Analysis
-
max time kernel
453s -
max time network
454s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:52
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: detect-gpu@latest
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: lottie-player@latest
-
Executes dropped EXE 45 IoCs
pid Process 3152 OperaGXSetup.exe 7348 OperaGXSetup.exe 4528 setup.exe 2296 setup.exe 5280 setup.exe 7360 setup.exe 7628 OperaGXSetup.exe 840 OperaGXSetup.exe 5880 setup.exe 4316 setup.exe 7488 setup.exe 8008 setup.exe 2044 OperaGXSetup.exe 4532 OperaGXSetup.exe 7584 setup.exe 7936 OperaGXSetup.exe 7952 OperaGXSetup.exe 5588 setup.exe 3468 setup.exe 7452 setup.exe 1700 setup.exe 6076 setup.exe 5036 setup.exe 2324 setup.exe 1504 setup.exe 4992 setup.exe 3988 setup.exe 4932 setup.exe 7368 setup.exe 5492 setup.exe 8060 setup.exe 5288 setup.exe 8104 setup.exe 5460 setup.exe 4420 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 116 assistant_installer.exe 3780 assistant_installer.exe 6728 OperaGXSetup (1).exe 6392 OperaGXSetup (1).exe 1844 setup.exe 6104 setup.exe 6160 setup.exe 7084 setup.exe 6848 setup.exe 6212 setup.exe -
Loads dropped DLL 31 IoCs
pid Process 4528 setup.exe 2296 setup.exe 5280 setup.exe 7360 setup.exe 5880 setup.exe 4316 setup.exe 7488 setup.exe 8008 setup.exe 5588 setup.exe 7584 setup.exe 3468 setup.exe 7452 setup.exe 6076 setup.exe 1700 setup.exe 5036 setup.exe 2324 setup.exe 1504 setup.exe 4992 setup.exe 3988 setup.exe 7368 setup.exe 5492 setup.exe 8060 setup.exe 5288 setup.exe 8104 setup.exe 5460 setup.exe 1844 setup.exe 6104 setup.exe 6160 setup.exe 7084 setup.exe 6848 setup.exe 6212 setup.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/1416-2768-0x00007FFDE3A50000-0x00007FFDE5400000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 1147 discord.com 1148 discord.com 54 discord.com 57 discord.com 236 discord.com 1113 discord.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
pid Process 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe -
System Location Discovery: System Language Discovery 1 TTPs 45 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup (1).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup (1).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{5EAF29E3-9125-4727-8F57-FED711D0F0CB} msedge.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 setup.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 577203.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 312481.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 2400 msedge.exe 2400 msedge.exe 3316 msedge.exe 3316 msedge.exe 744 identity_helper.exe 744 identity_helper.exe 4640 msedge.exe 4640 msedge.exe 876 msedge.exe 876 msedge.exe 8072 msedge.exe 8072 msedge.exe 8072 msedge.exe 8072 msedge.exe 1796 msedge.exe 1796 msedge.exe 3936 msedge.exe 3936 msedge.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 1416 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe 8132 Nezur_Interface.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1416 Nezur_Interface.exe Token: SeDebugPrivilege 8132 Nezur_Interface.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe 3316 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4528 setup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3316 wrote to memory of 1712 3316 msedge.exe 85 PID 3316 wrote to memory of 1712 3316 msedge.exe 85 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2416 3316 msedge.exe 86 PID 3316 wrote to memory of 2400 3316 msedge.exe 87 PID 3316 wrote to memory of 2400 3316 msedge.exe 87 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88 PID 3316 wrote to memory of 4392 3316 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://nezur.io/Nezur_Executor.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047182⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4032 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:12⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7068 /prefetch:82⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7164 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:12⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7280 /prefetch:82⤵PID:5964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:6044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:12⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵PID:5868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:12⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:12⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:12⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:12⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:12⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵PID:6256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵PID:6440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:12⤵PID:6456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10460 /prefetch:12⤵PID:6592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:12⤵PID:6816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10744 /prefetch:12⤵PID:6844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:12⤵PID:6948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:12⤵PID:7028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11028 /prefetch:12⤵PID:7036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11360 /prefetch:12⤵PID:6220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:12⤵PID:6488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:12⤵PID:6800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:12⤵PID:6440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:12⤵PID:6664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11568 /prefetch:12⤵PID:6988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11736 /prefetch:12⤵PID:7012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:12⤵PID:7160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:12⤵PID:6400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12168 /prefetch:12⤵PID:6908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:12⤵PID:6464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12380 /prefetch:12⤵PID:6564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12384 /prefetch:12⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12404 /prefetch:12⤵PID:6552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12584 /prefetch:12⤵PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12864 /prefetch:12⤵PID:7760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12540 /prefetch:12⤵PID:7832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=12716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:8072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:12⤵PID:8016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:12⤵PID:7884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11844 /prefetch:82⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1796
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3152 -
C:\Users\Admin\AppData\Local\Temp\7zS05C345DA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS05C345DA\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\7zS05C345DA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS05C345DA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x73f18c5c,0x73f18c68,0x73f18c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5280
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5880
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7348 -
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:4528 -
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x324,0x328,0x32c,0x320,0x330,0x74e88c5c,0x74e88c68,0x74e88c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7360
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4316
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4528 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_20241109205547" --session-guid=1746bab7-0f41-46ed-91f9-e2a3debe280a --server-tracking-blob=ZjMzYTMzNDcwNzMwZjgzYWIxMzRhNDg3ZTdkODE2YmM4NjZlN2I2NGYwNDJjZWRlYWQwN2VmZjhhMDljYTAzNjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTE4NTcwNS45NzI4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYV9HWCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoid3JrIn0sInV1aWQiOiJiYTM1YzM4Yi1lNzExLTRjYjUtYmQ4My03ZTY4YjNlNmI1ZmYifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=40080000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:8104 -
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x330,0x2f8,0x334,0x721d8c5c,0x721d8c68,0x721d8c745⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5460
-
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4420
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:116 -
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x250,0x278,0x1024f48,0x1024f58,0x1024f645⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3780
-
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7628 -
C:\Users\Admin\AppData\Local\Temp\7zSCCDEF7AA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSCCDEF7AA\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:8008 -
C:\Users\Admin\AppData\Local\Temp\7zSCCDEF7AA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSCCDEF7AA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71ad8c5c,0x71ad8c68,0x71ad8c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5588
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3468
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:840 -
C:\Users\Admin\AppData\Local\Temp\7zS84383C9A\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS84383C9A\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:7488 -
C:\Users\Admin\AppData\Local\Temp\7zS84383C9A\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS84383C9A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x721d8c5c,0x721d8c68,0x721d8c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7584
-
-
C:\Users\Admin\AppData\Local\Temp\7zS84383C9A\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS84383C9A\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7452
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2044 -
