hxxps://opera[.]com

Resubmissions

23/05/2024, 14:58

240523-sb9ewafb52 8

23/05/2024, 14:54

240523-r9wq1afa2y 8

23/05/2024, 14:48

240523-r6y2yseg91 8

Analysis

max time kernel
389s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://opera.com

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 22 IoCs

pid	Process
5848	OperaGXSetup.exe
6120	OperaGXSetup.exe
1804	OperaGXSetup.exe
5332	OperaGXSetup.exe
4564	OperaGXSetup.exe
5508	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4352	assistant_installer.exe
4360	assistant_installer.exe
2356	Opera_PortableSetup-110.0.5130.35.exe
4576	Opera_PortableSetup-110.0.5130.35.exe
4884	Opera_PortableSetup-110.0.5130.35.exe
6876	Opera_PortableSetup-110.0.5130.35.exe
6724	Opera_PortableSetup-110.0.5130.35.exe
5400	Opera_PortableSetup-110.0.5130.35.exe
6184	Opera_PortableSetup-110.0.5130.35.exe
6252	Opera_PortableSetup-110.0.5130.35.exe
7128	Opera_PortableSetup-110.0.5130.35.exe
2828	Opera_PortableSetup-110.0.5130.35.exe
4472	Opera_PortableSetup-110.0.5130.35.exe
5816	Assistant_110.0.5130.23_Setup.exe_sfx.exe
2536	assistant_installer.exe
1872	assistant_installer.exe

Loads dropped DLL 20 IoCs

pid	Process
5848	OperaGXSetup.exe
6120	OperaGXSetup.exe
1804	OperaGXSetup.exe
5332	OperaGXSetup.exe
4564	OperaGXSetup.exe
2356	Opera_PortableSetup-110.0.5130.35.exe
4576	Opera_PortableSetup-110.0.5130.35.exe
4884	Opera_PortableSetup-110.0.5130.35.exe
6876	Opera_PortableSetup-110.0.5130.35.exe
6724	Opera_PortableSetup-110.0.5130.35.exe
5400	Opera_PortableSetup-110.0.5130.35.exe
6184	Opera_PortableSetup-110.0.5130.35.exe
6252	Opera_PortableSetup-110.0.5130.35.exe
7128	Opera_PortableSetup-110.0.5130.35.exe
2828	Opera_PortableSetup-110.0.5130.35.exe
4472	Opera_PortableSetup-110.0.5130.35.exe
2536	assistant_installer.exe
2536	assistant_installer.exe
1872	assistant_installer.exe
1872	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 12 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\D:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\D:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\F:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\D:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\F:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\F:	Opera_PortableSetup-110.0.5130.35.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609499050830243"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{04EA9D8A-5CE2-4919-85F5-3CDF6A102FF2}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{85540D3D-3A34-4F0C-9CF4-74D24D201A18}	msedge.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 5563.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 473652.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe\:SmartScreen:$DATA	Opera_PortableSetup-110.0.5130.35.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe\:SmartScreen:$DATA	Opera_PortableSetup-110.0.5130.35.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe\:SmartScreen:$DATA	Opera_PortableSetup-110.0.5130.35.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 630585.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
5488	chrome.exe
5488	chrome.exe
3840	msedge.exe
3840	msedge.exe
5964	msedge.exe
5964	msedge.exe
5760	identity_helper.exe
5760	identity_helper.exe
1532	msedge.exe
1532	msedge.exe
3076	msedge.exe
3076	msedge.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
6304	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6304	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe
6304	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5848	OperaGXSetup.exe
6184	Opera_PortableSetup-110.0.5130.35.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1196	2116	chrome.exe	83
PID 2116 wrote to memory of 1196	2116	chrome.exe	83
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3220	2116	chrome.exe	84
PID 2116 wrote to memory of 3440	2116	chrome.exe	85
PID 2116 wrote to memory of 3440	2116	chrome.exe	85
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86
PID 2116 wrote to memory of 4952	2116	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://opera.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9cafab58,0x7fff9cafab68,0x7fff9cafab78
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4680 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4804 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4580 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4544 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4620 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4608 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5240 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4312 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5052 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5104 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5096 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4372 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4852 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5144 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:8
  2⤵
  PID:5716
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:5848
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.98 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x2d0,0x74c84260,0x74c8426c,0x74c84278
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6120
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1804
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5848 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240523145859" --session-guid=3cc07855-5ba1-4bac-b0f3-b8d497651a1d --server-tracking-blob="ODUxZjI2M2QxYzYyYTI5ZmFjMGMzMzMyYjgwNWI5OWVkMzZjODUzNzliNDc0YTU0NTk5YjcyNTAxNDI2NWEzZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1iaW5nJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPU9HWF9HQl9QTWF4X0VOX1YyX21zYWRzJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1faWQlM0QlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fc291cmNlJTNEYmluZyUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9QTWF4X0VOX1YyX21zYWRzJTI2bXNjbGtpZCUzRDMyZDE2YTUzNTU4NzFlNjc5ZTI2MGMxYzBjMjQ2MDk0JnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0mZGxfdG9rZW49NjAwNzk3NDQiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTY0NzYzMzQuMzExMiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTAuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Ik9HWF9HQl9QTWF4X0VOX1YyX21zYWRzIiwiaWQiOiIiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJiaW5nIn0sInV1aWQiOiI4NjdkNDY5Zi1mYmQ0LTQxNWMtYWI0Yy00YjA3MGI2NjNmMjcifQ== " --desktopshortcut=1 --wait-for-package --initial-proc-handle=8809000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:5332
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.98 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x72144260,0x7214426c,0x72144278
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4564
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:5508
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x784f48,0x784f58,0x784f64
      4⤵
      Executes dropped EXE
      PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1908,i,14689671149239447652,14761776826720269727,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff8b3346f8,0x7fff8b334708,0x7fff8b334718
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:6948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1904 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
  "C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:2356
- - C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
    C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.35 --initial-client-data=0x2bc,0x2c0,0x2c4,0x290,0x2c8,0x716ef308,0x716ef314,0x716ef320
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:5560
- C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
  "C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:6876
- - C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
    C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.35 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x716ef308,0x716ef314,0x716ef320
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6724
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5400
- C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
  "C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:6184
- - C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
    C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.35 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x74d0f308,0x74d0f314,0x74d0f320
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6252
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7128
- - C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
    "C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\Desktop\Opera" --profile-folder --language=en --singleprofile=1 --copyonly=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=6184 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240523150234" --session-guid=226cac9c-e251-4dd2-90ed-19e5b17a85e1 --server-tracking-blob="NjFkODk4ZWJjMmNmNGQ1YjllMzkyYmJlMjJiYmQ5MDY3ZjdhY2U0Y2Y1NWMzYTQwM2Q2Zjk0N2YzZTU1NDA1Yzp7InByb2R1Y3QiOnsibmFtZSI6Ik9wZXJhIn0sInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fX0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=E008000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:2828
  - - C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe
      C:\Users\Admin\Downloads\Opera_PortableSetup-110.0.5130.35.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.35 --initial-client-data=0x2c0,0x2c4,0x2c8,0x290,0x2cc,0x7228f308,0x7228f314,0x7228f320
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:5816
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x8230e8,0x8230f4,0x823100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4120774597884860819,15191369450500322116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4f4
1⤵
PID:4104

