Malware Analysis Report

2025-03-15 04:33

Sample ID 241027-1j13gatalg
Target var-xdnd6hs3n-40.html
SHA256 a9d59121b275f9a60963cfe0d735606cffa9a7b73231297da2162b47d79d934f
Tags
discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a9d59121b275f9a60963cfe0d735606cffa9a7b73231297da2162b47d79d934f

Threat Level: Likely malicious

The file var-xdnd6hs3n-40.html was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Looks up external IP address via web service

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies registry class

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 21:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 21:41

Reported

2024-10-27 21:44

Platform

win7-20241010-en

Max time kernel

119s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436227169" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000026c46e291acb11636298b929b233482598785d00096a70d3eec0327ce82d0158000000000e80000000020000200000000f6502ee2583494c1d8fd43ad74f44851f220acad7e836fd82a670a47b159c962000000040d1b315af0f5325f08c4a2bc4062302a804deadff38d0806f4cb3f1390d1c3540000000e6c7a083eff4d978a093f6e44d0a7ca409056a6dace3d6aa7284a061924fbb2a46ec0f82ea1b6651f725b7eb2b07abc99edfe3ef7d32a24be22cab969f495b58 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c067fc17b928db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000068405b1bceb51d47b74bcab9a95c13f26b47ebc07f0ccd381e2e367dcf3abe9b000000000e800000000200002000000031efecdce7187c320e8f8772628dd22ef8217f07f6a9e7a7cd1b43fb3807e71290000000ca82e23d1952c316a819e007b8a9323ba967e4d6c471b575d66b6fa882d4416c5cd54cde3a5d66b0b950b9243b4e4bcc14223208d15e4c73fc9898c1d5969a8976ee5265335c553ded0f4c107368074241c2c4b61c28e97d038c51a435d70f76a74330184242afb16b40b934e2cc3a7b962ae6dc88ebeada7a5e9072997aed653b609c4e0face2589c49f24fe3a55f0d400000000470dba278824ed950012d9ad5cb5a289ac9d595a60a3bc0a261e155329818e6eb8045a19136b692333a398fcb26d4fc7e9535b9376fc9cbb9d73b3e0abcb03d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40BC9811-94AC-11EF-AC67-6252F262FB8A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 utopicmobile.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d13pxqgp3ixdbh.cloudfront.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 locked4.com udp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 resources.blogblog.com udp
US 172.67.160.78:443 utopicmobile.com tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
US 172.67.160.78:443 utopicmobile.com tcp
US 172.67.160.78:443 utopicmobile.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
US 23.22.126.183:443 locked4.com tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
US 23.22.126.183:443 locked4.com tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 172.67.74.152:443 api.ipify.org tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 e6.o.lencr.org udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 2.18.190.80:80 e6.o.lencr.org tcp
GB 2.18.190.80:80 e6.o.lencr.org tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD453.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD454.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9186a444a95240c2b5e753055622bd3b
SHA1 74238539c1bc429803ca800539927246a96544ad
SHA256 714b1c133ba1264eea67ad6ab95b943ff412f369bd2d3c2ace73683d25312e19
SHA512 afc6dfbbb4e389e0c614b66b65575b7d305ed94a46465a511dff3dcb8e55547a2a62a30c3afda7388db55b5354456fb2d1a006a21a40e5df556f6ee4d6adaae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0a5a2139f577781c85ae42ff88283aae
SHA1 2a99fc68ac60def63e4f18007736e62f72f433aa
SHA256 47d6effe966e3ca1f209d0bacbea226c50a4c0dca6bbd512af29923d5334ffa9
SHA512 d21bcce8c48419208fb907197c3e7a1b299783f1a941c69da304524c82dc13c4c64ece482d77af7b27d7ee7d8f64675a6e9ad03d82119b95aa4f6fee367f9154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1dbaf05269e57cecd95c103ff2e97cd5
SHA1 228b423f002ea383448a66b387b5c8d4e3bdad00
SHA256 bebebb51cda0a80b685fbcaf6d042c621cd76ecf9e20a163439fc6b06412368d
SHA512 d40d70029ead32bdda7a1aabacc71c4ff45e808916039c57d232a444c22f420ed9e6516dfef5c327975d3ab557a47e31bbcec3bf0b727899e05652a7016d5c78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 f2bfbe02f3d7331e47d292374bafc577
SHA1 70866a7b993d2d289fb5151b41d708a85bf43721
SHA256 a78fcbdb9059fe4a101ee58cd6f392650ae30919a7f5a8da8eb65e9c807f77fe
SHA512 4f675fb363276df45f32053c0384923a069a0a7b04ee7020bb8b8aadf1517aceb1b3eb79cb2e9db846dc70d57d7ac0aa2cfc1e25d00f7d75160b3387219ddfb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2336d249bb2271a30fb62d733dcc96d
SHA1 2163d08bbcc58327fb7ff01eb9963d9f06119921
SHA256 a72bb33a21bf5e90fbbef9b36a25a2553624e9b5cb65e8cf65ad5b7a174be40a
SHA512 c5c449a07f90297ead2069d3a8382006d0d2a5dd40d343be6e182d31125daf97ac537ffd0086b213da331c2572587c5df536b6a5638250899d8ae8e19672b9e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311

