Analysis Overview
SHA256
4ebcc702e38c0f6dc7ad52d13ff53f376dddf4dd1cdfbfa85443327f0231661b
Threat Level: Likely malicious
The file EXORSIST_TOOL_Vesion_2.0.1_-_Copy.bat was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Enumerates connected drives
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 00:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 00:15
Reported
2024-10-26 00:18
Platform
win7-20240903-en
Max time kernel
145s
Max time network
117s
Command Line
Signatures
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\EXORSIST_TOOL_Vesion_2.0.1_-_Copy.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cscript //nologo temp.vbs
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cscript //nologo temp.vbs
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
Network
Files
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | 7bae6e6a1645b9209787794d2ed953e7 |
| SHA1 | de969410065fb5ffd46fdddc780b4d7c5102ac85 |
| SHA256 | c15c37f9ecbcdfcdc719cae2f01ff2b78e95f65b883369141ca6cd481e06f7fa |
| SHA512 | 275282f62686273cf7bdff93621328858ba6e1e5941b7de2ccb64858edf11ecea0d2d9e3bcbc3b2eff25adfe97cdfa561f7019ced033769910f197af5675d8ac |
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | e5ca26ed2efd400bb1319626eadc99a0 |
| SHA1 | 25c559ebdf3a492c05e120a2ad75efc9f9a5c4c7 |
| SHA256 | b8bf4092338515229da6c8876e994cda6e1399260b4be870ded3a737f6b42af8 |
| SHA512 | 0ec591f8e81ea64eee866e6653a8ee6402d9bf27e50a75e3a2b371a3c57b8f48f1b3ab3c18f117635a5114e307b7e43d29d2ad5833abb37f50f7c54edfd70775 |
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | 87af89d4af5901398792d0b2b282e545 |
| SHA1 | 69d3e1d7836df841edc2bd0d22241cc9e62744de |
| SHA256 | a76eebcbf17a9529b504d571159d2c5a7159d6bdb921e1c13a9c0e0a30409d82 |
| SHA512 | 7f81fee722a7a121450455f7673b8fa4cdf9d9115dcc38f3b51b234684cac68011a041f1de8f62d641a5d55fa4f7ac4659adf0d861ada04bcc805e372e99e6d0 |
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | 352d2073ed92bd9d618901967bef9788 |
| SHA1 | 763f89dbc2627a7330cc33faa8b0dc2abc8e2b31 |
| SHA256 | 31a82c8a853c05432cbbd5309be6da8f89e13f7fda3bc275bc92d9041536e100 |
| SHA512 | 1357e86ba667ac4b3b81756ed7cb127a919e6a9b4ebc757cc66e51cec896084fe52bce87c6362a34a50df0153c3f53766f52edbe9e8d0b36cb76deb84f5afba8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 00:15
Reported
2024-10-26 00:18
Platform
win10v2004-20241007-en
Max time kernel
180s
Max time network
182s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743753801380368" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\EXORSIST_TOOL_Vesion_2.0.1_-_Copy.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cscript //nologo temp.vbs
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cscript //nologo temp.vbs
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;18m" :: Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;21m" :: Medium-Dark Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;24m" :: Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;26m" :: Light-Medium Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;27m" :: Light Blue"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;32m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;39m" :: Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[38;5;45m" :: Light Cyan"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set /p="[0m" :: Reset color to default"
C:\Windows\system32\cscript.exe
cscript //nologo temp.vbs