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:6304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9e130b50184e39e32205c9dd3befee15

SHA1
150b8bfb3208d3a854996e02c1470d81530335b5

SHA256
7b5bd8bc8ac2cd655c212c4790e5d9a259046730a9f0bb51616b036da55d2c50

SHA512
3cf76690e692c874792fa99d6358ebdd3596bab33bede653067375fc7de617eb7f150f52e640d34b2d51dcbe39c5bb88381bdc0279054ab65d5f1492d89f648f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7daa664f9d2f5081932f6d3644c999fd

SHA1
1fcf72ee75b2b56f1fa6bfdd87010fd167acba86

SHA256
94ed2a0e1a10074b243f532af8f7deeee0857cb7d644869d67f3762929fc35c7

SHA512
e8da74e22a828abc9d9b3e57c472321fbca82e11f26ad05c82731d3aca2c908fb6a3af521caa5a34ff45823c64f38beb96eeca7a88197aca94b3dcb9f81434e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
bb90d3d25da5461bb491df5ed9d27843

SHA1
70c7a4d6a85b48e3f173891aec9872c54299b9c0

SHA256
5f1b46d7623d1051d8d5d1c6ffe392faf696321a7a4759a13f21c96cebc2910a

SHA512
1a7d234d018e3f672113159a0d784924a5cea04678fbf2eb68bcba3d9aa0c8abfc27c800bd53bd1cc1fd38cf93f732ab20030dc799d448046d99a60cfef6c4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
40KB

MD5
0ea3c40e1faf37122a20a202e9b52714

SHA1
ac0d594878e4160c112d7f70b5c680523dcee1a4

SHA256
ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0

SHA512
e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
1.2MB

MD5
e2be64a3638b95757a3f7120bb2dd44a

SHA1
c28df5b269134ffcfa6daf77de8cf0240014baa6

SHA256
ddf06269ef0c6e0ae2e0bec5004ce0931798d197f9217fd47beee925e4d9a447

SHA512
b082ff344e0e6cbc75fac74d7dca0647b0302bbb28845c8cac1a5f5178e3a48dbb94f0dd0993263336f3e3776cc4838a1a80f430a5d98f472f61849493653618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72e634818c91a59bf78935695436d3d1