MD5 c1bd77262f852d471364ec25356b6cae
SHA1 9a54f6ced676a617a796cacc57ccfe3700f6b22f
SHA256 5cda60860f5ba0f7b0e7c1c204f39f4bad91b745c81609681632c90a88256744
SHA512 0fa99c4fb84b507c61201b80122b29e8e6fbd9421bc6920f06c7e0d271eab01a24c22e3e8512996515316bdeaf11e40c4268b0144e4e9fc8cbdec85bf2a2470b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d12704f19f43952511b9759c41381d90
SHA1 a5566e26a0bb2fbd64496e68f308af34e0006913
SHA256 00fbedfb487eaf26820bd561186ae547ae1a85da423395eed35a945cfd04cc8c
SHA512 89dffa72f8f39ff2d397d614bb3166ad62c81eca6b23096d394537bb6d73177d1b3bcc5a66f45f6668a7121f0b20a33bf6c1734d33a2ce96581c91b0791abfa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 ebaac85d5a25163462faf7cf52481c5b
SHA1 3dd7d41e1bddc4abecdc9dd3bd04cad8b94b4391
SHA256 6110d46a07273df78a4b1df7a7ed86d5cba3cbbf14d9bacfb60c2e73160b58d1
SHA512 0a6da59c182566b154256e093ef5ce24c952055442adf05a9e51b8e3e8c1e237363ce2d68544dc5d5e9e15a1967ff1825d275a002c526643a66aaf80a2f43a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b427c0cf5a130fa06e2c2746e0b25d1b
SHA1 3a8d8972f61cc57bf5f00cc59e1e2c0e80cbcf4e
SHA256 4e59df5c36112b7e28728e55894611bf994fff3e689c64a2fd8ff4ff445fac49
SHA512 830b9bc77e6bfd1854a08467e96c2170c24ec28f1b152a40de96ad90af8f879eaca3b001f813a2ab99fbe47ae9a2267bf5178d7708a9344fe1fa5e5dd9c919f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be3bcac6aa83b829f795aecb7ddef36e
SHA1 f176b4dc0109ead7c980d1d5c381cb62250e4304
SHA256 6e9295b1a7a0214c7a94d60d4f4f30f2f56a18dbae62a5174cfd6b907ad12595
SHA512 c0d726878bccf1495bd31536cee75904bdbe5cadc63afe4e4b124c023b69c50bd60e14d05c5bbe6c7b28310e78a292fb5265d13f2e8930d08c1f2847a3b2f2bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e39ce3dab723067bdd1c8e640a1a4c7e
SHA1 f1472664d9ec4d1effaad6441aac0b4f4920fb5d
SHA256 cd71f4533540e88669e169308e5459a25ac0852f026ea73126cf68b639cf6f3e
SHA512 43a6e827f68a8b22e417bb224159b94ed874ea4da7b7d3662c12a6fa26f675dad01c4f51fb0d360e29a7aa0c89aa9cc968f18ddfdbb97038d4958ab5077d9ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d65d2cced7db4f24e8c8fa61755ada5
SHA1 0e11e2a9493e6c7c2718e5b4cd62cede973b3df4
SHA256 d19fd016e8c69bab6ea4e831349364da388d50e9557e369647f41ee4d173fc7e
SHA512 be18ce5c6af5bd1a4656f1572cd47064a886d7e43ce6e1a8ea012d4419c2d20f6deb5b94c76513a05ac36dfd8b2f683fb695e71fe78baf039009365f38d08568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46415e60daf59bde8ea3cee460e668bd
SHA1 ab07326d67a2b74fb7ad2fbdf9738d1348166f3c
SHA256 205c219e2657de9f9850fa510a0d8cb2bfe12a36f79456b1443151ef895aa4b7
SHA512 534807b22c8f612cb47832be8e1e69de43f5ec3fbdbff42390df803b2f09a9b4070bb6029b745810d35adf1c87c4ce844d5ae00832c76bfbed416ef6d63d74b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2ad3302b0b26a99ea7866ad13ce5108
SHA1 9c5be8f47c4918a390f20f32fc1a0ae42ba41103
SHA256 f5853cff98c91bc0c21fdf1de323b9a38f19fe82cdf3bcad61a08f73755484be
SHA512 476a05aca93dc1332c58ed97814e5f21860c6702782f5a24ce47487ceb165090bf771553cd8f1b51bab911d89aa158f2b202d28a1971fa11ce63fcb3697f1d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2e4017bd51e0eeffc824b6705c29714
SHA1 16d4a87bd25e209f109eee232d44c4ad34067023
SHA256 9196d1e921a06a7beed9e0959fbf97fc748e15abf3a64bf59391b8559b1abbc3
SHA512 14da0a28a6efe4bf2b11774cb88d03b00df0afa7e4d12039bca430f04534c800e20283fc686b9199d8ecca1f3d41e48d991d8ef35fbc1326c040b9ef0e5b1393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29cc2e6787a4b2e448734c6e07e76354
SHA1 591f0988adf1a56b667cbf5765589a17ce063bb9
SHA256 5c8577eab08f5277bdf0bbddceaa3259d93d7cac98349cf91d62afe9703c04af
SHA512 2fb3be02059bb922123808bb5e6010f989c3e08d015fb31028a1f2babe8b60d75c3cdf6c667d739550f1cb2798bff6da506c292c72f4ba185715c54400c31ed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0342edad10d5dc739d3a806401a232cb
SHA1 25e620423632470d720ae6351424adc72498ae36
SHA256 c24966f347f737cbbc544c4cb5e6267a7175ec7e09c66792c725fd0c3a6c85f5
SHA512 0c252f5167952e9078f5377ec78ba6c8c154b6d458fd3d8b3dc0a2c66240fa7be8f1cff507e6c0d2f3385f9ddc971ee3fb208120db4549335d7832d2d3be1a50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e9291517ee4e78d9431f3e9b296bcd9
SHA1 951f045b776ed00ebb457bec78ee604b6888b279
SHA256 bf7ba2a0ace5eea2a17738c75eab4654eb18b967dde646166756551752464382
SHA512 80e2652fc8652fbb84aacd1de10b6d5b559d9d55347617fbf1ba786dc9127a12d91882aae9a064c1981b7d07adeb22852a7d4f5c8524628bdcc4ee1a963a7352

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db915650b63a61c193a5e0c6bada28f8
SHA1 c829b480b69312eea76767f3bbc2b9e0fd1ec102
SHA256 84ebff8e000f4f3ea9c487f1d1336660a128524ae8e13791f4a5fa404ef5f0a5
SHA512 210b8171e7d14e7eeed00c8e837a145c88085b3ea6ebf9e17736badeaafd5db8e1fb59398547aa5ea64ea0eb2f1df83719854526b83273cd5135389d39849e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74723e9467092af3220a2fe80e1a2b5
SHA1 2714e2b160fabea03d09679b2b59c4921a3d5059
SHA256 f1b9459ec0298aabbe260df678895822d4cdb383ca33b5c18226b3ca6b1931c7
SHA512 3e8b3dd71583965cb5deb425235a3d5d471a5edf1a41919d711b77b409b1044b8e766c5915dc44296467cde55b578265dd755f6b50e53c1977d1fb0b40b485ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39d4a69f50b9fbbaddaea5f52faa1e44
SHA1 443b9322986a6b61165fc34cc6545c4bd5deaba5
SHA256 96266e59f3d5aed93184ba43e6e958d9c2aae066d517b7439297d78ebe53dd77
SHA512 f781a24d309c6ae2554be7f7dbfa12ee275e4c94db90659260dc64ae6901f90346bcefa81ab4b4b7df086c835edc77af3021c236b7923918bd3d4a4120089a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fa2923ba557848cfd8046e1879aafad
SHA1 bd2f4725d18c4f5452ee329f556d2b7b79fd4dac
SHA256 e0a757cacb192eb3d6186efe316183612e825bd8a24c2c04e936d7dd09d19a82
SHA512 53bd3f560b24a7e221a63aed7796a334be53f4b06b8af9ddac6cc53c5faa6b9fb71f7271abff5480afaa21c6f5a729b3cebed8089f51fccfff0e11fe4ce04e0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89514893cf1ada1ef48cb685b70c74dd
SHA1 a290f60d68e747d59e2d7a4b1da390b90dd373c8
SHA256 04019462edb11252efd1a1c80e937a883e0fc9e7b363f1b4217b3d8acd0b88b0
SHA512 d400adf32f7a7a7cd92f6e0ae3bb56c563241210d068732338006179f2f15619245aa167d0debe1d5cf05216b57f21131370309cb4e9634b6cc6b581401974aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac61596bfe5f6d2054c79aadb6f1e216
SHA1 0b0a0c952955d72f35f9afbb91de31604eef352c
SHA256 8732df1744618f8b81caeebd9b0b3fc7d9690c085f4650b2e21b413054376677
SHA512 1359f917771d7415ff7ff7a82937e884af029ad150cbf3bd2fbea2797cc485d332910c18700ae3fc7756903b023bb63df488f3011eff57f9e84f8c763f271cab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adbebff787468f0d4f410c39102a3bc6
SHA1 e864f0ac3cce805bb1cad6b8e1fcba5f384024a9
SHA256 3abd179d525261873fbc5582cfb74fa24d7d4bc6487d8884748587ad19a0ea28
SHA512 9b817faba9487a87581ad65f6a0d219e264c3cbcb8fa2262367d040f96a7b81f6b354ffc363213f94bbece597ea0f27643e5abf8eaacaf2704ce0d67473bdcb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c31b25cf34117bdde0df18464053ac9
SHA1 501548effbd74922506a1171fe2bde1d6fc58ef2
SHA256 6c608df186848726f7c07e330e48de615c4dad211fa1a77fc374f421b155caa1
SHA512 b5774d2bc37cb25446e3651ad75fe0492811c7acc163e7e4c0456cdd5a6c6177f28e428ad0182f7c62888f86355334825de604c94403191a251aac6ba332462a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a383db1c220a9d7aa650fd554f72bb04
SHA1 fc3405030ca01bdfe52bced6e266b85e94ba5fa6
SHA256 e588849b68088d68610975efd80519b797240ec9fe72999868ebf3ee08b6b085
SHA512 ddc9f84b1b712ffdd03f79bb07920ac71dd32233d8545525a005b955e34ea67d4971efa87e922ae445182205e79e9747a78fbdc83673fe6dfc4d429695ab7488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91a7ed6730d5ed905187be044cbfeb5b
SHA1 e71d69540192b88312dd457fe40dadc5432be0da
SHA256 45c46a54d76ba8871d517b98f99b9f0bde0372681341cd560062222cb9f93f63
SHA512 e1de8a9d01e481ee9be93f0da7b367d7b623b10428fb4b9720e700bd0f1756e2a83375e6633e6b70ebeb718bbf6cc1f97a94577ec343c3676f4ae3f34d3dbe38