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb683ecc40,0x7ffb683ecc4c,0x7ffb683ecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3728 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff667a94698,0x7ff667a946a4,0x7ff667a946b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4520,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3568,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5384,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5680,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5908,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5380,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6084,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:8
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe --server-tracking-blob=NWNiMWY0YzYxNzZhMDUwMjJlZTdlMjY4ZjhhODUzNTkxZjgxNGFmZGJhNGE1MGY4ZjRlMjljZjQ0NDg0OWYxZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX0dCX1NlYXJjaF9FTl9UMV9WMiZ1dG1fY29udGVudD02MzQzMjcwMTgyMDQmdXRtX2lkPUVBSWFJUW9iQ2hNSTN2LXpxdUtxaVFNVkdvRlFCaDFPZ1MwQkVBQVlBU0FBRWdMcTB2RF9Cd0UmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRmd4LWJyb3dzZXIlM0Z1dG1faWQlM0RFQUlhSVFvYkNoTUkzdi16cXVLcWlRTVZHb0ZRQmgxT2dTMEJFQUFZQVNBQUVnTHEwdkRfQndFJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX3NvdXJjZSUzRGdvb2dsZSUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9TZWFyY2hfRU5fVDFfVjIlMjZ1dG1fY29udGVudCUzRDYzNDMyNzAxODIwNCUyNmdhZF9zb3VyY2UlM0QxJTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUkzdi16cXVLcWlRTVZHb0ZRQmgxT2dTMEJFQUFZQVNBQUVnTHEwdkRfQndFJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9RUFJYUlRb2JDaE1JM3YtenF1S3FpUU1WR29GUUJoMU9nUzBCRUFBWUFTQUFFZ0xxMHZEX0J3RSZkbF90b2tlbj0xMjE3OTA1MiIsInRpbWVzdGFtcCI6IjE3Mjk5MDE3OTkuMTQ1MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjMuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Ik9HWF9HQl9TZWFyY2hfRU5fVDFfVjIiLCJjb250ZW50IjoiNjM0MzI3MDE4MjA0IiwiaWQiOiJFQUlhSVFvYkNoTUkzdi16cXVLcWlRTVZHb0ZRQmgxT2dTMEJFQUFZQVNBQUVnTHEwdkRfQndFIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3gtYnJvd3NlciIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZSJ9LCJ1dWlkIjoiMTFjOWQ3NmYtMmQ3ZC00NDE1LThkMTMtOWY3YzBkZWUwMTFiIn0=
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x30c,0x34c,0x74618c5c,0x74618c68,0x74618c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3964 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241026001646" --session-guid=9b28e66e-bf97-4438-8561-28c41a16325f --server-tracking-blob=Zjg4OGYwNDk4ODQyZjc2ZmQxYTg1ZDdmMzdjNzdjNDM0ZjllNGE4MzY4ZTA1MzY3ZTAzMDQ5NjFhZTA5YWMxNzp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX0dCX1NlYXJjaF9FTl9UMV9WMiZ1dG1fY29udGVudD02MzQzMjcwMTgyMDQmdXRtX2lkPUVBSWFJUW9iQ2hNSTN2LXpxdUtxaVFNVkdvRlFCaDFPZ1MwQkVBQVlBU0FBRWdMcTB2RF9Cd0UmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRmd4LWJyb3dzZXIlM0Z1dG1faWQlM0RFQUlhSVFvYkNoTUkzdi16cXVLcWlRTVZHb0ZRQmgxT2dTMEJFQUFZQVNBQUVnTHEwdkRfQndFJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX3NvdXJjZSUzRGdvb2dsZSUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9TZWFyY2hfRU5fVDFfVjIlMjZ1dG1fY29udGVudCUzRDYzNDMyNzAxODIwNCUyNmdhZF9zb3VyY2UlM0QxJTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUkzdi16cXVLcWlRTVZHb0ZRQmgxT2dTMEJFQUFZQVNBQUVnTHEwdkRfQndFJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9RUFJYUlRb2JDaE1JM3YtenF1S3FpUU1WR29GUUJoMU9nUzBCRUFBWUFTQUFFZ0xxMHZEX0J3RSZkbF90b2tlbj0xMjE3OTA1MiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkwMTc5OS4xNDUwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0dCX1NlYXJjaF9FTl9UMV9WMiIsImNvbnRlbnQiOiI2MzQzMjcwMTgyMDQiLCJpZCI6IkVBSWFJUW9iQ2hNSTN2LXpxdUtxaVFNVkdvRlFCaDFPZ1MwQkVBQVlBU0FBRWdMcTB2RF9Cd0UiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neC1icm93c2VyIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZ29vZ2xlIn0sInV1aWQiOiIxMWM5ZDc2Zi0yZDdkLTQ0MTUtOGQxMy05ZjdjMGRlZTAxMWIifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=3409000000000000