SHA1
dbac42cc18f4bc38ed501698c130de80f9b6f7c8

SHA256
2d96d4e5b8ae00315d96cc82e1f6f24e044f90cd12f1709391db866c5ae67285

SHA512
70fb646a34e00caf523fe98a4270df155b381570d250e54ae61b15774981eead6f5fc58f396317751554516d07ceb67116c0c369257871fcd5675806b0569631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7f01cdb59554ff07c8505b2e09655345

SHA1
aa6cff778823617e71c5189f01be3ec6380f8fbe

SHA256
7db350173ea28010a8d23a22951c88ebfdfdedfa0a3d9ef26796a446c11782bc

SHA512
861644c495136effb3a38d12dc0c7375490ed0da42bbe9b39f072ccceab7afcabf572cf6acae7d46331650ab654ab8cf1a626f08a054cc9994959a04f5824ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
cd038e8054430bfa95718b0712e5bd7a

SHA1
b4ae9bcc264bbb4c4dade7ec30a47868adf78373

SHA256
5dcdd2a5d5f2a55729ee716314ea9f2b3a75626d83ed56ba2183f80aaa7204ed

SHA512
5132ef037fccff1449542d9ecf308ffe24a86dba54f706f59701949da02fabbc1b592aa03981a5bc0a2bcd90c5c0414ebacad066bcedcc694436065eb8abc2dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
815864053cff9d790fa95d6777ae4366

SHA1
731c94221c28e587b40e50368d74616243992b57

SHA256
36efd8d6b6a6a08bf505c014b154e926baf9e2b14c6ea50375a4d2a9ea88810d

SHA512
6601330605e728726b375ec515236e2932a28e12c0ec5e19825c32a4bb2067e0bff44966bd3a84c5883c441510a296cf397d912a00a4b4177f8d54d0680b31ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
336623d47be850c9781071275f491eef

SHA1
c3838ba2e13bdab165ef3182d139404a123d421a

SHA256
97d5df6ebe1212306a532990f72c0a4f187c33ca74c3c9158f06d5a23445db4d

SHA512
eb750af772eb4c6e09a945710b433f5c4671ac85df62b77f51be37099d0f1257490182fb9ff7d8c57879b1c04db6d49d83ebca2c019de19dd8189d671e0bcc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17afbe97aae0b301b63e8f32fdbe2db6

SHA1
8ac0d8011f5a400bfb4c6b8dd34a8e6060398c58

SHA256
67f7169cb1de7e8b81e026f57d2f6c05493c66bb35ded8db14cc614eb7ed8cb1

SHA512
dceacfceca89288e49d0e92d9d0d243a290ff29c8ec3a6da3d2885e4707ef7832bd4322eddb9c60b9cbbf238be47dbbb96907f9141c5664c1530d1f72ffc36dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
46eae328abc185584b2d7902fe0a496c

SHA1
8bcd0a7b3f2a46d6a80780e840756bf5b16c6dd9

SHA256
508cdeb26ca7dbef06cc7b58c81aafa7342191c3c55a43e85514f9b40c283e7a

SHA512
6c6aad86a40bd1a84068da2ffe52d24e756352c988647107e7f4c60ebe56361951f11576bca49bbe0811674087a4fe2bbe47bee7313644a24920dd4be98094c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b98e0cde5423f9b4255de0b920a53deb

SHA1
d8bc5f09dea4fd1275a30ba5ca2077aee6bcbb58

SHA256
680be8bb18c1dbccf70696d08ca450920ce3078e5c677b89451e10a8f71fdf07

SHA512
a546021f88ffd52951c48e64ad2a7f6f5130e003fde7d746b7103910bd25ff946db19b3527374786809aa215c337de86391a63fc2a0f4976b10009a25c802bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d9cde900fadb5d87744a0b3f923cdb4b

SHA1
13f99853c503eff0733411dd7b76e56241281da1

SHA256
8e4ff201460e4f26fc79a40efe1284f3346137d33a82955003e301c0de2dfaee

SHA512
cf877a91fc64a45ff3fa492f3a0fd3781e936eefa5f97c2128857970f62d8316fd086145dbe29ea0e93c4b911d6e9fd01f2332097ce4b4b1b630bfe1e36f93fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
59dea1cd371564dd4cd35586df903ecc