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-27 21:41

Reported

2024-10-27 21:48

Platform

win10v2004-20241007-en

Max time kernel

436s

Max time network

438s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "157" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 346745.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 967441.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1808 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1808 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x330,0x334,0x338,0x2f4,0x33c,0x74e28c5c,0x74e28c68,0x74e28c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==

C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x72678c5c,0x72678c68,0x72678c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x11b4f48,0x11b4f58,0x11b4f64

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==

C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x71a38c5c,0x71a38c68,0x71a38c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==

C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x71a38c5c,0x71a38c68,0x71a38c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1608 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027214451" --session-guid=a2ff8f8d-21be-496d-a2dc-956ca434d53b --server-tracking-blob=OTVlZTJmNzUwMTNhOGI5YmNkNzNhNDQyZWI3NGFiOWI3Yjc2ZGM1MjMxYWU1OTFjZDJiYzFjMjFkNzE4M2U0ODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDA2NTQ3Mi45Mzg4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfTFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6Ijk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImNjNmNmZWM3LTY5YjYtNGFkYi05NzY4LTg5ZDEwNTYyYjkzNiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=CC0A000000000000

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x33c,0x304,0x340,0x71a38c5c,0x71a38c68,0x71a38c74

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa388d855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.227:445 fonts.gstatic.com tcp
US 8.8.8.8:53 utopicmobile.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 d13pxqgp3ixdbh.cloudfront.net udp
US 8.8.8.8:53 locked4.com udp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 172.67.74.152:443 api.ipify.org tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
DE 18.173.226.217:443 d13pxqgp3ixdbh.cloudfront.net tcp
US 23.22.126.183:443 locked4.com tcp
US 172.67.160.78:443 utopicmobile.com tcp
US 172.67.160.78:443 utopicmobile.com tcp
US 172.67.160.78:443 utopicmobile.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 217.226.173.18.in-addr.arpa udp
US 8.8.8.8:53 78.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 183.126.22.23.in-addr.arpa udp
US 8.8.8.8:53 77.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 142.250.187.227:139 fonts.gstatic.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:445 s10.histats.com tcp
US 172.66.132.114:445 s10.histats.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 get-free-9950-robux.blogspot.com udp
GB 172.217.16.225:443 get-free-9950-robux.blogspot.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 locked4.com udp
US 23.22.126.183:443 locked4.com tcp
US 8.8.8.8:53 sdk.lockertools.ai udp
US 8.8.8.8:53 cdn.synthient.com udp
US 8.8.8.8:53 cdn.locked4.com udp
US 104.21.35.145:443 cdn.synthient.com tcp
DE 18.66.248.104:443 cdn.locked4.com tcp
DE 18.66.248.60:443 sdk.lockertools.ai tcp
US 8.8.8.8:53 145.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 104.248.66.18.in-addr.arpa udp
US 8.8.8.8:53 60.248.66.18.in-addr.arpa udp
US 104.21.35.145:443 cdn.synthient.com tcp
US 8.8.8.8:53 ws-mt1.pusher.com udp
US 18.233.61.187:443 ws-mt1.pusher.com tcp
US 8.8.8.8:53 187.61.233.18.in-addr.arpa udp
US 8.8.8.8:53 sockjs-mt1.pusher.com udp
US 52.55.106.120:443 sockjs-mt1.pusher.com tcp
US 8.8.8.8:53 api.synthient.com udp
US 8.8.8.8:53 stats.pusher.com udp
US 54.163.133.251:443 stats.pusher.com tcp
US 8.8.8.8:53 120.106.55.52.in-addr.arpa udp
US 8.8.8.8:53 251.133.163.54.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 23.22.126.183:443 locked4.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 go.rdrclk.com udp
IE 34.253.72.70:443 go.rdrclk.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 18.154.63.32:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 mr.macgsapptrck.com udp
NL 34.141.179.97:443 mr.macgsapptrck.com tcp
US 8.8.8.8:53 get-gx.com udp
US 3.234.128.252:443 get-gx.com tcp
US 8.8.8.8:53 70.72.253.34.in-addr.arpa udp
US 8.8.8.8:53 32.63.154.18.in-addr.arpa udp
US 8.8.8.8:53 97.179.141.34.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
DE 52.59.128.198:443 www.opera.com tcp
DE 52.59.128.198:443 www.opera.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 252.128.234.3.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.200.46:443 www.googleoptimize.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 198.128.59.52.in-addr.arpa udp
US 8.8.8.8:53 193.217.199.23.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 52.59.128.198:443 www.opera.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.212.196:443 www.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 74.125.133.156:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 196.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 11199305.fls.doubleclick.net udp
GB 216.58.212.196:443 www.google.com udp
BE 74.125.133.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.230:443 11199305.fls.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 172.217.16.230:443 11199305.fls.doubleclick.net udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 204.79.197.237:443 c.bing.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
DE 52.59.128.198:443 www.opera.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.212.196:443 www.google.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.65.140:443 www.redditstatic.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 2.18.190.136:443 snap.licdn.com tcp
DE 18.66.248.106:443 static.hotjar.com tcp
US 151.101.65.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 151.101.65.140:443 alb.reddit.com tcp
US 151.101.193.140:443 alb.reddit.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
DE 108.157.4.122:443 script.hotjar.com tcp
US 8.8.8.8:53 140.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 136.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 106.248.66.18.in-addr.arpa udp