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x71e68c5c,0x71e68c68,0x71e68c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x504f48,0x504f58,0x504f64
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3352,i,10538514406117971467,5210629986078002979,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3904 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.206:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 52.29.82.213:443 | www.opera.com | tcp |
| DE | 52.29.82.213:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 213.82.29.52.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.217.199.23.in-addr.arpa | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| DE | 52.29.82.213:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 11199305.fls.doubleclick.net | udp |
| GB | 172.217.169.34:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | ade.googlesyndication.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.34:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | 11199305.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.230:443 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 156.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 20.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 2.18.27.87:443 | download3.operacdn.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.27.18.2.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
Files
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | 7bae6e6a1645b9209787794d2ed953e7 |
| SHA1 | de969410065fb5ffd46fdddc780b4d7c5102ac85 |
| SHA256 | c15c37f9ecbcdfcdc719cae2f01ff2b78e95f65b883369141ca6cd481e06f7fa |
| SHA512 | 275282f62686273cf7bdff93621328858ba6e1e5941b7de2ccb64858edf11ecea0d2d9e3bcbc3b2eff25adfe97cdfa561f7019ced033769910f197af5675d8ac |
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | e5ca26ed2efd400bb1319626eadc99a0 |
| SHA1 | 25c559ebdf3a492c05e120a2ad75efc9f9a5c4c7 |
| SHA256 | b8bf4092338515229da6c8876e994cda6e1399260b4be870ded3a737f6b42af8 |
| SHA512 | 0ec591f8e81ea64eee866e6653a8ee6402d9bf27e50a75e3a2b371a3c57b8f48f1b3ab3c18f117635a5114e307b7e43d29d2ad5833abb37f50f7c54edfd70775 |
C:\Users\Admin\AppData\Local\Temp\temp.vbs
| MD5 | 87af89d4af5901398792d0b2b282e545 |
| SHA1 | 69d3e1d7836df841edc2bd0d22241cc9e62744de |
| SHA256 | a76eebcbf17a9529b504d571159d2c5a7159d6bdb921e1c13a9c0e0a30409d82 |
| SHA512 | 7f81fee722a7a121450455f7673b8fa4cdf9d9115dcc38f3b51b234684cac68011a041f1de8f62d641a5d55fa4f7ac4659adf0d861ada04bcc805e372e99e6d0 |
\??\pipe\crashpad_1624_YJIKERSIDOZCHYIA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8f45c76170ac49113d3a765ea0739aa9 |
| SHA1 | b6fe13042f81819eee28a736448248ba25d92a53 |
| SHA256 | 745ff83d8cb04a76a85cbe1f68a74b6518293eb09cee2a9679119b477d8ed6b5 |
| SHA512 | d3ee44ebf6dda4e4888007d81852168d5e68e7a1e7e5b6b0dcd9f64cf2e327e6f5be11823028b42f7706ff67edef8bef5c23fc4aa3a8afbcc884397c2da5ad9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ec63aaea912351c182b2189ec647c135 |
| SHA1 | c4271349efeb27dea0512405fded1b9006fa539f |
| SHA256 | 9a30d047950f419202091c484418397b3f72165c8be748b737579b5e5c006e42 |
| SHA512 | 045675c5e2aaafd61c75785bcd2817a60bd4f9e6d70929fb1a0112e792c45ac23fe7a2784d6df33895d64dbcab27a8ce6fc7fe5b28d226ae9bb9d07f696a524e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80d786626398b05ba5926bc17d17c7b9 |
| SHA1 | 9673108061294ce3a8bd45250fe2c8df821ee90b |
| SHA256 | 61779e5f331e7e429b38be942671ba9b1a025f14ef61678e0c3eeb3412ec2019 |
| SHA512 | 8b6a34646d825494e9c74a6eeffb4ec512e5bb1d96fed54ed0b4a0fae4f8e0fe28d11ce127c8ddff8d7a4e836d64362cc1059bb8bf0b8d4b49f618f85d31a5fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 356b4371399e3fc9a5865bacbd6b24c1 |