SHA1
a517021a43c40ec368c109ed49aee4fa7dcca1e4

SHA256
36ba592704995c758720d13ade880d037e70b9f5e78244df4d193bdda1e612bc

SHA512
ab0be8cec8cebc735e3cca22dbd8c66c56446383f08b60bae205d787085cba30c905e102f92d47ed4acca38f2873d51822e08a73e56ce128133af774ee5fec57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3d34b44585c85d5011284007306b1af7

SHA1
c6e08481a94060096614e5964ad31488a35fe6ab

SHA256
197fca376948ac442b81dcb207ceb069d203694e12c0fa9be2aa86d39629912a

SHA512
5a44b119ae519135010863d8f67cfaaf631de6f84fc840ea3bcdcc02fff6b3a106c6f62d5d0ec080cc01ada2de37b08de295a470eaf9771e7ef1a552fddbc5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
075d530d13c464eebe06fabd1f56fe98

SHA1
5564f89dd2a32a464900e7ed71cbc245d61c9742

SHA256
c510f6ff610534797100a3885bbb92f6877e834811e6fd6d5cd8e22eba8db684

SHA512
3c6e71b57d91f0ce508185790acbe21b14ff3070341802713626dadc62b9faec97d5f91fc4f20d438682806e95bc6b5c9cc37f5c25c08e64f46ab45de16fe334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
e9cf98e69f07041e5c2c50d935d9c217

SHA1
4f163bf4f63234dad0d37ce9eb8a058f05c461fe

SHA256
05da137d24da9c9ecd85a62716c4e4a944248d757e2ed22e9286c15899b5f9e2

SHA512
610c90d8fc6b851e1b7e58b87f1f65c843af33fab9645b7bb20b77c2e82d64274939d5086a44afdaf599084274d5b02882a2d51600e232b9d215187b62cfb8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582863.TMP

Filesize
88KB

MD5
c2c86f93547b6a4894e1d244f2156ec5

SHA1
95d92018b952a16ceb8a4c5bf30aabb05c67eb47

SHA256
3a383a8e33150b0a6bbfd423afee8438772833d51cd2ec6ac1b5b54b27da6355

SHA512
896b0fed301ee0da41113156fcf2613e2e3ce459b5cadd87ff6584fd45649bf250d81f9064fadf3ef896d44efa35f6b0c86dd2db85d0d26f1ba8b4c30caac457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
227KB

MD5
246f5837941551dbba5b8ebac8ec2bea

SHA1
5d56c12c4913dfb451c0937ab0a36bd6fb811108

SHA256
9e4af9db26add3fa1a8aeb3f0368353e03fa7e388822c586d7d8265717e6ca97

SHA512
02b1f4fddc6ef0cbdaf5e672a1c9085c1f0cab837c7bfd3a434bf8e5fdcc75bfdce3a1530da30525bebd3e89510ac73eec135ad277fad145749debea8abbf3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
70KB

MD5
a126c3894de7a275e01d81a7ee71d022

SHA1
9cdea4eb15f37c88acaf9d07acaf68bce5cd1ab7

SHA256
88418d9ac1d6bed297a9838480d71d3fc521802c68c77917d782060ca4c0ea27

SHA512
5e9237981471517a63404193be16a0101f37b5f3b56e10293c29d19f2d238c7cebfb361e95f6cf86ee8bbba603f43da3d2f9f264647418f6b4694544e64b77fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
be09cc782fbab1c0d55dc6329fd0fdca

SHA1
640d9c639cbe1efc77ef91449dca92889396ff8c

SHA256
123d6df0d977487378daac3e336f31076e295d17473a573c3ae389a0bacbdf4e

SHA512
23348f79e3f83618f72186e5c5f98f7ab68bf5ed37daf6f87d44cc9e0685902bc439458e1e1a6faa49aa9962f625176e93da42ed138b91cd93a8b4fd872ac888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
97KB

MD5
369aba0d70aa0f37cd0bc5ef2499efb4

SHA1
19c4cea54cf4ae97cee5190b66a72c23b33753ea

SHA256
088d564acc2fa242abba0bc4120aae5cb41d0ef93e542bce7be25fdc8918852a

SHA512
999107feef31e6b72b941f8652722a982841440b3b544dda0c52579198c7b6316d25e03835d0a0c7ef6047d8f76bd873d4ab77f836c802562ae223e8a84039ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
42KB

MD5
3fb3b8fab08ab9d2754a6ece9f756803

SHA1
cc14ee51ef5b8c113aab33261588938f4620a35b

SHA256
77e621a0cdd02111328e18cefbfbe67182739719465ac52e6932a9404b07326c

SHA512
1dd385ce224550fdb60215da3a4e2b67df61d40773b263d35a2df573695bbd8f09b6041ef54cd9715b1f8b4c1b14250031b3a7cd9ce6143db50af1c632e9ccb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
74KB

