Malware Analysis Report

2025-03-15 04:21

Sample ID 241025-2pvy3stjej
Target http://evon.cc
Tags
discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://evon.cc was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Enumerates connected drives

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 22:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 22:45

Reported

2024-10-25 22:48

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://evon.cc

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 403161.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 812658.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4204 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://evon.cc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:8

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe

"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe"

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe

"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe

"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_89639354.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe --silent --allusers=0 --server-tracking-blob=YWM3ZDdhNDgwYTAxZmU4ZjNjMTlhNzgwYmJiM2Q0YWZiNTdkMDFiNTVhNDhiOTI2YWIyNjQxNzZkMGI1NzMyYTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04YWU1ZDhiNjk3YjY0NjM3OWY2MGNiMjFhYTgwOGFiYyZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3Mjk4OTY0MTUuMDg1MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiOGFlNWQ4YjY5N2I2NDYzNzlmNjBjYjIxYWE4MDhhYmMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIzZTIyNTAxMi04N2NiLTRkMzMtYjRiMy1iNTgwZTFlYTI0ZDAifQ==

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x314,0x308,0x334,0x318,0x338,0x71cf8c5c,0x71cf8c68,0x71cf8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5764 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025224657" --session-guid=17e3a050-dd49-4985-9c58-06c4646eeca1 --server-tracking-blob=MjA0OGFiOGNiY2E5NTRmNDcwZjUzNjM0YWJhNzgwODBiNTFkMzc5OGU4NTc3Y2U5YTcxMDEwODU2YzY3Y2NkYjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04YWU1ZDhiNjk3YjY0NjM3OWY2MGNiMjFhYTgwOGFiYyZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTg5NjQxNS4wODUwIiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI4YWU1ZDhiNjk3YjY0NjM3OWY2MGNiMjFhYTgwOGFiYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjNlMjI1MDEyLTg3Y2ItNGQzMy1iNGIzLWI1ODBlMWVhMjRkMCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F805000000000000

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x318,0x304,0x2f0,0x31c,0x344,0x70ed8c5c,0x70ed8c68,0x70ed8c74

