Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-09-2024 14:23

General

  • Target

    https://pleasebux.com/

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pleasebux.com/
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a4718
      2⤵
        PID:1788
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:2448
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
          2⤵
            PID:4240
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:2884
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:3096
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                2⤵
                  PID:4724
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1736
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                  2⤵
                    PID:3036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                    2⤵
                      PID:1268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                      2⤵
                        PID:4900
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                        2⤵
                          PID:2212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                          2⤵
                            PID:1172
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                            2⤵
                              PID:3772
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                              2⤵
                                PID:2228
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                2⤵
                                  PID:368
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                  2⤵
                                    PID:3704
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                    2⤵
                                      PID:4816
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                      2⤵
                                        PID:712
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                        2⤵
                                          PID:3812
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1604 /prefetch:8
                                          2⤵
                                            PID:1396
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1312 /prefetch:8
                                            2⤵
                                            • Modifies registry class
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4648
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                            2⤵
                                              PID:5312
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                                              2⤵
                                                PID:5416
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                                                2⤵
                                                  PID:5436
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                                                  2⤵
                                                    PID:5564
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                                                    2⤵
                                                      PID:5264
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:8
                                                      2⤵
                                                        PID:5764
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
                                                        2⤵
                                                          PID:5776
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7076 /prefetch:8
                                                          2⤵
                                                            PID:3584
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
                                                            2⤵
                                                              PID:5360
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
                                                              2⤵
                                                                PID:5908
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                                                2⤵
                                                                  PID:5948
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
                                                                  2⤵
                                                                    PID:5956
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7332 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6112
                                                                  • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                                                    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5204
                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Enumerates connected drives
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Modifies system certificate store
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:880
                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x30c,0x334,0x338,0x310,0x33c,0x748f1b54,0x748f1b60,0x748f1b6c
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:5724
                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:2180
                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=880 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240904142433" --session-guid=018d8900-54ea-4fc5-8d4c-be9c8f0884ce --server-tracking-blob=NzgxYjYzYmQ4YzgwMWU4MTNiOTA0MjkzMzdlM2FkMjlhNzYzOWY5MzJiNDBkMjU0YjdiNDIzZDVkNmNkZGY5Zjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjU0NTk4NTcuOTU3MyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1hWUl8xMjk3IiwiY29udGVudCI6IjEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEiLCJpZCI6ImZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU5ZDk0NjdlLTg2YWEtNGVhYy05ZjY5LTQzYzhmOTBlYjJlMiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=7409000000000000
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Enumerates connected drives
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:3476
                                                                        • C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x324,0x328,0x32c,0x2fc,0x330,0x71a01b54,0x71a01b60,0x71a01b6c
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:5312
                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:5164
                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe" --version
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:4260
                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x11b4f48,0x11b4f58,0x11b4f64
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:4916
                                                                  • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                                                    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5864
                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Enumerates connected drives
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2024
                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x31c,0x320,0x324,0x2d0,0x328,0x72671b54,0x72671b60,0x72671b6c
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:5404
                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:3904
                                                                  • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                                                    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:2616
                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Enumerates connected drives
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5184
                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x324,0x328,0x32c,0x2fc,0x330,0x71a01b54,0x71a01b60,0x71a01b6c
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:5144
                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:2020
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
                                                                    2⤵
                                                                      PID:3740
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
                                                                      2⤵
                                                                        PID:4328
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
                                                                        2⤵
                                                                          PID:5896
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
                                                                          2⤵
                                                                            PID:5920
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
                                                                            2⤵
                                                                              PID:1072
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:2
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:5424
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:2092
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:1960

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                53bc70ecb115bdbabe67620c416fe9b3

                                                                                SHA1

                                                                                af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                                                                SHA256

                                                                                b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                                                                SHA512

                                                                                cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                e765f3d75e6b0e4a7119c8b14d47d8da

                                                                                SHA1

                                                                                cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                                                                SHA256

                                                                                986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                                                                SHA512

                                                                                a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\29340163-1824-455c-9281-83e330a94ca2.tmp

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                eb260534af7776fd9fba04034b13e4bd

                                                                                SHA1

                                                                                3e3eff66c492f6dd8adbb42489459264411c7f75

                                                                                SHA256

                                                                                ee675c4cad8f9e477c480d6ab0b282633286addce1ee977fd48733cb3c4926bd

                                                                                SHA512

                                                                                23a09e3ff8155af630ee037195952d90ff6ff70f7c221d56358c70e5618fceabe7c1b84200d569590c72b15a72a66d9d51ca61db9bce12c785042cb0903d2e4b