C:\Users\Admin\AppData\Local\Temp\7zSCF7158BA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSCF7158BA\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:1700 -
C:\Users\Admin\AppData\Local\Temp\7zSCF7158BA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSCF7158BA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x70728c5c,0x70728c68,0x70728c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1504
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7368
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4532 -
C:\Users\Admin\AppData\Local\Temp\7zS4B16988A\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4B16988A\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:6076 -
C:\Users\Admin\AppData\Local\Temp\7zS4B16988A\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4B16988A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2cc,0x328,0x70d48c5c,0x70d48c68,0x70d48c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2324
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4B16988A\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS4B16988A\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3988
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7936 -
C:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5036 -
C:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x70108c5c,0x70108c68,0x70108c744⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4932
-
-
C:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS00F0A57B\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:8060
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7952 -
C:\Users\Admin\AppData\Local\Temp\7zS01FC367B\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS01FC367B\setup.exe --server-tracking-blob=NTQ1NDhiYzUwNTBlZGFmZGQ2ZGY3ZjFjNWJhMzgyMjMyY2I2NzBmODFmYTQ1YjliMGVkZWMxMDE2OGFkY2YxNzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU3MDUuOTcyOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiYmEzNWMzOGItZTcxMS00Y2I1LWJkODMtN2U2OGIzZTZiNWZmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:4992 -
C:\Users\Admin\AppData\Local\Temp\7zS01FC367B\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS01FC367B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x6eea8c5c,0x6eea8c68,0x6eea8c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5492
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5288
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:7536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:6904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12988 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:12⤵PID:7084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:12⤵PID:6396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:7416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:12⤵PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:12⤵PID:7324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:12⤵PID:6564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:12⤵PID:6208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11288 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:12⤵PID:7928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11300 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11972 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:12⤵PID:6700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:12⤵PID:6784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:12⤵PID:7760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:12⤵PID:7848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:12⤵PID:7572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:8072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12364 /prefetch:12⤵PID:6948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:12⤵PID:7164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:12⤵PID:6644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵PID:6656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:12⤵PID:7180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13260 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13248 /prefetch:12⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13456 /prefetch:12⤵PID:6340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9632 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13840 /prefetch:12⤵PID:7000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:6992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13396 /prefetch:82⤵PID:6624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936
-
-
C:\Users\Admin\Downloads\OperaGXSetup (1).exe"C:\Users\Admin\Downloads\OperaGXSetup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6728 -
C:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\setup.exe --server-tracking-blob=ZDAyNmMyYjIxOGExMWMwNjczYjBjNGU4NDk1YzMyYTlhNzdlZGM0ZjVhYjU4NDJmMzdjNmNmODIxNjM5ODJjMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU4NTkuNjcwNiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiZDJjNmQ2NDAtOTc3YS00OGQwLTgzZDEtOGQyNzFlNmEwNGJmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:6104 -
C:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x70708c5c,0x70708c68,0x70708c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7084
-
-
C:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS84ABFBBC\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6212
-
-
-
-
C:\Users\Admin\Downloads\OperaGXSetup (1).exe"C:\Users\Admin\Downloads\OperaGXSetup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6392 -
C:\Users\Admin\AppData\Local\Temp\7zS8F8FA28C\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8F8FA28C\setup.exe --server-tracking-blob=ZDAyNmMyYjIxOGExMWMwNjczYjBjNGU4NDk1YzMyYTlhNzdlZGM0ZjVhYjU4NDJmMzdjNmNmODIxNjM5ODJjMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzExODU4NTkuNjcwNiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiZDJjNmQ2NDAtOTc3YS00OGQwLTgzZDEtOGQyNzFlNmEwNGJmIn0=3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:1844 -
C:\Users\Admin\AppData\Local\Temp\7zS8F8FA28C\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8F8FA28C\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x70d28c5c,0x70d28c68,0x70d28c744⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6160
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6848
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12080 /prefetch:12⤵PID:6436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:12⤵PID:6488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3216771080156232067,5672743009484881108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:12⤵PID:4072
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2352
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1388
-
C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1416 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/2⤵PID:5352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:5376
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nezur2⤵PID:5392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:5436
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/category/69-nezur-executor/2⤵PID:5532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:5548
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/2⤵PID:5168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:5188
-
-
-
C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:8132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/2⤵PID:6628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:3912
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nezur2⤵PID:6532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xe0,0x104,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:6624
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/category/69-nezur-executor/2⤵PID:6648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a047183⤵PID:6512
-
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD5dd8f8535ed5debb5aea44be15492589e
SHA16c5382bd31a889cf326560de168260d4df9125df
SHA256db8575010625f4332116ae8e9b1b47701b2d24b1fb3f1940a49348b4a9c0f29b
SHA5125e9e430a25f8fb6f40c2ae744b47d730dc258244d9fc41d356e77d9929a43910408b5ff551ba4553ab93bb2ee4ce5c91b5985d05f52732f6eceb81746fe15945
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
21KB
MD51682bfa731083c2173526cd01dfa659e
SHA1457d65329d9866ac1dc3d3ca441ecbd2ce6019e6
SHA256607dc601ecf72dd0f619449e8c07c3ed9cbd51feda031c5618ff44ca1cc69e02
SHA5126e4701bc05b868957c11371ffd1938b6a897d4b80b39db8c1ccf3a54bc67842aa12a997e03b2b1d9a4c44ec1e2e5208bb88bfcef62c6f7382d17c58bad08a2e9
-
Filesize
106KB
MD5b96a6c8f0bc8cf6289f1c4417bc06c8d
SHA11f68f49dcee61670f71aead40c7f9431aa4cb90f
SHA256d2fdb9439b8ded05afda8878af4c2ca2f41266f1a0d1e9cca201fc28251a8c0f
SHA51223150ced68e09a9d90a0d4f7b201f90d9c6cc6438d4f82ad32f43dd57e8a506f94e56b92741b5a1ead33a35b07fb56d0f99211ba1f4b539118b084e0215c4799
-
Filesize
31KB
MD5c7947f7c50de3d5f0e7b3bf4b9a230cf
SHA1c74114c4c0b47ca32952704baa84e05609c305a8
SHA25645da04fed13c3518e36a43e8b9a692be13913d4c58ba21546740c463d2653d48
SHA512b5560a2f3213980174615e755a10543e5a0c21c893ea7d5da5d46cde779922efbc9ea25d26eacb6cf54b7f2e7277301d677d8dce0ddbe0497197bfc1b57f2bda
-
Filesize
266KB
MD5aff17b0e3769effaf0119f7863913a95
SHA17f4f608b4c3bfc0118168fc995a22582a2ab165b
SHA2569313d9010db5b54168fb41ab11fa0c147bd8b0cf60bc5b61b7cfdd4bc28e12ed
SHA512f09a5362cd3732162dec76286910b36efe451fa8602cd23bc0cf90ee970c19a419ddbeb0b472e48cafdc61cd3a762616416a19453a1958fa9a51c7cd124d6a73
-
Filesize
272KB
MD52c8770159b5e28590f900c9d0d0a197b
SHA1cc2b62a6e17dcb8b96b70f70ecdc6a0cc4657b06
SHA25620f45db47d8f5bb4b5db3bf98dc9db7839757c7285504c78f7b8692f46f054df
SHA5122a7bf2882d725fd057f514ce92e572a86e14c928ae2d9f241ea2ea396fd5d43b777523dbdc9efd5bce369a254ab8c33e0ca1321e4204ff1c27290ae268b6c4a1
-
Filesize
27KB
MD56f6711e20b9478a07891e68bc7502637
SHA1b80363b53efd2a89ec17e7579496dc2601e6453b
SHA256284b47fba3c65c0f87c327fecae885da0b719ab72e1dc4943691011391d250da
SHA5124405934a8f1bc22eb0ceacf38df6d132228771f7b72ea7d2044306cae2ba2446590244c3242d29292f8cb0244eb492bc0a01f20860b49c50a8f29460f8e38e3c
-
Filesize
47KB
MD58e433c0592f77beb6dc527d7b90be120
SHA1d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA5125e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3