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5956 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x284,0x288,0x28c,0x22c,0x290,0x7c4f48,0x7c4f58,0x7c4f64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6101307337142095526,13345061728535542727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 evon.cc udp
US 104.21.27.176:80 evon.cc tcp
US 104.21.27.176:80 evon.cc tcp
US 104.21.27.176:443 evon.cc tcp
US 8.8.8.8:53 fonts.nexuspipe.com udp
US 8.8.8.8:53 fonts-cdn.nexuspipe.com udp
US 8.8.8.8:53 scriptunc.org udp
US 8.8.8.8:53 guidonsfeeing.com udp
NL 23.109.170.68:443 guidonsfeeing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 176.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 68.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 sakpot.com udp
US 172.67.75.230:443 sakpot.com tcp
US 172.67.75.230:443 sakpot.com tcp
US 8.8.8.8:53 230.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 filedm.com udp
US 104.21.60.113:443 filedm.com tcp
US 8.8.8.8:53 d1now6cui1se29.cloudfront.net udp
NL 108.156.61.147:443 d1now6cui1se29.cloudfront.net tcp
US 8.8.8.8:53 113.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 147.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 alesrepreswsenta.com udp
US 8.8.8.8:53 stoodthestatueo.com udp
US 8.8.8.8:53 ukankingwithea.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.67.183.224:443 alesrepreswsenta.com tcp
GB 143.204.176.70:443 getrunkhomuto.info tcp
GB 18.244.140.110:443 ghabovethec.info tcp
GB 18.245.253.26:443 stoodthestatueo.com tcp
NL 172.217.218.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.36.29:80 crt.rootg2.amazontrust.com tcp
NL 172.217.218.84:443 accounts.google.com udp
US 172.67.183.224:443 alesrepreswsenta.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 26.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 190.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.218.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 224.183.67.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 70.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 110.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 getfilenow.com udp
US 172.67.189.182:443 getfilenow.com tcp
US 172.67.189.182:443 getfilenow.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 182.189.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 110.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 70.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 dlsft.com udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 filedm.com udp
US 104.21.60.113:443 filedm.com tcp
US 104.21.60.113:443 filedm.com tcp
US 104.21.60.113:443 filedm.com tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 dpd.securestudies.com udp
NL 18.238.243.18:443 dpd.securestudies.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 post.securestudies.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 165.193.78.234:80 post.securestudies.com tcp
US 172.67.174.4:443 www.ovardu.com tcp
US 8.8.8.8:53 18.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.78.193.165.in-addr.arpa udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 185.26.182.124:443 autoupdate.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 api.config.opr.gg udp
NL 185.26.182.94:443 features.opera-api2.com tcp
US 104.18.24.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.122:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 94.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 17.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 download3.operacdn.com udp
GB 2.18.27.87:443 download3.operacdn.com tcp
US 8.8.8.8:53 87.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_4204_ATKKMVTBBGLSVOGS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6509279a6d70e97d7bda392ab3303825
SHA1 022872e5baa6190be0e4eaa404be2fe937b8bb83
SHA256 2aa3e44c24100218dda8681170ba839eb55f1f06ae28ad35ccc7446d4b77454f
SHA512 abf6fee399ee2b8d725e91f29403a4dac07d8a8e9c6ccdffe09110139b0bd7669a8b5659bb89ae956af223e38ad7b75567ea35d6291800f46efa77480ea54ba5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4ff9c7a4d19bc244828b75e0704186c
SHA1 15d03d01f85a7f1cb7ed147397e736cd143fb3d2
SHA256 dd11111ed29838f6bba2b5282d9d418eae42f997d11cd3b1f2bc810d448a3ba5
SHA512 b1f891e488937ea5243c62fc3b85f3e0c95ca6919d5048e1067865740bc4fb2356e23a2f30bf92b478370b084c9286c8bd5d0c31e7a5d0485dcff0b021ab8d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 317f61ba9d0fd3b9f9c3f3720a20c7bd
SHA1 fbbad4aa898126b01114155cc8728cafff31de0c
SHA256 2fa13284a62a39ee270d7c8cef3f612b4ef138d3bd4f4a2b07a8021cf26789aa
SHA512 0eb8be786011cffae9be9796ba954a47f34bd88d66e1866cf82a9cc300a9164480e10f92f40d36a27123fa51042a49ea28100fb2d364c8c3c7d7ce0e1474990b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d0c37064d96c54830e1c50ad33123fc
SHA1 391e24da6b1aca4f5d85ed8204956462eba3aa00
SHA256 c5394d1792902e4c781f18bcd8529889041cac8634d2afb3f3b6b9b475c9777a
SHA512 ec461b03f3624d1da05eee8aec35d50543766bd11a675eb516a2bf7a965cf879d8872babf35511a6fddfbd9f5c6bc332fbf65c7e95331ed445029c0a91a385ee

C:\Users\Admin\Downloads\Unconfirmed 812658.crdownload

MD5 15d1c495ff66bf7cea8a6d14bfdf0a20
SHA1 942814521fa406a225522f208ac67f90dbde0ae7
SHA256 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
SHA512 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12924bb41012d8178850ff3bfea63a44
SHA1 551245fe39259e31f5f36f662543dd77f7f6ed31
SHA256 5ea5557486bd78db8ab12beb28b77c4ded5d817485d34ff6bec613f6ac47c959
SHA512 3b81df867ad892be30d6a15bcfd4c46e4524f73a8e95891236aab7edc485fa2d7a7a2ab9bc5fa744fc857e1df9b06adecf86bc9ddfc5a277e50f6cb81bcfc551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2d7973509bc54b7b21864d26b373e254
SHA1 d16fc43d0812a3749ee9819df99d3be315592871
SHA256 c89bb54033bf6e3b0a29da2cff9ade8edf24162d9b049a7730b98d0491513ee6
SHA512 ac56e420a93ccf63cae5fd213ce3d603ad8d637a5f1b130ce82d95e026392467d36931d823432b2028d5fe02f4dcbdecdb7d8e9c4dfd0afaa22dd428956eabc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3fdab875487b6931ad5a45fd697d5db2
SHA1 1f9f605a214b0aefb1772791a01ea78447794c00
SHA256 f1f1a2bb6ff29383ab343a9c7b61c69ad302b6974f50062ecf87668f955c63d0
SHA512 8dd08565b58b8a36b95e8fb0a518791d63d50bd97923c508907147273d0d49a06c276408a6cebbca2844b7b55f6e0b20c78108b2171b8a9d9304dcec8bb8a0cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6673fede28890ab0978d38004414af6d
SHA1 ec3b0020a80ef3f7a21f127a8a663b61fe74cadb
SHA256 c4a4122a95f82e99bfd175505f619b486f7baac81337ff7b1af18eb30e39a68d
SHA512 8181f6e1ed9d012632fa94ef330cf528e85af899cd080d1f994151006b5c3d01556cf28d38de931a6b09e63ea712a33b1cb92fbcbf428870499625c5106d448c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 3bda7f13e70a105326505b399fa89f6b
SHA1 3a45bec9b61389e3938476d905f0cd762d1b6293
SHA256 f9097dfa69f1a71d16cacc1e116c088495a95ccc9c325d51c97b31630d9740b4
SHA512 dd672634d221385ffe17acaa2d3e0956d0e89086c40255bfce3db3ab0d1bd5c6b92598cc8344d6f876f8abfced6f07f696b321ed2a891b47ab049748eef117cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\174A7705F9EB36DBEC7A426BB49E6993_6AE44E5AA6164155452A8CAFF25FFD1E