MD5
6b295c69d0750a34844d89055dba3119

SHA1
8f9e1c2a9b8c181fb21c6a99de648318b042618c

SHA256
1e0839ca3f0abc924d187fe99621b12aab71cfe9c94736464c88c906a8d55453

SHA512
ab03125e50760e07ab3f01471a3a174f725079dd358fbd7f8bc2dd979df85bce9f8eabb947c2e8288604fe21da20e00cc2d77f759dd3827ae3292e2bae4cc5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
141KB

MD5
36f7564a6c76ffb3eb8edfb55482925b

SHA1
12cb4d0a9a8fd30d0f5f6a464357819e44aa0928

SHA256
a22f49b61a3e623223df7437e6d4abd70a1705281cbc924bf9aba6ddf550c624

SHA512
f1f37bd3f7863eb520440c6c77cabb28297de169664b4a17d74de4e6c79eb7e1c4326b11a7ec450cb5ceab1627a506e0f9cc35a92aaa106a4d1f790ad6400dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
19KB

MD5
b776233322697ee26b8834e35359764d

SHA1
327a743d304c4b27f243a5d4738c401e5dec3e24

SHA256
15e5a253f62978e07e4823d23bb97d956099ccde8704fdd38aba02b11cf7e40d

SHA512
73eec5c89887b99f089c610826dbe273a86f9f4c0f5f0f987d87b7d9ed12e78a1cb5741d30d23d21aff6536dc34a1258cb3eda9a811d2294e96af4fcda1637a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
5.2MB

MD5
749a83c129a0349cae122ac952700604

SHA1
b0e6e0629b9a4b3cd6194abf4d9f326d9e7df615

SHA256
03bbcecbef540668c7393219c819af681dea139a08e450a5b08298d14370d048

SHA512
097b5b2947b1f7f90037525fcf3351f6b58e51aed8bf6c64df84b6c46538b41abaa939793496f3adadc66ed0a194b59a6a8dde6c29ce8d7be06d74d83b4ba4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
23KB

MD5
d2365780a260dbabe2dbf8a8585bd01e

SHA1
6756c58949d8d51d1b24eef41ad2fad0f5624390

SHA256
77ee7f5b15bb26932f6daa369c79cbeca7f83ca27a47d4e7fbd6a46a361e706b

SHA512
10f9008884a648737fca623da7ee30aad74246fb18b366f5ee582d4ffb9a563723dc3352310162eb3e355a3490b5a4991dd1b24e7522c2a1246d63e243cceb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
67KB

MD5
fbaa10e7df9b153537f3c8a9736056e7

SHA1
f877b97d6fe6a4ba3e4717ffaea5ef811af159bf

SHA256
d4f657227479996718120a1ab0e06c39b16e3e12b17ad27c6691d24f0e6f5b7c

SHA512
0d004580a5862274ea5cc7c90bda3d9ed99a41a3af8a8e17bbb2a98da07cd9eb0b81f337cb48cb1de65cab66578d57ed789f1be4968574bc06886e982f9a5a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
16KB

MD5
4afcd3b79b78d33386f497877a29c518

SHA1
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa

SHA256
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

SHA512
2dc9fff1d57d5529c9c7bff26fa9f3f94adc47e9cef51d782e55ecf93045200140706ab5816dfd4a0b49b8db2263320fa2f0fa31a04e12d0c91fea79b127255d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
16KB

MD5
15e17f26c664ee0518f82972282e6ff3

SHA1
46b91bda68161c14e554a779643ef4957431987b

SHA256
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89

SHA512
54eadb53589c5386a724c8eea2603481ebb23e7062fd7bfab0eafe55c9e1344f96320259412fb0dc7a6f5b6e09b32f6907f9aaa66bca5812d45157e3771c902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6fb60e8df2a62dc08a79d35506af755f

SHA1
2442f25838ac49688ec5f573c95b46f95b6e4447

SHA256
a607c2432f02c44da4abbc0bf52acb7bc907358b01edfb637b674e56bbfbdd2c

SHA512
a76a982dcbc8cc1cbec6ab174d9e5ff2d6133a75f57f7c3a0df89e633f3a709158bc46a084c485affa35b5a25e437a15661917c04718937b6db3bda974e8f110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
989dbc479bdd9e013f330b37bfdf025a

SHA1
31909b01940af0c83e364c2e7dce8ce2a395b3e8

SHA256
3e1709543d1a5f0a40721bd790732c21f65541ad89a2ffc0ad2d00f322804262

SHA512
183b3169611bc8d24663d523b5c36adffad801d073b4bbef36580d4d87f76ad658dee3c8deb256fbda676e85b98aaae5f90f1b2416bb680471eccec47efbdf22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f0a401c7cfd920825ec5d468a006e8c3