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                Filesize

                                                                                66KB

                                                                                MD5

                                                                                b29fdf571d2c6921dbe7885e194bd831

                                                                                SHA1

                                                                                c21f90ad83509f9b2b3dbc3589d6bddee6e05aa6

                                                                                SHA256

                                                                                81b1b4ca1778ff0a6756c0934fd5ef5f5bd5408b5b0906f2b6c1615349443fc6

                                                                                SHA512

                                                                                246d94fc9cf0a4df093a2b9ca988126d375a0a80415612b81c92b63e32dc74c46502d0e4430cefda263b25bc30616db70b4408f477d2c3523d4e68670646099f

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

                                                                                Filesize

                                                                                126KB

                                                                                MD5

                                                                                63319906ae1745894ea0d74deff3cbf8

                                                                                SHA1

                                                                                4ee2150249334c23d6021386d30a7c441b9ced13

                                                                                SHA256

                                                                                72bc1227c73b341e574bbd741783539bf4e4a2ee7f9d1e142e2bc6707a7e98cb

                                                                                SHA512

                                                                                0783803646ffa71994944e8ba9660a08ec3be66c7ad6589fee2e16b79805550db15f45097ff58def28aff96b0e74dd5feec75890ea7177fd7fa1aa80921d5f36

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

                                                                                Filesize

                                                                                96KB

                                                                                MD5

                                                                                51eb43e0006dd8bff136d7837755236a

                                                                                SHA1

                                                                                9ebbfb2bc59d92a58410e346827c5b648751685b

                                                                                SHA256

                                                                                002bd760239c407c22525973a0b8e8152c376c002a36d4345eb31ba5d6733d75

                                                                                SHA512

                                                                                80ebfc107a595d84ef1a6eff9ebc92706614d6c80ca81f6ae591bde16b7ebbd15f4d12e25a09507c4d61f3fc1530a5423c8cea6b7f5e684a3eb34db27206f992

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

                                                                                Filesize

                                                                                103KB

                                                                                MD5

                                                                                3dba85126302ae3c69942e2f2f40743b

                                                                                SHA1

                                                                                62e2b606f7a62e1cc75fa772217173da0c1d0f3f

                                                                                SHA256

                                                                                c1d03f31611f103e342f9a1a1b5e7ee8dc66b00a5a01126028e62acb9a4a6e4a

                                                                                SHA512

                                                                                0252aa5469a5fac1626f677d5e02eb7a83ecb97c316b551e403c2c3f7e8c137a32014c1866c537955dfcecd341983cea0aeb52db4756c7f1e547466a8f597de8

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                SHA1

                                                                                eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                SHA256

                                                                                e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                SHA512

                                                                                37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

                                                                                Filesize

                                                                                26KB

                                                                                MD5

                                                                                97a3bed6457d042c94c28ed74ec2d887

                                                                                SHA1

                                                                                02ce7a6171fb1261fde13a8c7cbb58992e9d5299

                                                                                SHA256

                                                                                ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

                                                                                SHA512

                                                                                6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                16d6c024a60ff1c5b53dd12fa18e49ce

                                                                                SHA1

                                                                                e4714d8d5a891cb1368f45ddadcd2a6d7f7d438c

                                                                                SHA256

                                                                                5834964811a799fd4ed499f2b6654f8cfcb2fb2227bd58694aa27c97ae35eb69

                                                                                SHA512

                                                                                69279496c7add7d1e54d3e05cf202d0e8692a9e8d45b3e456600a1e8648d313a7fddd9ea7aee475f32ba2abf8d7311a00c4ebc5f1cca688d1b89fb052abc4c5a

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                48bb8594bc4d944b76492d4d63966e80

                                                                                SHA1

                                                                                cabd6dce130fbb4083583f267ba71f97f3ede4bc

                                                                                SHA256

                                                                                76a13825baf103ede3f79aee12d693f5ce0bbb3e9764e1dad7d5ce20d2c3bd86

                                                                                SHA512

                                                                                172f946dbbf58d0676bdcdc772e543d1d7e099ba629f3cfc97e639f2c19a422791540e313335eaa7c117b8135aa3bbaa683dfb3ded91134bfd147646f2857f89