MD5 b8f79c8e22d1075d911acb97662be1fd
SHA1 cd6510f710162eadf68d7a666acc2fd31d94a14d
SHA256 d105a098f43aabd1562016f720e754caa59dbe14adb5fe23cca6ad1c7ba068e2
SHA512 1ab9458f7b60846b1beab430f8ea1cbd855f71ba2d123b9c76b330e2235fdc75ab625eac82a18f4055e5b5d3dae52d93031b5ffc58aa038b18597c3f6ccca94b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\174A7705F9EB36DBEC7A426BB49E6993_6AE44E5AA6164155452A8CAFF25FFD1E

MD5 1dce4e003b078e1e52b8f6743efa00f8
SHA1 1224f2aad139b50b8dcc3966eaf8933576e99fb4
SHA256 a2a9c1a295c02036e399153e0fb27352beed64ca25e01313bbf81881085eb1d7
SHA512 533a52cd4c82d8f3b4b6f9904aed062108b8e82461aa0595202304eac3f4f9b0178b2288d448fa12728b900db43fa2e772ac1049ffda1e21248a128304ce1054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\174A7705F9EB36DBEC7A426BB49E6993_6AE44E5AA6164155452A8CAFF25FFD1E

MD5 36c1ea5324982b9ec554ddb01d8c801b
SHA1 63c88ff469f5ad349469fddc4b84efb9cc042589
SHA256 7ac51b06addefa55aabc0b2fd18dd55a2130d62a7b28ac7347912454efa5e853
SHA512 1a6f7f9580b560c62e7daee38a757e3b96552cad30a45a9d88fd6ac374bf4533dc3d3c6b7a7f5309acdf478a5b6b3e6080957006ec8fc1e9bbe64798411f477b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0GUUC90F\service[1].htm

MD5 40a18b7f7d0ff313ba759cdd576ebc29
SHA1 f9b4e19755ded63c8917bdc361cb62e4ae5d2ca0
SHA256 b63b3956d5ca52540aab6fe0723d84d9310400d274d0b4efb461016952bf2c16
SHA512 17b661b277c899eaf49d46598d403297240e8a6f2d0a421f464321793bafcc37daaf2c24495bff14d7ad83439fea0887652278ddc94375e6b320b4ef11da0567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\683777F22CA5F117A17AED22F9EC628A_31A59FE3E1C95A9B7E3A97BFDB0F6EEE

MD5 afd5c2ee5238c5f91786ff9f96704adb
SHA1 abc549a9ec81c2642d060d669d9fd46e9d37e8f3
SHA256 baa94afba8063811ede23216b1b080afaac17e510c0aca75a6f41da6a5c039de
SHA512 382c85974fe2675524151ca59a85f36630d78f5b7905e5e71cf85f3b9cffac2ff143b10f94e075285a33cabb20b7d3f5bd9366b10d5c988d13939d9e2a2d3725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\683777F22CA5F117A17AED22F9EC628A_31A59FE3E1C95A9B7E3A97BFDB0F6EEE