US 8.8.8.8:53 140.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 122.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 142.250.200.46:443 www.googleoptimize.com udp
GB 172.217.16.230:443 11199305.fls.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 autoupdate.opera.com udp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.opera.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 82.145.216.15:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.24.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.24:443 download.opera.com tcp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 15.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 17.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.11.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 89.11.18.104.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.201.89:443 steamunlocked.net tcp
US 104.27.201.89:443 steamunlocked.net tcp
US 8.8.8.8:53 89.201.27.104.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 steamunlocked-com.disqus.com udp
US 199.232.192.134:443 steamunlocked-com.disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 151.101.192.134:443 disqus.com tcp
BE 18.239.208.63:443 c.disquscdn.com tcp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
BE 18.239.208.63:443 c.disquscdn.com tcp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.196.134:443 referrer.disqus.com tcp
BE 18.239.208.63:443 c.disquscdn.com tcp
BE 18.239.208.63:443 c.disquscdn.com tcp
US 8.8.8.8:53 63.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 realtime.services.disqus.com udp
US 8.8.8.8:53 a.disquscdn.com udp
US 52.5.112.135:443 realtime.services.disqus.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
US 199.232.196.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 49.198.232.199.in-addr.arpa udp
US 8.8.8.8:53 135.112.5.52.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 uploadhaven.com udp
US 169.197.82.18:443 uploadhaven.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 8.8.8.8:53 18.82.197.169.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 kinarilyhukelpfulin.com udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 ordinghology.com udp
US 8.8.8.8:53 ukankingwithea.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jecromaha.info udp
US 104.21.80.165:443 kinarilyhukelpfulin.com tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 143.204.176.76:443 getrunkhomuto.info tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
GB 18.244.164.40:443 ordinghology.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 103.224.212.215:443 jecromaha.info tcp
NL 173.194.69.84:443 accounts.google.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 d1vy7td57198sq.cloudfront.net udp
NL 13.227.211.2:443 d1vy7td57198sq.cloudfront.net tcp
US 8.8.8.8:53 loaksandtheir.info udp
GB 54.192.137.82:443 loaksandtheir.info tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 165.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 190.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 76.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 40.164.244.18.in-addr.arpa udp
US 8.8.8.8:53 215.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 2.211.227.13.in-addr.arpa udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 82.137.192.54.in-addr.arpa udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
GB 54.192.137.82:443 loaksandtheir.info tcp
US 8.8.8.8:53 vpnbest.cc udp
DE 207.154.213.139:443 vpnbest.cc tcp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 www.savinist.com udp
US 104.21.77.171:443 www.savinist.com tcp
US 8.8.8.8:53 139.213.154.207.in-addr.arpa udp
DE 52.59.128.198:443 www.opera.com tcp
US 8.8.8.8:53 171.77.21.104.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 download131.uploadhaven.com udp
US 169.197.82.27:443 download131.uploadhaven.com tcp
US 8.8.8.8:53 27.82.197.169.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_1808_WYPFPGKRYAWECZPH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 294b6d4142095b2a2cb38cd99c566ea2
SHA1 b0678371307e9269d26a176daea47a031cc6096a
SHA256 34e818189c373c37b768fea2f089d05a7f6234379b0bc26ca7db44f475ba3b9e
SHA512 695e47ed8b6e694e954a2dd0ed799b487bd54b29550870a1c13fd0a21cf5f6692cd9b3cf916eb5d1a1d8c603e0512ee8c3f86f73f6fdf6d563a04e8986c23a41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 707e84c7767a731ac5e27663e661cd6e
SHA1 369d8946fd36a3bab92bc743cedc080b7a6c7f2b
SHA256 53f1504f37b51c835563cbc6504ff82c1bfff663a0f079faacca42ac86e60d84
SHA512 306bf070851fc6f6fb5516b409e88406f771315657f470392ec0ecabc6721a5f5b9ab71f3fa7e7ecc1067d75fa9ac7944d3b987b24708be504b206b7431ea557

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf0e5eb1fdd9b564246dfd5988d64ba9
SHA1 6dcd1eee13cb0391966f6b2fa64d2e5dcf383ec3
SHA256 9c84db5651de53e3e7f168ec828dce216d67f7cc358d0e2e070b22dd54e45aa3
SHA512 8c7535353ba8c8627adde3886dfe399fe9b6edd14a5dd5e4efd9be9f1e9fb1ad32b252ce9696f5346606a357e1dae558ba393f1796b73da58215d92dd501ae73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dfde047840c35bde76340ba387241ebc
SHA1 d45833b8ed86890c69055bced8c1dbdce79e3b56
SHA256 600f94c32262308e9e609159b202934cb57d59750b9e5204991901974874844a
SHA512 ad36fbfba2a6a287c094588a5d9ef6c0c22d6a9879afe362a5a4198e9640a1114e381b19acbdeb3369b944e4b72f50945ea8d5920c1fe76888d579f5d78a834b

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6599cc825dfa1d6f9bed80342df15f04
SHA1 8e0551a54057ab86e4e499b33d58ced7048ce854
SHA256 b0b0212159bd324ab42b0214a5566a71b6fa6c5d2e7885e6d1fe5ddc0d00dc74
SHA512 bd08bcd3a71ee4fa92eaedbe868a14e125e71169b9616bc035a71da8289a43fbeb852f81d1f2ac29754d2246ce6f4d290f0ad5f87df036211a1b9963246daa57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c89b280e7060234c25bab48698346ed2
SHA1 83a26fa8bedd71527ef822b2a35b3ce1d5628fe6
SHA256 2a7014454f1545a7b71842c4349d041f5db7ff0e4ccd4e099070d6e838a084a1
SHA512 350121113c3aed8e210f33daaa9130febedea21778121f9a54d1ac938beb2149c63396ef262cc8b05d7f62c8ff4d69da21b42183293e4ca7cf90f6e9a1ee94f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 160f403baa1edf74cbd96712d75597c3
SHA1 1c70e526bfaf1666329743868f5c8e70cf16f0ff
SHA256 743640cf70a224857885769bbd4efc033b02e92daa8acea5c8d523f8de50a6a3
SHA512 96403abd1ff6887ecb5a4b75bc57ea6f9fefccc90494097accf6c5917d2844e8d222ec2abcb68f292417e7dfae165a9a84548a453b561c8c23a690fcfd65523a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591dfe.TMP