SHA1
3d016b4dbeefceb3e380b34dbbc9a7d3b99eb07c

SHA256
15a84874f59e76ab6b0f6d7232c5d63ff6bdc3231964d9202158c48a70ac5008

SHA512
10c4d261f3d387e5f0b902afa159b278e57ed0ca2d024ae8f27ccc777a4e404755ac0736e3c2378122c21df4e21140fdd717b958591589f234a69c1fdcba2e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
976d81e2baf6099d74ea653ee3324bbf

SHA1
b29412bdd1ee3eccea2f7f2ef6aef6a2ddfd49f2

SHA256
497eba2e09f4ba6ae9fc8d2e173bc2e6e1e0ec77dbfe9bc41b78ce1abaaae7b4

SHA512
c87bc1c7b31184456b33cef61623d5c97eda6c6c734aab01f92e27c450c05e380633e48a078cdf8d570818f6ff1fe0032dd04f928a199129e1f4da04405268be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
475341c10634b4722e163dad946ca3a0

SHA1
48eabcca24c275727c3ba1e66e2418270d8f2ad9

SHA256
59c6c5c3d2cfb785541b08401e70b72c3914ba2c820aa1d0adadaa09f295453e

SHA512
f4250fb78b2d5d80fa615fda01b76d7f25e50bfd866c2721936ef3a773f8b2983e6222a8b5894c25f3380551e6d2c59936ddac8fbf56738d7d94234ab9fe6090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d4298240a7dff85e3e1ce05b2b102dc

SHA1
64151b6850d8a991fe3a80607ec3e88991f2f60a

SHA256
6e7dd9e70b3a029e99e19ab0f3543f9b853d06505c79602a23025070ea947c2a

SHA512
403c05c7e6b845bcee77675ba5a36b7420dce161fb5eb339fa7ddd8e3d06192c7973a154b1c2c9381afe2f9233c583ebfd1919bca99503adb95ae0d9c6407cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2c92df6ecb0b863117db1fd3a5fb3aac

SHA1
3eec2640a73e42732ee667e156b74136a3b441fa

SHA256
88f5cf622977198cfd0684325e7bb5519c7f85115ab3cf65194d9ea251ee3c85

SHA512
eb6ec6fdf542f99df8543983816ddd9471441a058f7cd17cf4cd9ed628454cdc094e824e4cfc2406d8357b4788252662d0aafa69546bfaee103643ae116f5695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
daf4694cdfcb09f9efcbdfeb4def2814

SHA1
81311ced7c969bbc3f85af75d2b3dda7fbf8e5f6

SHA256
1d8e934056b3cf3431a01c289ec79e0e90c8a1c78407eb56331a95f4e7640fc7

SHA512
0f7bc334b3d5f267964435aad450552f417c4f238042334a6a4363dc15f739064f778ef4e8ff66a719972b70304fab4d6460840cf8f3d986cc808d62dedcf9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8efac61c8041ecbb2582b9fdbbe3474

SHA1
eb7584e40b3cf2aa61ecdb3845d603ab0114f4e8

SHA256
71e9ac1bc5403d6eff8503f6030f15ddf21cd4078211995af2f01c67beebb111

SHA512
9e667c8bd508a49207b5c2bcf6f07d310d4da8cf0678ea08445424a58a28e068927f99b051c0785ae3b58237fb31bf895c4688aa86a5ac240aeb692831373d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
404c36450c0075037c432f4425f03953

SHA1
4a64003ca227e672ae5821371986b386fbe1ef0c

SHA256
1a0fda789ebb290eab0287439f48f65bba6ebaa65bcfbe043c8e89773a91c68a

SHA512
17148a06d5a103d76beab5a12f5df07e103c8df6090b6098d043d0f72056d5781b1f7272811b412d2d5baafdf776ab3c38896888f799c6a3270bcbad7ede5fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d5dad897b86e80bac6d22a9379b233d

SHA1
5566e9155aec482896905963d4d3324080b548c9

SHA256
cf8697719b5fb587cd2be588eb55240f915862c2271dc69e4b76e99d129654c1

SHA512
0035a41ce611c76de9ca4900ded26ee6026500db2d85b817f21cff6ea866fc46601383838b8fb74fd6bd9dceb9a97e89d0c3f427602e4b389191e5828eb8a5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
1302510ebdd6e8a9ac12b479ae5acc7a