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                964665b8228d6a1872e685b6c45dff08

                                                                                SHA1

                                                                                606584c269965d7bb533bce323be6d316717498a

                                                                                SHA256

                                                                                c424dca933dc65c3354ee5394102eea614f2289370fad4497809e9ec16ed11e3

                                                                                SHA512

                                                                                c3c66c08541f4bc687e13ace6295d41f5ad4610ab9cd2ff82edbadd16e00a4fae7ed7a6e491df6821131def8025aecd0176542b5dc27df094c247c8c69095833

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                b13bb5d833de9dafb31f13c1431ebf81

                                                                                SHA1

                                                                                24599f97f163684a3dec5c0b87a2dbbbe37ff1a1

                                                                                SHA256

                                                                                dae7689ca116397d34c25c020f8920411720899dac719e71cb3012b2b1be698f

                                                                                SHA512

                                                                                2583cf0f292a031e9c481a078ae63fb3bcd6db9f6152b0000b9b7ab8b5425208096387318814e1cf34249a6c729a223e6ae037792902d000f85e56be5495df8c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                0262f1b8875a63310122209127977387

                                                                                SHA1

                                                                                1d3e59832699cc65a9b81c4cd4dcd3e780c85ffc

                                                                                SHA256

                                                                                8bb236a9c1e36a74735f32996601b95770fa074b586869e9ad7f0f34b8c7eec1

                                                                                SHA512

                                                                                510d1f686a3cd17e9e30a6f0fa615ee10738b526f93ee4995e17605a73521ac57c20acbc1416291f1611394e91220231c0b78b1d118a7c294f987f7b1578c5a0

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                b250cf482e269ea8fa4833171d7049ed

                                                                                SHA1

                                                                                9c118440ef51c96839eccdae7d4d31e90cb73a03

                                                                                SHA256

                                                                                9ab9817f45d9872a7c52fa2faeac560cd18f0e96c2394dd24182f48896b32c4f

                                                                                SHA512

                                                                                1e1dfd67b61d5dc3b560235383cb5faef7cb53ddcf862818b170dca87d523b716fc28a0e911cad2745337d7bc54f25a7a5732b2000deb0a4119bb8a4c5b142c4

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                8aebeab327801fb6fccdd3898d94796e

                                                                                SHA1

                                                                                bc212da08fd3941a8c94f85e70638e6a9c3b8bc0

                                                                                SHA256

                                                                                9ca66bfb12e185ec67db1be7337181551c4303c5e78774272ba9116cbf45f9c9

                                                                                SHA512

                                                                                e7a763dc5d1f675b7af8deb8e0e7d4bc000b058572370f24a6ebec85ede3844fb48517db56d09bfa85d6ef24db4473b95d0b8e9ae3f5681b2efacae6da67cef2

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                2a84abe5321581e2e2f5e14b88ccf499

                                                                                SHA1

                                                                                e2ff9a1154bd48bfa108b80017c2cfe2bed35539

                                                                                SHA256

                                                                                06121e21d9ee5e8b28fc3c515bb5543c2cc19d9f584e171c06590e2b3e18d9ee

                                                                                SHA512

                                                                                ee8ea95037f5068fb30eb5f93c963759d78535bdc501801c18377b2deb4262c9e654d0eac1018ab13f16397eee5f22d8b000857d2c06f76fb5ee18e8b1c50f87

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                22ac1d76811774583dffd91418f0de5b

                                                                                SHA1

                                                                                186891584c1b9bbc019cbd5334ca4f2a864e1bb0

                                                                                SHA256

                                                                                ab3d3ae7868d3d6bc30d21bbd7afa583b1cf7723dd81eda6ebeab9c1c1f22b28

                                                                                SHA512

                                                                                22ee93d2a1cfdb03a920788202cebd2391dbac6bf1eb165556404b8b2fc3e1b859ac61696e430333fcacbd97feaeee214eb646722ab2115564986e8cfbf56858

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                69d9397d1315d50c50531a91d644f382

                                                                                SHA1

                                                                                a4bc7663ce66fe9ca1cabf814ae9c40d34d898b7

                                                                                SHA256

                                                                                57f0095b0f12ea95b4b787ca6cb3607bcdcfd6d6ce4896e363e5e79dd4cd1862

                                                                                SHA512

                                                                                65c5f6c8a000e812619e778270f1fecffbf13aac804e9c8dce284bdc8a03a60cd07f2a8010f220bfdb90e4954964560ed6a5b80e33d90045646ec650e37f46c5