| SHA1 | 671d845179a27b6c099a98e410fea0d1caae6cb3 |
| SHA256 | f859591c33f6ad3799a1b59a824fe9f03ad331b7189b8836caf75bf4afd3a254 |
| SHA512 | 4e6085b93d4d43f77120955161c15b4df59022dd2f06a4df5a796efa4d6a8b1cfebe167c11dcb64bf59582d736b00ae771170c2338e28da686591eb0fb02dda8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6285e9e6-4607-4e33-a6ca-5a837e0360d6.tmp
| MD5 | 7254eeb214a4c5c11c3cf5189d091cbb |
| SHA1 | a5ff24547217e36673036ad47a05b346b69e4e0b |
| SHA256 | a861cfc9e7ce892dc91c09ea4af767c2ebc3e0296864d93143aaca9ed28a20fe |
| SHA512 | d96697ea9f75e0a3268dcd4caeea06492f7a09fe8741202f27b9e9feab8a6437b23e2bed73ee8c29c4fba33e162ac277cbf4f39bcb3b097a03d8855c361aeaf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf0b29998b7e5785f4b627cc11e67e44 |
| SHA1 | 20d471fcdde51e9dd3bc148284897911a9dd7b1e |
| SHA256 | e5ad851995ef23ac47f118eb9b26f06b22ff81fd6e7eec4485551ef9cd70cd7a |
| SHA512 | 6f9b54cd54e73505222b90fc56039b3e9ef55ee3d9a4c320e41498a46ad41be7e082315b667dfb6a0e3cf2852ce3d58d9e814589409363d0c1385b93d1ef5a06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99001433f4ec94a227a13988af8c440b |
| SHA1 | cca00c1db5b2820bfff33b95f85e9d8b35cd7317 |
| SHA256 | b390d1130eefb97f57e478e610dc76c32e946ab9ed9cb04807b01aed33aeaf58 |
| SHA512 | 069014c89425a74d98c0a5230433f891e4b5af2168468a158c15c526741481a2099fbf251b8bf54fcff1defe244761c9f4fe9ff7f6589bb05a67b2406e101b3a |
C:\Users\Admin\Downloads\OperaGXSetup.exe
| MD5 | 3988e546df890d076a0962a46ed061ce |
| SHA1 | 5d1cd8a6ea3e3d3f00c427e0c83981b95ced4f7d |
| SHA256 | 86b6ecd1042c5057a783c0113540a6ed6adad29842b70ba7062f3b09a281f697 |
| SHA512 | 8ac5fb5be71f36e1124e608f5a1160615506102791be46155bbaaf110cbf0cf2359b403ad76029683530a0f57249005d8c6fb864e526a77ee84d235c995ac93f |
C:\Users\Admin\AppData\Local\Temp\7zS47D733A8\setup.exe
| MD5 | a910474aad1eea96921d359e1763d2fd |
| SHA1 | 8f663c05861ce93a1418607bd208c21dc7263237 |
| SHA256 | 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e |
| SHA512 | 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410260016457963964.dll
| MD5 | 94a99783bf5a9aeb8a0c8adcbb144ac8 |
| SHA1 | f5682606d1a3774a44d58a42391533899578897b |
| SHA256 | 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9 |
| SHA512 | f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d072f03733b95b487d5b9e85d1735e8 |
| SHA1 | 1fb425109aed3d36a368ef695c8817cac87cc9ed |
| SHA256 | 2a3bfe51128bc8521b717488257d40f48f1ecd81ed952413516464f6580dac64 |
| SHA512 | bacd051ae1be49607fb36e4a3f9d4a7d869c2bbd54af56745627cf37ff0f26547b19e23de36939890e0e21623b52212dbfdbc9d3f7b769d570fc3c4ad8465187 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fc8e6a2144f2f85090a51f611ed82514 |
| SHA1 | 08823453a85d7a407287f507b5460ea05dfe252b |
| SHA256 | 4c3388aea955a9987013328a507c958a445a8c017005d9611f5757d0f1901c19 |
| SHA512 | 59b511391ff6e48b451b352f0bdd299e89db0677bb52d067474556782a7de0907c2cdc5d6db22a9766c57260916a5e59e3a17e12a52fd6d1140ce7123296aa3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4e96bf0cc6f25b8ab0eaec303e3da46f |
| SHA1 | 9d784d29ab5b432d9e420a377dec3598f3a21db2 |
| SHA256 | 17b3440d2feb5db4df0bf072be001a4fe1c743011ba170ec50d156127111684b |
| SHA512 | 03c053b2ca7102d5195b3dc00ce6942c6e65372d4f251c55ea5ede34ec00f8a846d970b79db390eb990f67f3b05b001d7e408a46ab2f22b0e6805360ba4cf091 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 0c0268c02731a937fbf109658a28314b |
| SHA1 | ba591ad64df6b651ae3583b261a48f57bad46bbd |
| SHA256 | 82531fca51cd3efbad6d29ab4f26627bc04ea6b804a6c0a386e63f03206d6b33 |
| SHA512 | bd15169b756619e7b8a290957706c4d8eee55438f559ba999a8bff372dd66c233c0b129c6053d6fba8f5ed96d676e2805e7eeb1e00307b7874fa481576ce2003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c6daa6dc51535ec52da0c971fb2a3db8 |