MD5 8ec0f14d73e596cb3c1e182c30d8f6db
SHA1 1229d2c462f9e396286c1ca3d1ef8232edfaa076
SHA256 134a0623341880218cfafa944b03a0671dd169fbdba1bd7fe512955f8d2bfd12
SHA512 056d871ae30658715a5d526e45bf8665c8bd2b2069ba012ab787135c8ca2bb41dddf2a88c75990a4a688374bc5c6977fbc8e0a61b6ec1bd6c2036a11bf6015d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 835473a9ef5bef6d4d7e40461172d7ca
SHA1 73963a4cbfb01691d08917049532a903fc9984ff
SHA256 d632d2be638040473a069fe376f2b230b4905a51340bf6ad6386d09e97c8da24
SHA512 94d269ea1815b3ffe27a5883d75414fe803dbb1f07f54596e9b354e77658535ebc6783f059dd67141540b68474c9cf16435d20e4b60fea93cf621d9651ec4033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 3694f07bb1b55a7f381856ddd1a55945
SHA1 a1542aa0ec2334991934ff2859dedda0c9ad9011
SHA256 944d034bbf681796cd3bbd6aa5a24f8d0a9ad087839d89b529c50bce0d5e6ce9
SHA512 7d7b047ab89de450829158a7750b85c0a9896bf3f72f47062e19a98c434acb27684fe8c56e5203af0d6a4fc381897e60fe68208e1452f920ca5cd484c1007324

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 389dd89e2b0c3b62b1751ba67ea58ada
SHA1 ef898407290b8b9691286e02ef07462e80b7b3a9
SHA256 76160f9fd5671aeda1eaaafb0df97ae3d64ef151fd56624c1ad05a0fb7a87185
SHA512 919ff902ee080ee9943d1a6dce49b2c478b44783d666a6eeab63797c7069431a8f9761f0c2b262c5638a786881a5d1ed8712bec9018159c6d344a8493ab790f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 31f1acb905171bef66d719b782ae3305
SHA1 c6dc709c90213001e733114288ab95f2510535d5
SHA256 5e97277dd53116d1375db094cc913c732a048ee284f6a106667258666b0c1e8d
SHA512 3a21b9013d57446ac6160fda5e24ee50a3debfeb9acbbac70a4348ccdf9a92b6c12a612da0b50d01c440533097c37e606f60d15113a73f9b05219611aa3509b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1d4b58cd6f67b1d6776a813e18cf4687
SHA1 3d7b7d4ccc6e14ba543d894c983b319678ec2498
SHA256 a8f1c23b70098b778e9261bb3466619b1ffa9327ee4d3da4c7ae38e5cc7863df
SHA512 0ef09f9f40008c01c1094614815858aba930382f882c64e109e972b4e58df75444ea50326d34f3861b4e745e006f6783e639acbac06fdaca8ded7f52392da9a6

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 dc7e34067255e4b3136c46c9afc890f3
SHA1 d0e6ee7cda7501c11c51e2472e60836f5f39b07c
SHA256 30552726701c02fe8db6ab31a502e644e2d3143baa5d4506929a48c91a6a6c40
SHA512 620a036adc3b661dfe54a08605f23f4d79c875942a8fb6699f2969764d99825f0e810275f4b4126ae2944bd9beb8dfb4e4b8924f5262df7b8adecfea42d77bfa

C:\Users\Admin\AppData\Local\Temp\7zS45682D68\setup.exe

MD5 a910474aad1eea96921d359e1763d2fd
SHA1 8f663c05861ce93a1418607bd208c21dc7263237
SHA256 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e
SHA512 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410252246570915764.dll

MD5 94a99783bf5a9aeb8a0c8adcbb144ac8
SHA1 f5682606d1a3774a44d58a42391533899578897b
SHA256 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9
SHA512 f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252246571\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 120119a2ee7daba9969bde69b5246feb
SHA1 ebe4108050c7313815cbee1e9213e76cec20f1d5
SHA256 f7628a9a6cfad07d2c36fdf15ca1263d390d3da130435e463780b329fd19468c
SHA512 b6e7087ac2bf3940f4854a4e004b7f6c07fa3263bedaf521ba05e24acab8243bf8fa0beb42b7babaf0d8fff2648cc559ea5f0485a8968cf2c773dd0f3cef8b8c