MD5 76eba5d9f1989e2a927c2ba7f529e17c
SHA1 72252e0c32cd6ec0561cf35f8c01a3e766fd8698
SHA256 1072493b20a0bdf84685dca6dd25e0e2dd7bcd80862bf886cfb4770a12f146bc
SHA512 2d21969c95cf1a23e019378f3e0be91ddcad81e9e2b38acba3f83ab5d96932f0b88fc1a918738a5d54587b604922af5b676a4bb3a10b5386efaf1ba67946ddda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2166b9c3805992de2637dfebde11b54e
SHA1 e8310fa76b6ad211a4967c820682f0a117377dbd
SHA256 0386fba0165e954a60b2f9e9732eee8bc82f8c89b3fa9117dfdf658eaf244c97
SHA512 88c582c1668c804254e32ee7dedb2d5f5fdb71220e561d5ccd467f610c72f19ad62afbdb524f998bc0571b641c7020fba2d057ac9bd5bc5fde7bb43a8dba328c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ba97f0dea15b440355648a7cc4009ef
SHA1 a5edc56a2df502f9b3d6316f7023a5c355ef755d
SHA256 4cfaa6621994353d9ece6863c4e4b577d3b51adf3024056d9e5989eec0fd3687
SHA512 8eee2f87b94f8e8b16cd16c55e3a476d7266a5f7159ff8e01dd335329f2c4a6a119f85f8af6d163293fcfddee567f628c3a5522aa664ecd57606d61729b6d608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b1bed0983c74bd82294b7718dc58095
SHA1 c9407f9c1b2f2b71ed510f12411bc1bedded00a4
SHA256 2ebefdfa7a243b844e3cff8ddf1754b2a74e62e004748e9108532539a2273bda
SHA512 494e3537cf5395e0161bdd98a12478ae91be9eb7256cf4e9878fca8d39b4f368c5ea8a26f2c09ae0ed5e0fda33bcf37354d901fb9ff52dc48c74fc240057a78d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e4c5d98358636c726fb83dc81300616
SHA1 a7cbb83f58b175775c0884ccb2e33bae842dced6
SHA256 f4257adb8017e4e8769e754e7065fb697f78852ef8ce1e9ed23e09e95cfba3cd
SHA512 735b3faa646dbf9a813fc86f04624b454189fca5404aff2e365722650909a018f6a16714d6ed99655df09e487b2395a60ea4c7fb69c7d98c90ca8cae166c39e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55bc4ced8f08ab544f65f0fec67a1d66
SHA1 2b7ff099eaf2f74791b81a4aa3585c63dadc19db
SHA256 5a68957418e57fdf0b7c6870806446be081cc6eaaf96adb24655749fe15600b4
SHA512 a8ac307127c83896abf9384ff3f687236eeefcde424edf2695170d1a128e3bb1abf527890c9650cbaddf3ae6009aa5d995bd100e47f0c22f1fff05cfd8a1e8f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 31d22f287dee0bcfa3267005073860c3
SHA1 e8e9d2366195a96e8c0ae64b92e2958e087d346a
SHA256 fbd719294726c6789b6816f852e307d75028e8296f555426fe257d8cf2f738c3
SHA512 1a1782b3fd0ba627eed17e26f8d914ae7d080675aa342e480f693c029985b1ec8db90503cef01305b08a8b38c535048569f8ef1a2365c4bf840511ca66ffbddc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596ff6.TMP

MD5 1aa0dbff6e543104c9ff3fb0922f8ba8
SHA1 4f0cbdd953f927de4c0dc83065143ef6465e98a0
SHA256 22fae3889409afd12c629ecf2214e3f5c7cb9115170a084f855e962ae152a4fa
SHA512 2994366e13900460f1f1b1f60cd95891388ceaf755dcf5163531a18c51a76949fd3795c5628650f92b8cf001775d264943f46ee4e695d4eb1cb54466f4288f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 09d0adccd5880c2861ed425d2a8ea6dd
SHA1 c879761df0317b37560f8b3d81653a3454fe3c84
SHA256 659f027b09190376c06ef7ad42ebd90820132b93905d175488b4a21d140b50e9
SHA512 220d8ead522e2336cdca8997f87e1294d26e0ba5abd410118f05e51a909c1494171bdae9bb335af940e9cf1aa58d4ed7ecb8cb8d18fb2709c16e83cd61ca6c68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d18d75041def9792ea050ce6a4bba23
SHA1 a8b55993a0e6bc6658b715e6d3e015c3df25b5b5
SHA256 01e6692c2aa16f175b62033265b0a8263ee8045f25967b7dcbc39b9b5d9f16be
SHA512 fbc6fd3528af5066a03681c20b5c3ad27b1cb96bb27e12531a9aa6b047e3706a441c5adf9f96569d0a6c04c96a567382290068591c496eb642c671212fc5daa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8a9d675-6959-4fce-b000-81364347b73f.tmp

MD5 358c395887a2d512a0c943e7f3177aac
SHA1 9e2c1712b878acf399128e2804af1930666debb1
SHA256 02eb46e2b4c007847e148d147eb8014bcbcf1352f975e0ec60d6881e52d926c7
SHA512 d14720277cccfbfcc5f4174ffa2b1b69c243983b1d880399c4b040b9e5521e035e51aa3fa352e74b74a0c6a301b49942c3713e0a76016064a1aa2575c4e29635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c5f8f753b472d1ae7d212a9253ce973
SHA1 21e17e0408895e478decc8fceb8a590c485bdafd
SHA256 48d0632435a089231b5160acc1442fbe0ace06be023bb5fa31ed9d905727aa6e
SHA512 29752a7b04c15d38920d10804697a2ea25631019bc852e81676292e2d97cd4f806227ac0ae89fcd70b40ae011f4a4ede08a896513794efcf3d195752cbfec047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 5d3e2737abee42b9158377a19e073a18
SHA1 c2ac84681ba6eff8ca8748cc0254f3fa25bdb4ab
SHA256 44e04f62b95272b42d61c49187bcf5ca4767ad1be29c2e04574e6f3a32ef37f3
SHA512 404c7db90a638ba50588e9e494dcd907009e3eb40c373aae739c965fa0c8bc7fea844cd02ec3933ceb6b5d539a7bb7d94b6c7316efdec91b9a509ae21157b345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 5a29b8b7b2d5951121a17f39308b43fe
SHA1 71df5cb5b3dcc5bd5b1e6060d4164be93cf6952a
SHA256 5ce1acc67bcd73ff2308293361cac90edecc2a257e5bd84b6c7879d3742e2ceb
SHA512 a761f4f30438ef421421ac52adda2720accfce90296477321624e0f1d6c6288ec4d4feabb730fc6cc72355c7ff29cc46b8f419648e5e3efc7475ecd7d12a33d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 027f69f1a1bd7b962e4a5307769d6bd2
SHA1 be0e91290afc3e31c3710eb3965b2269a70842c1
SHA256 972c33d392344ec6e3ac678c766c9505a259f50dc22d06c5fa0349d29e544730
SHA512 3754104d1d5b6aa978dd6d6cab7c43318e74df02e550a400538bd44328ae3249cbdb126a5747daaf1d0b8672f15613b9d1236bf21881933c6f6890b3fe39441c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 bdbca6cd39a21b94af5e37a7d95cd7b1
SHA1 3bbd7a9c40294b9f26a7fda297a07cf68f4274a8
SHA256 fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50
SHA512 930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 3f847c382a2326d5c67fe565c6f1e23c
SHA1 ef180a6e03eedcac3f6a7fd4a46b89462ffce5d4
SHA256 4f31c125937a2a07d6ed82bc9f7ddaa6c6f4d4d09c5839bbe5209c23c21097a6
SHA512 43be979b42b9e6a434d8014d030a2f4a77c8c255841b5fe39ca7b18c71a5d4fd26bf2c51e69b88c6acc1f66a3a331e031bf1e94e78ed9c1773adc1d6b1c3e139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe2fc74c8da2730fefd166e08ac5f560
SHA1 b85614120c9a9fe4e83330879325d6d1cb8cab0f
SHA256 598f4c5eaee9177aa2a6f60fc754d41830ed8f82c9ba662926928f87f28b687b
SHA512 c435c4f370c0a97bc3e9eb56ca8ad015313fdcd82be8d0a873a707de1f5522fee9e5d534e356cebeb24acf75e884466bf432741c03eb5687a0de368201648d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9206d7630326d051f5d0fda69dfdf72a
SHA1 03bc82a7b8985384d7816d7676039f50d9ca8e13
SHA256 90faf5ca51ea013fa56ebeb2b564831709388020a07831a64b11f5c98020a9f5
SHA512 cf95ef42ebb82a377e14702763273e867e0d40808621439ea1d4abf1db66d511101ade66548db6fb83635934783866ee7f74db89a856cb5c20b1c2910895d756