-
Filesize
93KB
MD5756dd1ca8b8554297f942524e8770b30
SHA16292fb04f768d3878e046d7d5d9c116249944448
SHA2560abb8eab350eab11d656ff7122d9ccf629b4e36c752dd7a75e24667054285b1c
SHA51254893b0a8b515b89935cd30104e7ee76860d698f3a57e638893fc6495ff1ea93364764cece7518d8eb0aefdffac5bba8e1f9adaa2787d498a9467b5ae598e440
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
Filesize
25KB
MD5a5cfa1f37fd341deec50cda252bbafdd
SHA1c3fd06a7245d7d3a6d051ad3917bd797b6fbc2e9
SHA256bc2365c048866fb075769c0a262ac64f6dd7b5d984d3cf5fb054469fb776c7ca
SHA5120cf23c998f514a4f49b583cb267aeb2052eb3a763f54dd9c07d2fb1c38cf325920784a7bffea4a1c16cd6d6280b0804fab86cc01fb0cc821837a23b57623f49f
-
Filesize
78KB
MD5edaec93d4b13b23be4847fb3f3e6aab9
SHA1025dccf971bf5db3acf4bbdd0c79260ef0c2506d
SHA2564a350c9910de73a9dc6f618098070699224ad93a851b989f684924193e56a0c3
SHA512263ac36f412778be9cc7af0d08b0172a0773359bc5c5357c8c7970e7804b93dd45c2c4452706e5a3405eab23f6cfc13aa5f0be47b857e7aea91a06e721a766b6
-
Filesize
68KB
MD5dee46781c0389eada0ac9faa177539b6
SHA1d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA25635f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d
-
Filesize
66KB
MD5b2015083e6a8e22deecda244105fee58
SHA12c70346ec41d3be8b06cff71f03c551081f451a1
SHA256514b43f079b0faac2664c5a07c5da28afcf1dd27cdaaeca689aab661a7ef45bb
SHA51273c5583b9f1bf0e07ffea184780b29d6e007ff2a78c7d217bb88159e1be2aa742e10d86d71cf877d1d0c93ab8b9c4bbb24c260eeac5225d950e9e87556e7c7c9
-
Filesize
9KB
MD525370e83ae5ebe901ecc900da0ffed1c
SHA148e68768a96d08a65c170037a8d9ca7e8ac20deb
SHA256527956a1f852f07432e0ce99c34507e5123dffb7a7c69a698cf97378962ead7a
SHA5127efabb1578fdeead12b1b608786fde831436795b52ff36be1d252379c3ea709fd60cfd48c00f4ad864c4b7eae6fa652b28ee14e54b0764962a168a051fa13de3
-
Filesize
256B
MD522a9cb63c81bdce4a886d805243c74d0
SHA17ed2370c3a77093bc2e41f87569291f0ce3c3ed5
SHA2562cdf63c54d146aac4213d411d635659955cf5dd343163bb3c5f402cacfd288b0
SHA51244854d6c2ad51f8ecbed3f00b98e58e2d555d032bbec0a9e53a8b6452f9ab5e65f2223a9df2cd2c7ae56db62bc474b1cfe319451d965d78243f31e9694e90f36
-
Filesize
291B
MD52ce73662e2b7a917023dd0110683e3c5
SHA1494075e8b93732149ba071e04851b14da06eae63
SHA2567f8dc99c609c443677ef14ae8264e63171f0be034aaca584769583a4e944964b
SHA5123e26bdb2f62309a7c992410a16500597c5ab2c8d18065982f601a89e7c4b7e79eebdf006f5ad57484a01ee06cd381369186913f14f9c32533f040dbf26b16d34
-
Filesize
1.1MB
MD500f957f2ec303f0bc91b4b46ad980479
SHA1ca58ffe930a88817014362a6c32fb36d7136dd96
SHA2564ec3cf2453d8eb52a873b34c8bcefb11246c17dd54a82198fc0d2c475d769713
SHA512543b5f716341fb98a6732b033f1320b6ccd7f3f6fceda0de9f37cf656f70fd01878b1828d6f654bbfd54dbb3485dd03a495c3aff5e6abd8af1f48021c822a024
-
Filesize
89KB
MD5b4c7a3f2a610c6ad77d9d38888d871a2
SHA19e0887473c1f14e8dd1cec06709f34a73b5857a7
SHA256826f01d26ea153d160c2a0a990b17199b72239b38fa219b69f8440390c48bc63
SHA51290ac2262f3db444f4d37213c9acc502eac56a181a587f9f0d8fdc826b247e2726f0bd34b5096d8b4ee31ea32991511626f26998ca067415b02bf7293b875cce3
-
Filesize
304B
MD5e25afbac40f0909d0a27a0d0006ad865
SHA14ed244dda18a35dc7e613f934a4b0daa8156330d
SHA256a932e1cf3f9230333feb91e27240270aad279e9913884231cb4fb0ca351ea599
SHA51276b0f16782134629068daa0a1972c3beebca19ae4a99fe20cc20f23b0fe3ad426a4d11cd19c40079b444a84b7f5df5a48df185b9decbfa75d2c0633e13560783
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5d4d5d8e853b8db28fde471e05c0e23ec
SHA1f58959a0626de6f58953c651b9ae3820e0e86f8b
SHA256230729702eb2935d56d3be245e6ca9834cc83300e045429b4864a75210dcb146
SHA5129e430422a8b94b83599ab348da11491071a462ced52adc2f157024b828223dc96dc07cef091339723405061cb885096fd822fe0f95569e098974154b8486a0b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50410d4771899d3ef0d18c6ad583a44ad
SHA18eec1860a6e025ca8cf7d508d9117d4a1ec02e32
SHA25609953356bf100dfae11194f12749e9b74a957382a878cdbbc1f2d72cbd4d7127
SHA51228779ecd2667981f036322d2eba12bc3568acf483b90a3f80e660b3137a29bd16beb9acd94ec0ff8ab6a326fa46485ae1d64b2941c3d59fc4acc7f70b6562e8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50c6612caf0081fc4e356403e06c5d03d
SHA15062da1239526ac22d888706e02647aec3bf75fd
SHA2560961e335fcd2383b8a3975a9d8e2275b68f99a92cfa8d557bd51de3e93bbeb6d
SHA5129acd78e21984345b7519cc18eefeacfae152c0b60d4a2a47d0dbe728376e88660f1bc551590b7e119034127a892121cb40692d0d80ced24cf13024106902d4e4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f02d09cf2a398958a6c8f50acb33ac35
SHA197e4e72bcd773f9fee4204a8dd7a27afbf42d1f2
SHA256b80062e1f524bb5d9fed8efd0d032d318337184a21b9e87199191cc7772b4da8
SHA512f4df6c56a7a3702e7aa5e445c7703d091c36c0478bce17a2b5ed6c23464c9c8eec3cf9ae787dbb48da1559ebd386c4ffd82607c834f00446aa68371d3906addd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_bypass.city_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
4KB
MD571c7a5031e225dcd090455b38c2dd4ad
SHA13d12e3627dea943a85bbfb3fbcc673ce052e48bb
SHA256668397d4e250acda911d8865f0900fd142019393ab5439e4628cefde802eee4d
SHA512ab8065d0b9ecc644d8249670c648fb2f2e4e88f2a73c77cfeff938a133102e76354605553169a21ce5fca93e0368a139fee46b8bdd281ad8941ee9961486c40c
-
Filesize
18KB