SHA1
2ad689285930f78a501a22331c4300bd4b90f448

SHA256
5f9ea9a9c544bdc56564ab9fac025551866974432cc0e1c7f5c13604e2b03d9d

SHA512
772e5718bf54830979e34bf52695b7820bbf895d30daf3a632be4d0080446ad431c02922a54fbfea6228ec506c762ded68995cbbcb092960f6c912d94768ec6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
73158a7d929e63359b08caaee1501cda

SHA1
f772a9b5c89e2a4080cb01ef97c58378ba384203

SHA256
654102313194a75a887f9666b478bc8f504026e085df738f18d3b0731f08bbec

SHA512
0eb7655043ec4706c3495c31a26c40e3ceefbaf6391840453da4589835a5444fd545ac3e03c19c2814548fe5ff2a382cf4ebcfa5de6ebae3ea63974feeff7bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd863967c4b167283224c514603cdc0c

SHA1
c54e2e8f4d72385469936b4e84a4498b6fdc3e6a

SHA256
08b1ebb4f1c34c936ffc74507458cef477a04010b2265c5552ff51fe563f18ef

SHA512
66f928abf94a298fa26f41ab89672cd01d449fe7f211f31198775c2e87167aba31101dfa785d9d72e0cfeb586dbdfcd51db7ac2aeb4a2f4476c21609d2e5bc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
20a5158d9983523705a19fa74c8ca4c6

SHA1
fa76b5221e952212d5994e9cbd93c7144877db0f

SHA256
960743369fd20b6fe84e737b85d5f08d98f0f59a5527b6493fbcb11a2ab8528b

SHA512
a70fea9ca89740ff1802494e00c22247d188be14b5d20c04ad2a85d170df1ade96329ebc9594b9d282216e1ac48f5de246f5ad247331ea3bd5d1c5e5bfefae93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
084dffe8ab8878a3ca08255b65fb6a13

SHA1
80c35389eb031957ec8f8f3fc3f2bed1c1aec6f1

SHA256
7a32fd5b1ec196646817c1be6f054889967dfbae59da56fdd5bb20d1083adf1a

SHA512
faafa7c86b35713c8bbdc74172df2f70463df15f0b5ac46f6479c850de045a18ce262db2c50ac78be57d2bdaaa55dfd2b956964755dcaa9b75d4406779327f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1b5333195ff357b6bdfbcb5da87f933

SHA1
52f1ba419fae08a995a1f2a3c6e965ff53cb1e5b

SHA256
3dfa99985f019586df10d6ba866953780f597424890149a0f6a25c0474284ccb

SHA512
6340e66ea17e182b8ed651adc8384c08d8076f53b5b7bc02bcb1acdc88ad2b0095ae5dc2ecbd7a353d8dc8760368dd540e42ebffaf3b643945016cfbed04b6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a783e.TMP

Filesize
1KB

MD5
1bf0ebe45ce3e868a6f83a827c5e2bf6

SHA1
36e169e4e79fdee24a83ed77dfef425d695cc287

SHA256
a2f74fe583afdfb21a24c86cd0aa99f21cbe0feca9d6d79c3febf4ddff4dfb4e

SHA512
2e73ab98a1aaa02dd635dede3b0339e9bb5166cff58d940c7e67b83947b02b823d2899b62121bfb775470d741add340624a3a1b1bc430043862ebd90218b4a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dac5518d-8c35-4b09-889a-47e92761f732.tmp

Filesize
2KB

MD5
ad761ed9ed83defa66b84d79ccea17e7

SHA1
b16063e2687dddfd342a0358dde4b6e926f61e6c

SHA256
0c602c7d0647a5fc2966cdb493aae2bdadf9cdd4f00340793ae1388ad1f8ed5d

SHA512
59d4cb35e480a55fd0f7e06e1489dc0efae51a26c44c684624399ed4b3c16cbfa72083fd09b27d723a65dd95fd87ad5632fad9ec45b342107ca8028a460dc301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d990944cd4b390325aa39416528a0b3

SHA1
3178d82a866a2a669769139575f2c2b67bf6cc8d

SHA256
bc35a9066101974a3c9166f612614c6305d8c9eca4ea34d8dbda8f7d1ba22671

SHA512
4317a569af859f65cf5e70b945a569d940bf2bd1535f9857308ab392677eed77b9a2a7b723248b8e02e4cfffe8ea95fca3cd62e1bd5453b8555ee9f6bd354bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5a8d4eff9f5001e992a1edeba2bc58e9

SHA1
adbc7cca76d2e04d237954da2ef2c5439a957b2e

SHA256
a52d38d12e697b3a08455dd0e2423e14aefc0cdc35d5cedb1653aa2fa049b6f9

SHA512
89071619d433483c8e1d3ec4542a0f6c72fdb1503fd8cc0b0d10c38c3ef1e2c6d47e8f5a7c4cb120bdaa8dd9866aa79ea381b96cf65cf2a7416d348d5ba5f57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b503b6dcd97fe0326737a1c8d1634df