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 bc70b7d45b3687b6745deaaa4cdc441f
SHA1 24cc1088fdccd3a1f29930c8206e9ed93dc8a4ec
SHA256 c1f67a4763e8061e95b277b9b1324738d1b02d0b7cd46ad97f179c34308c2b19
SHA512 f4c3e5f1fc4400215fcd692f7ecfc250bafa5953a8635b52ebb454d151a30e1cc11c6f7f09382c372954f3eccddc28a5181d9f99e832a3a69563128cb0b76582

C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe

MD5 a910474aad1eea96921d359e1763d2fd
SHA1 8f663c05861ce93a1418607bd208c21dc7263237
SHA256 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e
SHA512 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410272144489421608.dll

MD5 94a99783bf5a9aeb8a0c8adcbb144ac8
SHA1 f5682606d1a3774a44d58a42391533899578897b
SHA256 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9
SHA512 f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea415f646c1097443fc8de18b873d225
SHA1 27c169c3c1b1987d071c43e514256cf0e5e0f8a5
SHA256 bcba7d482d608564208b90dcaf767827efc5380fef60b8a275952f1ce151a13f
SHA512 fa62e8b0e13b01f09ccc163e3274782a705255d6ea7e7a4b0a086554cf2e34500f045481f85ee10955a89e21a8b01d9049f8963547557e91f11ba1afa4be1b22

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 c4a02b40b2aa5fc24231ef00b43fe92e
SHA1 3978cda12cbcbdfb9994908d9185f5e0bb5e57fa
SHA256 6dc51f500e8b704832c44eb8b3c900130f9639b46fb44ea44cfec54e862170e2
SHA512 220c92dc9cd2c41dc00fabd700915fba5b8be7e716379129dfe34e7ac5f77ab96a7909dcb185a74941b562bd326af19a0c5ed84057fa0071f0b5120bc67dfb76

C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

MD5 05376348208c8aa397de220ccf4f9ad9
SHA1 ede582bd3c1005170d0540349e49106dd66643d1
SHA256 d6fdf1608d1f8ebee507044ae1898e3fdbda97b1b0debe89e16d390494319968
SHA512 8d58fa1db8b51484d1d15ac87da8be52b6495345c70c0561c17be1e0cc919f3a685e977c4adf3f5f0e1bf034a038e8aa8ba6d1594eb24c1c58a9bde3b1167c2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a828e25ff4aad69c8eb33f6138e23b8d
SHA1 69e9c11c4da2f427179bb1ba9009119c106956b0
SHA256 1d20d8ecf88b49d4e7dfc5818bbaa84dce95a69ed312de27a73d1959687fbaf5
SHA512 106adbb971a7e4ce7c12d8c0ee0e91c57171cbac85e0017f6331ffd3250b6d7d92dced1383a9d3112322bdf5e6e7d0b85121654b05513119903d081aa3b82ded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 c1058115645d7ab6c530b41a6a6443bc
SHA1 0659735dec255042898a9089b2bef6321987ef88
SHA256 cc9de91916c9859561e0348317ee9b03c91ad77a25029226edd6d523e701ecab
SHA512 5e6ae203ddc8daeca29f35dccf417db800be915de1340d2a1386776b5442fb41474cb17c0e6dec30d617717f90893c4ab397582645e8849ac5e3ea285eae9604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 27e7a7e68bdeed172befa3204b441289
SHA1 87e3c12cd69166f0b71e248789b9a5f8aa8fb074
SHA256 9b1cfb4887b8bab6f712c519b6fa4d7feb52412c4b6eee99b8e32696d6a8e4d8
SHA512 59d8560c69633f342f52af24e7ce924fcfefed4b65cd37c51802425885464a36c358bbee9839148b765e12aa8a692146aead7dd70984a9ad66dc3bdb8a7dbf79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 354cdf85d073f50ac92670a78d88b457
SHA1 5c48d5b992815c8864cb2a386db18daa6f891db5
SHA256 e3158d8acaa4a73ec12ff31e7861272fad013695625cafc558abfc5301805887
SHA512 6527de27d7fa350d26382d384169e6bb8975686666d0c5cdbe8408ee04350c9bd0ae7cf58d31f15921399a6b1a165f716e8417f3299a5afdf545c2802a8aee1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 fb3ad0052022397d5a1c8b766288d0ec
SHA1 cf5024fddad85a4d7c15336aefe9da80b7d42cda
SHA256 050e59f261304198054be1e0205f2570c07f4e51e87e2c6109e660ef3120fde9
SHA512 59b0bd85d438a8372b05824d86521f882d2c22fd4946a9bf58c9630925714f671f45a1d0aee2f8497a1480f93c9afaa8b1d14de29f9c03e9ecc82923146496df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 806377d08116c0024475d4909b690c2a
SHA1 61bebb016d8b0c44dcf673840041faad253173c1
SHA256 534a090ce9a0bdabce4385188f52796ca9a5193d1859538540a8d8dda8a45a2e
SHA512 33c69016f43b4539a8ef2a2e839f1a428349e7c254cf5425692df45a337306d3af43c6b825108d3f9b144e2561175efe99dece6d6058bf7fa66c4391cf86663a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 a7ace7a352ba4b229c3562e1cfb0f17a
SHA1 64b631fde52bd98bd358ae2e72274c1f2e8635d0
SHA256 662e5b1f41d1b0e9908f0047b292548837471d9503b46060f1a2c84a678501d5
SHA512 550d24b96618678b06961ce9b8d55cc8ac8df6dad457844302bba693abb27784e8ec0302bc7635b4e99d6c10f93d05eb651fb33279df87b552763a5dad040306