MD522f2aeb8df1c1426a7ae20d3c5441b4f
SHA1358f9414a2d0956035ae1a210d90bf323e8dbeb3
SHA256d3bdbcbbe185c511c4073d9735b5a7f6df47f7badebe8eb75136cd98860c83a0
SHA512cf3fbd15de932bed51b4fb4b5ff57faf3cdc5fba78b91cdb23744e744ee9a8c69c5f969ec77ce36f1efa9d79c08f01cebb76c972d57ade3bc2f91ae007aa0646
-
Filesize
19KB
MD5b347fd8f7e43fd13f2fac5261d9075e4
SHA13dedb7380965c045dffba1dce26d56ed7e948034
SHA2568b041691df043f088cb85ca273f48ddba315e35e373f06700ef1bfe2c94fa9a1
SHA51272419a75058b81262730fb2a0b7b527d4470c336051e54f38c72b736b5e91fbf15bea13456b95ca97b6d89f987143943ba857129042aeb09a382acb81012cd6a
-
Filesize
17KB
MD598ef9dbbb899ba69666010896f93af40
SHA12ff9abc64e78da642dff778b8e8214d115c2bfa7
SHA256777320d7cfe4e1b9b26852116e281fc8bf7e4fd01c629233a16d098fb1593e7f
SHA512c8796ba23d315b350c46d9b3c122bc96fb661913859f787faa3abe034dd5ce33a863675b51ebb1e8fe2aab1d716090a4faa6e421ef6d01df06db0b97737be56b
-
Filesize
6KB
MD519c0737a8f0a25123ec2e5f638bb5dfd
SHA19731d1877f57031b58240738f2d74a135aeb62ce
SHA2563bb461f1658b3a095b3a5e1d3a6c44ca8d672d6de6edb0a3dd0833c7e4815d30
SHA512663b2f33a9c71ffda915cb4fbb4840c7d2524a79f3bf163c6465107860a47572cc56ab6e8ff33282108a874f33f6be2a83105829203ebce660c7d6246a2b872f
-
Filesize
6KB
MD5ce8a0bfe594db601c927acc104bbb128
SHA16312c5fab0b643e83f7b82c25ca47260dff59e32
SHA2569aeff7a5c72ab2c290092ec67038e09d1542d43098cc5196492b8214427e8931
SHA512466d9a22c8513e223e82fb83089aca24e030e4e0a248293a41bb590ad81656b70f6e061e3cb643a37db43ab780716ee43eb665e01a99dd2f4f608c014885f20a
-
Filesize
8KB
MD51e6e6dc0a2b387132f140781a12c76a0
SHA1bb09e5ad4ae3517a74329236ab8dabc18a0a8b73
SHA256dca27a211cfb33c8d9d7206caf87e6335928701bd7a0f1017303b6c9a5db3b0e
SHA512d14295979268d2c8f74626e93ae8167d62336b652398c7b6811d24f9da6df42f6870d0ed4f7f0610a7afc971e5de9323ee4a783fb15b3b3546f533c04767137b
-
Filesize
9KB
MD5df7279dc69da827399386da0b1d944be
SHA1cdae96b7152b2c61ba7ef921f05cf357c140f76d
SHA256573a3f0d87ea0524fc0feaffed62c6c19e157be9bb69f0241ff3745d57356fd1
SHA5120b443876fc04c43b8dd58f206de63878bbb8c743cc4b90f8899b11fcaf2026b65303ac5a306b846433f4da3b104c21aead9bae36d0cd3b2396a1fddcbbcefb10
-
Filesize
11KB
MD5c0bfb18b42bf2e79ea9ef0c054bc3c44
SHA1723b90bc7037dae0865fcae7e48f914aedeb9137
SHA25655503a93b84baf9d3b17772fd6c52633acdbb32f3576e1397a6de495c19d9829
SHA5120d02a361ed5f4d5577cb12eee20b21e7b67233819bec2e01a3c3fb462f1fd782b8e43482b0c97f47cc6ab73d98cdab2d3e10598e5b7c275495ecd31d683b6b0a
-
Filesize
20KB
MD51e3cbacc9ef6993656cb9af84eba29ef
SHA1f703d31233ee952e962f3de7ddfc8a83a65db591
SHA256ae83eceeecd3a380b496df703d45eeda429031b904f7fdbc3e71d22eb3fc59b7
SHA512895c4a5ca03bc0bfcf1757e14b49b3afc937239d5d0960d44eb5b63332d86aa4b3504a0e54bf8c5d3e6b74720432c74dfcfac68fbb58ca1b9fbf9951c4b381ff
-
Filesize
22KB
MD597964b37ac2dab22c071de36cc21f8f0
SHA1272bdb5d9fd7ae3589988e72679a6f0e47b1545f
SHA256d576ea9c110fc4a886633dfc999600183cea8edbc21640a7968131aaed75cf17
SHA5120bdcc2563db2bc34ce9070cbb6e555b7362c72b31d4305129b6d84c71e18ff93e0acf9d75532710ee1d607b809908ee3065009540b2965d3d18e5b478961e4b0
-
Filesize
23KB
MD5e56a537c67be39b9332d35b16670111d
SHA1f4aad96a870c1cc9b29a462b2fd7ef9fc3f0c708
SHA25634a75dc410387f37414e211854ab386a81c2eb8c81c9dfed0fafc01f82715290
SHA512c14e38fbef156e7018f2012e11f6909405101909c7914eedc8db3cd950975821a42b89cdeec020b907522236e4cdaa59841c319edf74759ed0b9b2ca2365dc4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\0161795a-a5eb-40a4-a630-dfecb54d4a2d\index-dir\the-real-index
Filesize3KB
MD5f2416f31e0e66215a00c3d60e5a080be
SHA1e1ecf5d4a16a8391b78cfb382f90a5a4b9fff999
SHA2562a1c63f8f776d51064199509762af0e2b4fe2c1102daa769165bfa9474a680f7
SHA512ae984144509154110ca701fb0135678ff387027f18babae768e4b06838b109956e48c9846a24d6036d925846b798220ac6b6a8edae335e5647ea49ea4c07d029
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\0161795a-a5eb-40a4-a630-dfecb54d4a2d\index-dir\the-real-index~RFe595ac8.TMP
Filesize48B
MD516c701ec4ca4ad2255e85755e5bb1eea
SHA1abbebc4f2250f10b017f91674d5d892297ccac54
SHA2569c4d3dc364a8944e9aced0bafa410b15dd6cafa608c0599d30f9c4fefa434c9a
SHA512d0d0b12e56ba7abd9dc6be5cd7f3a5cb5e5ff240bb5faf7fb16151d9901a177d442db375c7b76d2b09a7a3b5b5c02b02761527aab0d19a0965e237afdb243ce6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\61703499-3b92-4ccb-b6c1-5cfc88a11c6a\925a02cd30dd2ad1_0
Filesize88KB
MD5dec9c7fcdb06c1c93d8557606897e2c1
SHA1b8f503f2f211747c76d96abc4eee12ede8e287fb
SHA25613fdcc21f833484b2b8b7fe8d89b1cfd892a6b093ac115a6fb26c9fa8a1b3622
SHA512e76ecbcc477380ea15fe1d16fab08e8a8fe58b6f0f7056e61cf27b89c0f69daf6aaf1dc36ae0ec3e23c1fcdc02495eaf9eafe22f91197f6b1b215b7a91a54bad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\61703499-3b92-4ccb-b6c1-5cfc88a11c6a\index-dir\the-real-index
Filesize72B
MD58bf67a071119463b7f0f63a8ea56cca8
SHA107436407f4b01b4785551e8cc95b69c266b0dfd5
SHA256a24c0b62349eb44f5c68ec91a056714287075d007cedb413491f98430bf55ea6
SHA5122ac33fe03e2cfed82481564797d5191a13580bedc7b10793d5af678d4acef7ac08e85c9e97889a89fe1ae895e331562b83c710f8a637768ad95dae061a6ab630