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                872B

                                                                                MD5

                                                                                250fdb3564c65b4c2f6a9bb6adf55b83

                                                                                SHA1

                                                                                1fd630cdc982ff6d9a5dde8551bfb2c310141cfd

                                                                                SHA256

                                                                                dcd840eb9e94bf92ebc537c3f6aa4b637c5a5400d935730aede99ed4580fd80b

                                                                                SHA512

                                                                                e5d7bb050e648b6567e58891359e076fb0b3be676235b5c4a17e6c5be8e96dfca2f11a85804487d1d9d174300faacd21be663a84105bd7e45b496694d1397720

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                b896c243cd41c2ede6f9f498826812f9

                                                                                SHA1

                                                                                3818c29f4cde793f00b9c8d8ec98b6a90bbb9af7

                                                                                SHA256

                                                                                7170f16603bc554b8ce26e9ab235832a2f44cb83a75e4f081317a436defc1ec7

                                                                                SHA512

                                                                                4a27a553b24b744b6b674adcd2766c6ce9378f01e474d97f25d4cd9443472dda0075111b396f20c0550bfd126cd78e3593bb41d71442e21d7bcd273d655bb0fc

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                188b723dbc6474c7fcbb1c69df02a15f

                                                                                SHA1

                                                                                e91fd755ca1ea1a60948a0317c57fc2183db96c8

                                                                                SHA256

                                                                                e9e4d849bac613a9fa88859f6e1ae798e55886b3d8ea25471140d83c5e775e06

                                                                                SHA512

                                                                                217340960a0bc09da267bae71e47d9b5a5c9d5114bbf1410923f0b1c5ac43db85f9cf1b1970b69d9c5ece6ab732f105df564302555ba32c77175cfb8ebf70b0b

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                528938c8cc94e4cca1ac4f81384ae908

                                                                                SHA1

                                                                                6e9e3e9c04c81113f86e7b2a546f4604388c8ed3

                                                                                SHA256

                                                                                93424b872c97de2a51618bf6f55932460794b1ea22be9330495343a246adf166

                                                                                SHA512

                                                                                07183b6cfd72736035d148ff941de6423f90c5472785d616bb41080499b17d7edc54f011121aa14f4a8c209f2c2721ef9ed101e36dc9c7824fadf9885c42973b

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd7f.TMP

                                                                                Filesize

                                                                                204B

                                                                                MD5

                                                                                95a3c125dd905c20f8efc0188046e728

                                                                                SHA1

                                                                                44e4d4a0b335d4f8d2d867d3a5d4dc6fa9f889a3

                                                                                SHA256

                                                                                d513ae9a71f5b1afecadbac073b31d6f85ebb04dbf5ccf61021dec6b88cf0344

                                                                                SHA512

                                                                                ed62d97e38c3ea614d4cd5e73982ef0c2f8adbe0a5e6ee1f81c5312a95ff5b013bac7fd889044546bd9ecdd64d9e66582e214b6ccce40258d025be4cb25a8c82

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                SHA1

                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                SHA256

                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                SHA512

                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                482efe17d5887e950485fa5a4c64e699

                                                                                SHA1

                                                                                490ddf00c9128e78a241d717f27b5999b3973ee0

                                                                                SHA256

                                                                                2038a1733ea94211dbc3ffdb1a6be5472c507b2e21357e98f49bf8a67a590bf3

                                                                                SHA512

                                                                                0e8c87ed67e6e7c8314b7ccfa6c6e15a0a0de12c2c31fcaabd141d7f777beb2ac7990efc166d6ac0b3851c59fe7f3d045c2b389143a91a123e4cadb0a0075001

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                ba40e060ff4ebef6ddda79d2fb650f05

                                                                                SHA1

                                                                                dd87f59e42b07c47f0afa28a5c3d42d971b63ed6

                                                                                SHA256

                                                                                b07c2ea108b5f76183786333cf0dd2612f3b9d2bfd33af69a48a33db8e714f74

                                                                                SHA512

                                                                                1d80dc267b373cc1eac4a78450acdcd603851243a209c90d1179925097f0d770e3fd60f3dfc4586f38dd9e2eb4b9f44ccb36a53721df3d7f4cc60f845759347c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                cb9aaa5e28d1b3c9b56cf09cddc62de8