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2c7d46c4091eeda0dcc8e98953e649e5
SHA1 33938f6f725d1322127253fd88ba32002d1daa7b
SHA256 42f398041d3c2926f545e376f235b00727e621ac6c026e1b1647bfc1284c7b89
SHA512 f7aaf3123aa8243135a0f609a0c35cf4e8cfe46395e8e47c52f4e2d971cd4bfaa50556dbb06c9b9d40969b1afb92b93078ca62db377b03cf6042c566214d43ad

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 fb2a8ddc16ef7cf6ca23b9369bf3821d
SHA1 b6701b6d24e71424178427da45d92e27d9229a9e
SHA256 f084c2a7744e05adf45cf190fa01fbc3bf1c64025aaf1745c0e0eb4205fab50d
SHA512 02413b81b76dc2a6fb945405254e23b905dd23c0467b6cc8fdcf727b32a1d75ad071cde045fe35126de936bc34516621281ce8c7ebea25d85a9a61458d4dac06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d02f013d86ac16ff2d2a2a026ebf71d
SHA1 6ee68eccb1b90997b36c34704d165681f47cf5d0
SHA256 20e38ad6f6aa9d5153962f182c2cece7c1f85cab199300b5520a21af92f312d9
SHA512 83b2882dd99557c00e5b23363bdc7b0314334f95605392b5ed7ed7f93ac4bfa1e7734ae043814ff3f4c1e7f500125be4d726d9e3038599e4f98a5896c26bed3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a5316d49f2fc503a840339f7b6e85b68
SHA1 da794567ff977264bb5bbf9374f7c0d1f48b02bc
SHA256 b290b098c983693192cf35f1df49b6fee9b04e14ce9392d4e8d68e7269ffcae0
SHA512 9d2590ea124690a4cf9a348592804b012c1e649235293ac12ed767718d303695f4e4ba5610a514378e300b3187c1e9ac7aedd98c4a5e86cdde14b4e5fbc2aafb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34ab50ab4df560743786866e3c7eff5f
SHA1 ef08fc97dc65a7cafd36d3dcc189ac06cf8d471c
SHA256 6bd23fa335cae71378703b1741bf326783b245f47760828b3ad8c1400d8043c4
SHA512 55f0931c2d80f59b01c53bc3113cf694e03cae4812202fa95c8a84e2a5dc941bae7dea3ef5f3bbbfe4204c7f5adadf871b5648390349d546f03f8eab97bedb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c056c9ee6fabcad50e6cc38e19dffb5f
SHA1 cc98b41e6d666228f58d3d9a8957295ec07093e7
SHA256 ff1f79b725553a403ad16389e19a6f0e0a0af845f3667c91b0f047c2b0f31153
SHA512 a1cb269ace76057dd7e26f91fa8ab08a367e45835015a5c060bceba8718b6c921d84c27faeaf1a527a66a1fec953defbfc86eec34a820dd0f288f99e8f8b2829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 86323d0d2ae98ec790e70646989d7fa6
SHA1 4346823a42c4a6c464d297870771a5f9250c1f11
SHA256 445bccd193da7198af3ddf95895e78650c51e8ea4491a7d3117f4b023d6cfcd6
SHA512 bf9634f4c6d1a694c21ad3ccebc36074d6b716861b0074ef99f55dcc6beea5b1e8f9c5165574d10dde90ae19a158651c05d104597f69456e41ab0031df2be25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadhaven.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ff37e94297ad78150033fbc05a264bb
SHA1 1ef2f57d4af581cc8441cb5f93c0c29150a24dfc
SHA256 0a93f95460adf0a8d1e1c0bf9afe3cb3a57b20da5fdee6c586a7e18e52f6194f
SHA512 5b8f741298cbb195775a082e97e2dd4c51b4decd32908dea6225dcb83a0e0c2795dc5b0ca2f0c4c6b8117766fdb0fcd0fc0692afcae0338f42366b1de05d2129

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a42928f217a8d9dbd36596d401c29e02
SHA1 68bc2ac8dec1ccfe8b5c2e6681deaacdb3d19642
SHA256 39f57ec3f04a1564fedb8f794ffe17d6cce4420204fed0ddec74f3deebfdcbca
SHA512 7fc5cda8b26a44add77e891e78fabc0bc28cb8947011620a06960f4b5cf12552b65591b12b5908f2064b66dd5bd753630cadf4e67840060f5285ed96a88d1828

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 5a647a245a5dd27775e8b96f194d1536
SHA1 29f7b2e9b0f6f7103cded844e24b9c0276e1bef9
SHA256 8463e57c3b598ce66e87abdabbfa04ebd0c8e30bf2812d03ade7c2f1d25f67fe
SHA512 c6e869b245f3a15e29d45d07f623d754ab2ea36127a80899547ed472be39d7b7d90659d83dd9305036b84779062941d2a5b72202addbc5c1686922577fe01ed8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 b55285c0cae6a9afc248b585e2c4421e
SHA1 eb6758bf803f777f3ae14d0562c9882395881cf1
SHA256 1220d49f2d75d16c4e656edee1f684ab7f35303aadda5f41760194af980d429b
SHA512 04b94a4a51113f79ea6a6953912bf5fbb0d45190338e13be4195812cd853a526c01f4aea79130d4103f2d0a20a6a64af3033ced4eda249b978cd9d4bafa1a90b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 34d998b1b76e49cd55098b9596f4a06d
SHA1 89ae79d1c147da897edd43ab8fba030711b24de2
SHA256 b187780e0492be65fd50e601a85f3bea3e5edf0e15a8563b0fcd95c66e3e4cab
SHA512 9c734490da2f67609d09e35d271a212f1ab3b5ff8cd0d0b5dcdf6ff3363943be150bb0034ad61fd0e190e0137aa10b727ed31181abb9582831ecc3ccf17dc93b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 a4fb076b682f892516df3c2782ace657
SHA1 df4286021342a8c82ac3afc9826e0c98c4eb9bd5
SHA256 266d8a82c4dd8f53b89af71315942fe422f9bfe7c946dd21312f057933b56e41
SHA512 6d6fc13e480216abfcd8f6a3464ad4c78e0a8cae0a7471361a68874ce6e16f42674108f96130784a109b5a60bd58d938be2608f6b482ce2cb1baf794f93162dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b039135e511383bea6cf8b5dedc1b4e2
SHA1 92c8ae3fca3aa645135434e5d824e82c32df5735
SHA256 ff9a5211fb2d2402fee2eda77a6d041ea7917f3fdaf24d7c3eb8c0190ed828fb
SHA512 b91528a4892738724aa106e18b136cd1da58ce1a6dc5cfe0e81dcf52170d2de0cd5b8eeb32c6b2ccdc60b837c0cb26cf203b7768f3e030dabf076045526c0ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 a3f61bb0b7bf3c9b7399ebeb260b507e
SHA1 0e589a316874773d9a38b675ae31a12905f2022b
SHA256 88e13f5501f3f830373b9e7787dfe70f3bcf0c04fe3e0ace2717146b1f30dd53
SHA512 bcff87e3d0b9d91b1d5c3814046ebe37a5271db44fae98779850f6cee5b64c880b805b66fd8391f47111e65aedb40cd186470b539c61d719ca7c0b4cb5fa1767