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\61703499-3b92-4ccb-b6c1-5cfc88a11c6a\index-dir\the-real-index~RFe59ec5a.TMP
Filesize48B
MD5bed4c963410b5ec0d9abacfac5c6d3d1
SHA15d172485cab4ea2fda0dae05b210923d0307ef72
SHA25687e6c6c09ef3bc29a8cda31a93dedfd88524b07b81f6f964f1e744ce747cc787
SHA5121c0a136d116534b038b68c3ed5c2c0f7bf8dd4dd4fc81e162be249253dd0209493b5a3913dfcc19bcdbd4209a6ad0521d94e8999267d30433eeb5f52e43f920d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\fa11499a-c27a-4cc1-8a19-83ef1076ccb2\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize86B
MD53533667387c0ac33e23ae2c752cae035
SHA10db03fa41c802172ca8871d1468ed6cb737654c4
SHA2563946a5da07d8c9c3674a90598078593b0e5a3fb25bd8181e75b3a7a0b92ae035
SHA512b2fa3484246483b91925d22da3a80e5d7daeec27e3cefa01f8bdb678cd88d2e7265cdab4cfe922598cb3b25a38837c28087b47006b02363e6209cd1e8b9c9606
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize176B
MD5a6d0361079c7f359d4b3b0c887d926e4
SHA1188292299981e369e4192b302c5de31ff956c2e7
SHA25615ce4bc7ceadec98428ee9ed68e86b3fd11fac84782de7d5217831af12431817
SHA512b24cb3ed810ed0042ab02bdd83281b582dfda6e528a8209f95c304102c8ee59eb435d4bcb6607f8dbfc358ec9f1f6ffe8624ef96271ce8c2adbc536a73a8b79e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize236B
MD57eb432dc7763f3aea24d0651a3014917
SHA169c8d58b1957f81d27e1807d7fe5e18548a779a3
SHA256b96b3c2e3d967d480a9f601c7cb73f3541bb6b4da00b0d12ef6b907773662be1
SHA5120e31dfe6593ffffee7b395953143861213b1d1806fc249403645b8e33ea133818c5c4dc8fee1c7f85dac556042cc5281965c43012f2d65bbd0d53cc0dcec5520
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize229B
MD59eab333932b7065aa1dc2882b0a48557
SHA1bdc9181da6a0e63e2d63101a3d7270aad6ab3097
SHA256943952da6b18dfad3fab29e474b2e9b3a893e44a30bd90c89e8b4fd306addd04
SHA51225e8364f8ea6a059610037d7978fac52f449cb3a648e9c26e25d9886ac785e8e2192998917b7656126a0f2ac9e00a975f7337eda566bccc658ae9fc50f8adc8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\14b90021-b322-47cd-94ea-219af76cdaed\index-dir\the-real-index
Filesize72B
MD5e30e2738c7997122128e083dc60ee91b
SHA13c0fabe4f3592e3def2d131f03a551fd2bd616bd
SHA2565b6e3031caa8ca65b0e02c99854f1b26504c6b8ded886cb35d39aa2cf3d5cbb6
SHA51241f4862d77a90c1f5a314a55c0090da4ea7d4bc6d2f906e944b3b4ae1f90e539ce9a9c7901559918ccabdb146403c31fd3dddd39157f7b50e343fb2848ca2b92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\14b90021-b322-47cd-94ea-219af76cdaed\index-dir\the-real-index~RFe58b040.TMP
Filesize48B
MD5777b61e0172e7b2bb86bef8e063ad66d
SHA1d8ba484e5fad879f2b0121aa5f2f4922f465f5ab
SHA25612df845878e594a3877c07a9dd1b1235f2585aa1e614da639174cf1279d5aae1
SHA51277066237bf037b8a138ecb85a484624596aca0a923fc864c83289f4d800cdf5cd561f8f82db18b182d94caa0deb676871dace351c2b69c8ab2310de5d9555b1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt
Filesize116B
MD50558fcce36e78fbff6c0d27cf5bbd18a
SHA10860de3c8f573ef51ff51f5e076d056632255ca5
SHA2567e108b2ed83e97ecd36c71d55fb5d886ae826e34717c495ed12324e4c58f51f0
SHA5129cfaf67e078413a1fcccd7f1f55d7ba2520a60475fa5bc140d58fad95a23914319c96807c2c70a1520452d59768a60a6708651e1e414323d4ab1524232b23250
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt
Filesize110B
MD573566caca5550ad7e0ee62f45d69a39a
SHA1c9a3ef811a097ac666b86fe46c54804160f7697e
SHA256b9b44a0b21467e62b8ee3c830ca3495b72c5ec9eabe1051e88ed1b7aa677a4df
SHA512b06e3e954a9cd5f36933514425c1ddc0a2aa80dcaf268008d2edf65152b193e143cc28e45bf6a8ffbb7af71c241f1f6fd5e6425d3e24942d78056c1057875982
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize19KB
MD5960662fea21b91f73b70da845919d3ae
SHA1dc7016a417137f711da49c2cdfc2e2df14b0c859
SHA2561a99e017dde5b00acf6aced9a3c883a7f3336101e619d18e425e656465f8c2cc
SHA5121b008605f6e0c3095f5b37a2b427dc4d92e00d47b4c4a68856e26e7afa50854c51e2a0007e04585cc81724ecf365dc68357d8b35856d942f87c88cd24b4435e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize20KB
MD5aa794e11b1db9e78a4d49d22a6ffc336
SHA1037e436b189f1e98e941074999ecca622f133fe6
SHA256dbd70b238540fe4015ab2b478b77c0cd051a5d63d728d632d83faa267c721957
SHA512810690e70a3fa71db6257d24245e3665a947a3e6d48182abc10bfcba86f5d75af90682b5d7e88aab73c9c5f69f4867829d8bf3e9dd37ff6474d341d9cc0678bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
Filesize14KB
MD59a53d73b157a0ecbff02844cf19799b6
SHA1a236d7a52965d4869a0591cddaf8de5c2630b87f
SHA256e9b47c3f8087674cf16c87db0b25c379200cf052ae5dea82c74e0c59706f5428
SHA5123da69ea09b00a73e2456e4a4f43cc083b3d6e11108137cd98a28da766fb1f8c3931ae5b05f76951a1811ee20c1bee71074dadc07f30b0ee0bb9fbb80ccbb6bbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
Filesize36KB
MD5f3a69febb495feec310e1b0c4cf5e842
SHA144a813b3ac1bc9abb5b71486a402604011e6ca61
SHA25669363f14186b6dfeddd94e8dbe3ced20e139ed5ba4912dd393bfc5c8824ff826
SHA51272c8f8c276c99ee83eebfe9f2da14008c9f4210a5c6947036576abaaa5204b86609333c10040cf3ea70774e70e417391f0c4c6eb3611b95e7f6c45b0b78fd594
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
Filesize19KB
MD55eb0cb289e248f6c48d258dca52ce1b3
SHA1fe44fb7c5821f136497c3a7170ab4f06d26ad568
SHA2567fdd8fed9643f216a9f4256b8687d3ad0c619d84dd41798bd1383906b3a99b37