                                                                                SHA1

                                                                                f1c3941ab5c0216390e58555c21b4e8f4cca377a

                                                                                SHA256

                                                                                25a5071025cae2d67f93f38baf1f0922cd48fcf30e4c132aac50647bb1112043

                                                                                SHA512

                                                                                d822ff4d2c00ff439b568d0290f3d72fdb0b7796845079a94c0ddcd3c5f2f43f9838e18f07031294f4f606658f1221f52bc4fd50ee5545cbfd6e12265c47a876

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\additional_file0.tmp

                                                                                Filesize

                                                                                1.4MB

                                                                                MD5

                                                                                e9a2209b61f4be34f25069a6e54affea

                                                                                SHA1

                                                                                6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                                                SHA256

                                                                                e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                                                SHA512

                                                                                59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                                              • C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe

                                                                                Filesize

                                                                                6.4MB

                                                                                MD5

                                                                                defd30ea336650cc29c0c79fad6fa6b5

                                                                                SHA1

                                                                                935d871ed86456c6dd3c83136dc2d1bda5988ff3

                                                                                SHA256

                                                                                015a13bd912728e463df6807019b1914dffc3e6735830472e3287150a02e13f4

                                                                                SHA512

                                                                                8c6ebbf398fb44ff2254db5a7a2ffbc8803120fa93fa6b72c356c6e8eca45935ab973fe3c90d52d5a7691365caf5b41fe2702b6c76a61a0726faccc392c40e54

                                                                              • C:\Users\Admin\AppData\Local\Temp\Opera_installer_240904142433024880.dll

                                                                                Filesize

                                                                                5.9MB

                                                                                MD5

                                                                                640ed3115c855d32ee1731c54702eab7

                                                                                SHA1

                                                                                1ac749b52794cbadfec8d9219530e9a79fc9427c

                                                                                SHA256

                                                                                29b4cabc7a0e9dffbc2395b976749be0aad88357dd3b1d7e0cfc9b0c645421a3

                                                                                SHA512

                                                                                bebe55fdbb363b78c4a6371304f65b89e03a03cee5a8ebceee1681261d8df64a0de36888ed763c3a607ae2732ab54e2e41edb624f37a7fdf8755c40e6bb96f53

                                                                              • C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

                                                                                Filesize

                                                                                4B

                                                                                MD5

                                                                                d5333984775cfd846cadacaa13565e4e

                                                                                SHA1

                                                                                b700fc571867a9a3a0c3ca4a657375fbfa3949dd

                                                                                SHA256

                                                                                e350163b0af5a851b5c3f1193c785f90577300d4d3015aa737d57089da982ca5

                                                                                SHA512

                                                                                6fa7852f92a337a99cd15c74e0b5f382b50f25add41fe292d94448441ce4c4ad06ee0b9819ffb3299774d3712e0aad8cd7a19e783507e83aa585699eb67e08cb

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                f3b25701fe362ec84616a93a45ce9998

                                                                                SHA1

                                                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                SHA256

                                                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                SHA512

                                                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                566e590128a748eb3a015c18cd845174

                                                                                SHA1

                                                                                66519acbbac5cf9f642306ab23c3a6670d644bbc

                                                                                SHA256

                                                                                c83e4106915572cafb85cd3f823ffe750469c78cdd293f33ea34bd183870c94f

                                                                                SHA512

                                                                                698d87323b1674b3608827d94cf605d6e16527c23fcf6fc9928f181783e3b3d4388a0ee05a00504b465562b8f3385e581a87256bb13ec5ce4e6388e26b992d9c

                                                                              • C:\Users\Admin\Downloads\OperaGXSetup.exe

                                                                                Filesize

                                                                                3.1MB

                                                                                MD5

                                                                                eb29c619aa8e37aa85970a3947d0813e

                                                                                SHA1

                                                                                2b8e0d3300c5590ef5a0075f6c6f8a649fc29e24

                                                                                SHA256

                                                                                d708e619d371dcdb961ebfd045402ce5b46457175db9f428c92b21e5f49447dc

                                                                                SHA512

                                                                                332fd479b5eb98ba106cece02e30bac3b4ba82392906e4824e6f060fcc0e392be9237c4281796b9afb05adab1fa066c0d49195aa214cc0210e326872c02f14e1

                                                                              • \??\pipe\LOCAL\crashpad_1240_ASIGNEONCEDLOWID

                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e