62088e190f067c9
SHA1 7d11f6842f0a6479437e42ecd35128fb6cdd4bab
SHA256 117761dd65938adfb28fade19feef1f58114149f63dbaad2871e9e2fcd228af6
SHA512 038ab68c95aa9b1b4c0d274fa2d2f1d82411c4a069365a9861439b98cc59c6f9352bd2744b1949c04c1d9741d5ad094515566590caf7ae5ff78f914cc11236d2

memory/6660-1580-0x0000027D55240000-0x0000027D55250000-memory.dmp

memory/6660-1596-0x0000027D55340000-0x0000027D55350000-memory.dmp

memory/6660-1612-0x0000027D5D690000-0x0000027D5D691000-memory.dmp

memory/6660-1614-0x0000027D5D6C0000-0x0000027D5D6C1000-memory.dmp

memory/6660-1615-0x0000027D5D6C0000-0x0000027D5D6C1000-memory.dmp

memory/6660-1616-0x0000027D5D7D0000-0x0000027D5D7D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 774939797bf1fe474bca7e3661312f57
SHA1 11063832bddad52c2ea7fb407e81946376226439
SHA256 637935d05c52d3d25956aae5589bd6a4c600270f7366f952e24c83a968c79b2f
SHA512 bde4cd52a346ab52dd6be9603e2ca53712bab84ae3e13b6bdffb3672920228054d85eb9e4cf5fe9901cc4b1815b492f2ed72d867448a4668771d2288f851aecd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb894fbcba063dafcbe4168619761290
SHA1 128582a469a64435d502dcec4001ee86f1ed522f
SHA256 6b934a9f4499c0e82c79f0eb9330a678815f7180279f233eae725fbf3420aaf7
SHA512 912a707165bfbf35895523aedd13eba8e3f1d2c4add0d9d7a2691d5c814d4ce36628a4ae762724b9af87b57aa949299d65573028b8afc77427d39ae13f107393

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e61191ea79d3eb9efe0529070e67a4d
SHA1 8621a690d3a934d323ab2bd84d3aa8bbf9e1e4b0
SHA256 040f76fc1fb38e926df8d6610dffc5a9057bce0dc65e0bd55c6a381e5eb1eb25
SHA512 4add616a9457c1bfb8da9114a8737e7955aa68bbea0b741acab8e4678360393c0e4371b36f14e821a1d853f110585c7a5439b96de251b77b44a14ad085c1f631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fec1e52018dc569285e113a3e483c7fa
SHA1 dab4dc522d93dffdf613820fe7c115c6c65293b9
SHA256 a9150139ea9ffcff1699a14442675a4ebb7cff3a01bbe7f3220c4d3c5bb3e239
SHA512 407428453e435bc00c61edd72591baa8942ff507ad028c199cc946f07893e3143bc808ac7656db19eb01948e02cc15c9ac830260c80f9ad9440e94a552bb6d73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6d07adfbc821595ee9be01cd323b44a
SHA1 3d301c2789a91d2e8c99fc1df98c12f59ba8e512
SHA256 cdfd5afeb2e665c3dca1a6eaa91a4d1d60c9083138317c6b6ec16d49074d1f2d
SHA512 dc2beb4845e63001becba542e254d325d9c84dd9d79e4561c048b8aef613ebefa2dc921e2300212f70c17cea396415cd5015ea85a61e89850d804cfbc0b50cb1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2f686552f463dacb3a39e97d1a410c9d
SHA1 e4fe9947c26763394b6cd14fa1df940c9af7de73
SHA256 6cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6
SHA512 9eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 09ffb8f98bccd11950a8b372a93b97f1
SHA1 42b8cfb59f89e16a336fb3e8221e197d550bec5e
SHA256 f01e68d0affb7f8cc0a9e4997ac5747e367f70ea89535ee3fc5d18475f159969
SHA512 d3b7f977ca359a0a25d1e0e9a288318a6f7039a64fc5754048fbde0603d57d9efd141703836132a49c969f32768db7c6d3c2875647b4556606e10932537503de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d44517cc8ddaa2750da87538e5de346b
SHA1 80802826b0d1982a2a76a6238d07e54761fa2453
SHA256 eb540c5ed354ae8a0331f951cf8f831751baeac932a17b42f1894fe315d1cbbc
SHA512 677850bf30bed02a451c897b6a6393b1ac1644aa92e26229beac0bf411fe7afa892d4e65f0f20b7a5af360b92913262cd2b0968ec0258765566d7f13ba76177f

memory/3760-1756-0x00007FFA2B320000-0x00007FFA2B529000-memory.dmp