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 b9af01fb0240f849ba92eec425ddf7d5
SHA1 6214e1209c76f9f46d459eef3c4bc03f5431f2fa
SHA256 dd2d2b3fa1236d246329ba509f520840dd6357dbc50baff741d17647d6a28a3d
SHA512 3c88d7de8ed6814c1e7a92e3cbcab7587b890d98a32d2cef75b1d6034f80e6be0bd71d7ee3a555bcae0dae29c7411824e82f831c36be0bf0576965bc66894304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 80530ba21263b5e0f581b6392aebcf63
SHA1 dd2c36c5be2306b6a66a372fea390a854e1aa1fa
SHA256 6ef50659893f0b984668c684837c2d1c403565f1febccbc1734937407a71f7de
SHA512 740d12f6c6751ed3e9c00dfd5eced413753c69644acdc7f71ca607b28855bf90b397ae249124c0650c332d0a2f1cc5cb50c790d344ed9669e518fe22af9cb10d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 869048e32015b6cd10d298c95c642285
SHA1 006b7f8aeaf3221e284188e5a27990a7dba60807
SHA256 9e7ca957cac9312282a92950ff571b8a8302073d0f1b2e7d674a863f683b5532
SHA512 694aca9efc7817732fae3ed9406637799abc3e1cfb8047d2f2b7326646d9cf277f027a6882a58168b5ed4dfa86f0f40360b291aa4649529f9895d80be0cac84f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 803e8d510b7dcbfb70291ee976a2e05f
SHA1 a323133d2dcca7c987886cb331082c058102fc78
SHA256 9d48e337345ad0e6db443936a3597bc6520083cc7683dc3fb8bdac032d7774e0
SHA512 a846e4c10e0e01bbb635c4400afcfe9b2fbc09bb231a2ca192f90b8e043b6cb6c63ef84197ffb500274594de9f848e41ee4dc44d12ea5e32f95b87679b819564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4e14da6f76594462df1d3b96aa259df9
SHA1 fe48717d0664b6e1a622af862a7fa0e455cdf86b
SHA256 004954dab02d8016646c7dc0c8107afa1049906d3b532a8d5f49e489acc8f7d9
SHA512 50ec389c3398e785a1dad4c291c1e482f720ca783b1fc014d33e26262f613528397245617c3d9da12ea13a5f2a49df4f9ccee86462b3b0f6dabab8a7ea18eeb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

MD5 e88d2097d81bc6d74b9a1b516408a805
SHA1 f47e07d6ff332cc38f68cf46dc310e8381a24614
SHA256 a2bc2241174c35f871de7b8a7548e34d52b008b3ef68dbe32d911e13ec91e1ec
SHA512 231884d86145bfb0610bdfb0ab906fb41d0ae09516a35732444a97457a24756d9863994b8a9920a4f2e8c94bd592d1ed342c9f4b70bac6b00eb27d3761b1e062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b28c6e5d7d068cd21c65c52f7ea948fa
SHA1 b8d9dd6bce5309ed7abb2276fd15fa16e8b622de
SHA256 b8653bbbf95d3356e23d5cb6acd721f0fe0f784e29c0c38163552dfe7dbefa7c
SHA512 07bafe4c4e1be86a1885ba25e10a68c02f9677ea7e305ddffbfd363615af393d7c5f5be96ecc1c7264604b5c8870f5eba0e7670e419df7d8e9cadead9b1ebc5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b9210dfcbfe409b54c0ef5ac7835fb7
SHA1 69256e516ed5e78a35670fd6db2c03ec2d21387e
SHA256 71c97249ed4a64b80348a1bacf3a55d614cba37d24651c600bac6fb00bc5f0f9
SHA512 f8da560d8d767e218ded8ca91143890e8dd527b6dcd19a18ec00a2f49ba7e59aaf56761227cfc475d8b2cf0ddd60874e9df19d3f795332ffa38030b242839a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 95ad70b0720495f26f4b7dc7aa152c13
SHA1 d325d177460b579980d6b36a4da2defbc709d6ce
SHA256 7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc
SHA512 ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 210b56e7eefbb48ee0a12ffb9f5fe8a0
SHA1 92efaabc11c790a179f64345dff75a38cab5ae28
SHA256 33f3275c6284ff488f0b0a9fa2c4608e308fbcbb84365b9e9257b1b3cb3c7e7d
SHA512 a4e3a58096d8499fde2dfd59ea364ef58795b3b5279080d7b57cc826278a972bbdb7b5ff3eda6138610f272ef8478fdb0b80d968a7c00e7b05823cdaf2bcf816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e318b3693d7cf8af08549344f3116dd
SHA1 12ccc00d41739e4e4f6c594ac0f84f1e2bcdc0ad
SHA256 874556055edf98d815467cb14240a81d32029d2e75f12a0c4fae8bb1df5cf1f2
SHA512 333aa63b039cb3b0f44f5e701ff2adc6e066271305fb41db2e8bda1fe8e6fa18cbdae2bc28305098a601860825ed1a9c7e5836249dd9be350463506f3025a324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 177199987bc6cf3af9f90349b874d499
SHA1 49eb82d905d20c70f80dce1abe6e3d85618f953a
SHA256 fab204580fd8bec2db0ce19feef9c628ed380740ba3f3e6ce2173115402d80c1
SHA512 3b3e03319e2ccd5b3a6a9e01f34271896fdd298e81195df42467253bee56673efe5ec85a9a42588d8c26ed17d90bfcddf8b7d8b65b5ebceef1a126f01e859ae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8e85c08ac2f6d879d48eff724e519592
SHA1 c06131eee4e7b169a61b9f5333153632d8100903
SHA256 da31410cd5fa8ff91dcf3e176fd5411e4595fcc244244b2124960af8ad25811b
SHA512 20bf8317c9f53282654699a8b06da7f500321fcd18952b3a89472959d039a187fd469a03a8051895853e94b3811b93dd3a33b384852274b1ad0bc1a7185236a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 389e005aca9f05529188efeb69ae0b6a
SHA1 2edcb7cba5c48542e70dfacad7848f39af8d253d
SHA256 417dfc5de19d6e61d2dc774b22487e8d2123679d1564742bc5f5775fc8acfd02
SHA512 3e3ae5342c7627f37da94e66c4939375ffcaaaeba825c5f958a03c62ee8ad46577eb770d62579ac553ca9078fcc908bb749765bf7b48a3136c6e046207575f10