SHA1
71bd90c75829e3ea55833f096cd0d45cb6d1ccdf

SHA256
b926c312a00eb7500d80287735f23a489722d47fb27466f591084b0c9fe41319

SHA512
db3fd293c70fef4298009098681970e1b6533d6fd442f6db8873623dba02e429feecde5ae646de6af9c4e1da44a4a3ac08891154a261a8b3abe9bf5977f9787b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69975cad4390f5627f7da5e06a2c83f2

SHA1
34c907637203ee6b15339f5706a458d6765f69af

SHA256
221b47e5aa7853606d72dd77e664246c52c6c553713f0eb1cce46706f0cc2ba4

SHA512
010b1c07bc97eaca80eb7de96334d3a3569056ded31dc2b43727ac3152607c296d4094110abecb6e43c754b0a967ac8176358178fbade3fe3c675b3e7336e967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5849045fa41caf5d581e8fbee9775b75

SHA1
33e7ec8c0ed0046a88d93569e61a591768cb0270

SHA256
609431cf55a25bca17e1292a91da3ecc59a75e20d33da051cf80675b540c5341

SHA512
ae11fa8d1f4ca8d61fb9a82d10eb6b31160a9aa9eaa9d44ef8e04affbc563a4cd4f12b7a755ee655aec4eba4af26891d52139f4942307571b24ef5444d3e3be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405231458591\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Opera_PortableSetup-110.0.5130.35.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405231502341\additional_file0.tmp

Filesize
2.5MB

MD5
028fb19ee2cea3e611b4a85ac48fafbc

SHA1
d1a802b5df649282e896289b4ec5df8d512b53dd

SHA256
e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117

SHA512
99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405231458578845848.dll

Filesize
5.2MB

MD5
b475e76899deb89d881b9cea475ff960

SHA1
840f53d36f18437b782b382e088e6d30dca627e1

SHA256
a3e9972d2e8213f71e742d3d1f2a0e738c99e3678e61a1262226d5d35e8819bf

SHA512
2ba854f1f272c26e476e0cd7507e48ad5c809be4529982d935749e5a620dfc1b3dca692820dc222acaebd01b1ffa67a7bd7471dc49662ecdfc498d9e01523865

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405231502164104576.dll

Filesize
4.7MB

MD5
d73c4b0337341ba48ce552812fed05bc

SHA1
f1ed4a0f46d76dc5d0d0d0cb663a855e14dd79a3

SHA256
978678d8322c237affbb4eb4de1deb590fea44bc17cc37728cad60020324d914

SHA512
c75407c5eb84a02bf5177ccfe8c13d5bf03add49ec18191598c4cc46bc8bde6912c263bc5b29a0568a38e1b69af29b88bbd6e4b3f8ec20ec9f36378265dead0c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
ff9a50cf29becc0a5c0bb812128700d1

SHA1
feab2e4b9e89088086d49b0f872c39735dabd569

SHA256
da7a763040176339724841cea295793dece1bfb6cba80aa629d1efe954c0b586

SHA512
10c10f1f7c4ccf3d19020f803fb7d444b882e8efb98f7f83c79c5166b5c9af52b785c48f8b2929197df38694ab5f0971bb2e5ae7a0445352a60594e522b1d948

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
dc1e5017e40803d9bdbea7fedda29eff

SHA1
9f7dd6a3d22ff2e48da5a576b4c3c8db59134846

SHA256
0e8a2c77e7132d7814114f3ad2b082b13bd04b234c80cb778e587298250602d0

SHA512
964cf74bab67d95d2ca8a6d11285c0cdd6264fd1f195d70d6066eb69c30df335986144aa5e7c84a63b3dbb89c9eae47712816a64142fc30fdfb45767e8d8f8c8

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
5.7MB

MD5
939f9d62567a653d6574e8348ffdd57e

SHA1
e608ff42eae82ec6bd935dbdd8cfa25fcd15963a

SHA256
e64ca3bd30a5584869fece5c22be55456f66bc87625f92cee57f3e64023ddd25

SHA512
c56fa008fd14b3845d55c50f71822b180b94cf410144ba1c4972ea99ff26a949a01aaf2b5cfead0827425f7983576b92924d572f2f0b01bb98a88f8ad6626daa

Download Submit
memory/6304-1924-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1928-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1925-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1918-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1923-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1926-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1927-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1919-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1917-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download
memory/6304-1929-0x000001743B5E0000-0x000001743B5E1000-memory.dmp

Filesize
4KB

Download