| SHA1 | 608a1da1872ed5f9b5edefad5b9160c637645fcd |
| SHA256 | 25c9bd5b2805a9c618a0f0d69a61b011fda6aecec341bccf9b5ffdab529f1535 |
| SHA512 | 5f6bb5ebe815d3dbf30647c615b5d6d72cc860da85a4bdd42b7e6071ceb69543a716bccce87f937ca9399276ef3afce5244e302a4273e6b8af866c49ecbbdee9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a25d7441d410798b4afe083901f77be2 |
| SHA1 | 6e3d6604bf74292d182d9814c8b2048f3427f144 |
| SHA256 | 208e1f2c2e2cbd1cafe3f01f59523245b9fd6169eeba96f11c4983a1b3ddc23c |
| SHA512 | 4775408cee0322ea0fba52b5aad45a6d4a763fad83f44e7fb233322fa94c2a830ad51cdd512860b0199b3c0514fb03431575f906ad3c8fbc122343d37165f075 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 53db0334885f01c84d1efd21dd4e3a60 |
| SHA1 | 23f138948607624b178b62787d5c52aac361127a |
| SHA256 | b7ac85668bdbb3053b4aae50aeaa66ec76b847e23a97c3161bff6dab6ef92342 |
| SHA512 | f4144ae53bab76b6d6b835bec69d799a00130740ac881589ee1fad6c84ed3f6c2cafbac121e81323d34ac13fafa72bf53b6665c17cd4bd41aa3ebe75234a6906 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410260016461\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b83619de654ab1923800ab258460fb57 |
| SHA1 | 0324213b8c0c3a5eb6a928de7f17625daf7c1f9f |
| SHA256 | 71a465155b8c84aec2e6f16726f4b327990f7b4456211e9d5042f7aa21a68c80 |
| SHA512 | 903fbcf3feb5a31e1d5e8bb405b9438a46e2ee5083b328bbcd18ee840c2742c32abff841b99393849f85ac5375c1dc760cef209b581fd998250a7542704a40d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 807aa4795cb77a2a3233caaca622ee74 |
| SHA1 | d86688c87a7b009be0117658e66f3eb670be3395 |
| SHA256 | 34fc365e3f8887003a7e45083e80d920bd218d0d599265f681dc01bcffb084f2 |
| SHA512 | 3c36a1c4f085d300759018601f59a955a3557680559362099b8d7851a4bb7a0ce3154e80e6b389d5df191557e997a12a96059b4da9e584c9b3d4458ecfac7204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0eb98a618b16f5dbcab31c239af5e3ec |
| SHA1 | b443cbad4afeca9a3484f46b5397e50eb87fb071 |
| SHA256 | bec428326743ddae5c2a9a86fad04ed0a25f6e53aaf3ac17a94ea7582ed3dd6c |
| SHA512 | ad2052548f8a6c5fc50f28d3015f1aaa959adedb26f0a2950f7422f0a267764e7e7a1d957ec87c7e8dda86b7e12f65f865c05338efaafc56dcd5a4b0dd23371f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\105208e5-1d2b-4894-9d80-69c1c8b19e0e.tmp
| MD5 | f62a08e333a2196e6c6d6ef4c6e9bbc9 |
| SHA1 | 55c39ba720ec85eccb8837436d8a0b17a6126803 |
| SHA256 | 5bf2cdfa6be953bff0976b7168fa8d1d52e9e75684d2f8c8c20f38998d901d42 |
| SHA512 | 9521b604ca533eeb3859d3b78736c676518fd0f01a6fbd61beec08bb5eeb1c4e49d20545b12b768ec47d1429bf07a5c44b503cdb5b288c6053b8d1d8d7013583 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01a5b9c55cb1382ce0cf18d32724426d |
| SHA1 | a27f0067c3a912e68bc864ee59f5ea90967f4274 |
| SHA256 | 333da0d58871154fb3bd077f9d6ddada27226a31144d20bd693c2a2402f404e1 |
| SHA512 | 7bc1137f3697d9398126cd56193ff013e77ae814d7ba0dd9413980bee0c6231594f368a079801f7a083fc8d9a3d4a5920613342510690fa2ba142d5d2002db58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 270b84df333ca9210c48c3da44b7fe7d |
| SHA1 | 495ef9b85b2a8cb85e1619323cc5bb5756470f6e |
| SHA256 | 87afc8cb3d36e88318c045279fca0363a624404a79ba6d5ffeef6c4d2e7b97e2 |
| SHA512 | 7995d3cc3b01612b8a89b267b1bb31ea1607d69d65cac9eb8de605b7c45cd9d3f009395109038c4742988bf3f358b6bc6bf52ff2e67b59fd175e5f1b6ef151c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8572f539570d182551e20e5cf8c9d8f4 |
| SHA1 | c410ed9ceac3f1bddb3f2608690c14233ef759bc |
| SHA256 | 5517b8d7bc8863cc4eeb4d32942a3fefc8a92df74cd1e176e91207eb49b5802d |
| SHA512 | fe71ae913dfb96b4271e53a290f83433729672518bf9d67be938107fbe67b64861aa6f4c3a1d775844965b381bb3cb62ccf0987ba8ed9249850c2ffa902158dc |