SHA51277b193715ffed5054566d753a750529d5fd742afcdd4491439e9b5caedcabed83a4cd3930d8efd65e9fd5204c7790b5965bdc77d039cf8530b234aa893fbeacd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
Filesize54KB
MD52481e289b8af5339456200f899b29710
SHA1621fc1ab22ef69a13f84c07a034775c9b42ec15e
SHA256d10dc9e1e48e025cc0bf5007339d31342b11a7096b6a218aa5dee671609680ad
SHA512d8836ad56342ebf997f9edc269449b7e64719f870a584dbe1dd2244ce83c901f3d3ef5ccb06e8f7dccf13e34f5f7d74904a83f165ec4be81af0732b91334f029
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD50dbd22cba4f65a223f43a161019ae8c2
SHA118a82bbf722a82e891c5203726b58f5621fef40a
SHA2561011ef8ab9cf3f44c7cd706927d942db0b1a7328af4821788c5273df11056919
SHA51205a42829bec09caf3e211f34fe8722c8f3387735f791a2e5980d630f65c320dc7e9c0701932b0d450a92db99758a6842b0542c3524f26f3fd127ab953ef6634b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize144B
MD5e9d4de00c2511c743eb0cf544859afaa
SHA1633a87fec15d537c9b0714460d3e6ef681534a20
SHA2564fd735255397212f0466f2a61e7397d22bd99e0dec158c98c3ce7b89d4cf3dd1
SHA512f4efbad76d4c65269c730fb913422d65d59f112655d3ca6abdacaa0f97642dda42013543db9c705e1feacc7a6abbb82fc283a6a076095e6ad5f7f2589449414c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a6e9.TMP
Filesize48B
MD5741b3261b4b053642d32da01b9baaabb
SHA13122521e28213d13a1cbe18474b9716a51d9f3c9
SHA2566ba9d8dee9e657be2304e13d34ec80e3ba9f3868a2bd146fcc77d4eb69b2f25f
SHA512502d5d6bff3deac93646469e035074b5d425525a617197ea48b590ec488a1ca2ce46eeab9ed9e5d727de24bbf6e871a1521f19a616082bb8c5c74c08e19b57cd
-
Filesize
8KB
MD5cdbc193a388a85228f71f8b8e670ca75
SHA1bb1d68a04120b668ce71247086334f5a3b03a84e
SHA256f98a0dd48ceb886bd2f6422c944ccf63e33c4fc11839a658228c01be9524c80f
SHA512fc600948caca19c6054971e5b57b541b43491f6386d3c4db8e8488c51a09ae99c51fac80ef21d38d0874c1adad2d16f83d63e34516544f2e6048dae58deeed43
-
Filesize
8KB
MD52eee86d1c383127b3d6110e4f7f4f955
SHA1a70fdae7caf2837e5396a419b870aa57bf63cef0
SHA256879763f7ffa9ec03969f7a6a4ddc375ee4d483ea007c3d72232fa5165d6e900e
SHA512476a0e9daaf2c5c371ed0af31765f09650f8b2509670a3fdd73d2e772ff3842332fa5f18104c77ff5c038734d5e3f3ef4e92c3baa4025c0e8b4f92feae9b8aae
-
Filesize
8KB
MD5adacae360dac6d1ae95918ddf4f49132
SHA17e0b1a7feb21312617af8fa28ffc364f4bf8bb17
SHA256767cd0aa4140297ab78bcc1a3051c1810f17cc5e27d3ec38b2f2bd7fdb58d689
SHA5124eade74c5299d0ea22400e04e4f7a0b84d575f47ed1809039d7ad3c057ba4e5fc0daff6fab694bf35105662c2acc97dbe3c46c8d9111a36d364555f703940165
-
Filesize
9KB
MD59cd8e6b14e145b13e0d6464111b5114a
SHA197040d6ae59ff00d3b5fd7a3fdc0036aacb85d22
SHA256ff3b0dc482d7b09e718faf3f7c00e67a5f628fff49e651b8f995624c3d12a1e3
SHA5125d0147930e7393e2664ebcef2fd080ef5ab90a2ee7d56f32d6fc147328fe9cd06126db340fc9d2ecd1cfcaba0205d9d6222e83f857c29595bac35a3f3b2df9cd
-
Filesize
1KB
MD569adfd04cf646e5483dc45f986e5c927
SHA12fd379c5ad2b002f39078ba78e2c36b34c6929b9
SHA25662aeaba006c58de7a62eb147db20f89318ee6d3b85a1414aedbf0339ccf939a1
SHA5125e019360525a2db62e828d19b4b558978523872c9a56fa88d0fc2a33eee1a26329f7dbac4c5037d1d00067b1d344b1213bec93f58d6dbabc4b42c0caa1627a22
-
Filesize
2KB
MD519251f46a93f8775cd781f8fbf95f70e
SHA19c42d4659b9d4a5a431f5258dffd100b0643c0e1
SHA25652b6eeb5f29323eecd2685bd0078ea16b94c17f686220eb30796cc2175650149
SHA51242834c5bb2dc5565ffc00d546ae34e099981d8ef27c7c99ff1d69e72f534372326a183fd29fec64d03c66bb6c519b24394b49ce910908d0d46bfc5a2ca36c2df
-
Filesize
7KB
MD57826be370fd3fc0d05e23bf64483762b
SHA173497af12da0990fc1bc9a0564d5f6753eb7ec81
SHA2568d95af587f5e0d3b94ff53bf3978a6c0d2e4842cea2a964a795cd4f2e77623be
SHA5120945f8c59f08817ffc7963cf6e6c0e662940fd8e5e35220227702f6820150d60ee0a1fe275db464f33233e3eee9326be98982025792f1b8fabf2e6a440e4c6d8
-
Filesize
3KB
MD5979add79966300605e2a0d7ed37b2d2c
SHA1d593b0611745b0f77ec841aaf7d5f2e80c2e3efc
SHA256aab7779e9ec9d16e792b5c4408be66634803cf39c1ecab9abad57f9bc7735ce6
SHA5120cc942a2e1a4d0b47191799953d88d0d4c8877982a25cd475017b21500f6ca03d846e35db6669c95cc4da54cbdb68697bbe15301702e11bea0577e08cae022b3
-
Filesize
1KB
MD522edca36a930456801537af1eda85aa6
SHA156fed462a3afcc2fbc2806f6525c624208d7fea3
SHA256b1de09f459984591ea0197e3afa7a990a7e0a2dbd81a4591793cdd5bad83bc59
SHA512537f40d14e2e30bf1ea85127c1498c6ef7ad6c25c8df698c9062d427c17f4ae9f3189c0ca9d9ca8f6862311cead46df55461c995c3681303ae6e0a7782218555
-
Filesize
9KB
MD51d1d46a73b4736097cdf0e14a3a0a57b
SHA13a273bb5c9abded249ccae478ad3acf471cbd571
SHA256a8cab7ad42aea10ac3c18a3c56c6312889a3d043a65aeb890b650047176f9b43
SHA512da9abab2ac29d0219cbf2977f5227a37e61f905cf174b4343ee99a4db47b58a46c86d17eef4111c70fb6074f1be72c4eda2ef3caa3d375ecc3c8c6a65377485d
-
Filesize
8KB
MD5b3112e9f09c693ee3426107b69fd3b8a
SHA16bea3c737423b867c686ccb569bb76c89f635e24
SHA25690c20eb6fae0f1e310493103487c60d396aef482144d796137c4fb2524b4daa7
SHA51248223c6ea55ed5e5eeb0bd64efc28017e13f18933c20b2775f205ac1c9f54d5a3cc24be264df6ccfd5f799a57cab88285eaec4b40deea95ae81bebd0166fc204
-
Filesize
9KB
MD593f0426b35e7841dccb0f54dbdac7b5e
SHA13a0c759d97de30a0086745518c38f9373e31b964
SHA256335663014216b861a9c77afe6021019626b33227bf3254f5c1e4abf2937aa862
SHA512fe8bf81d740ca897435e9d195d84572c8e2b556b1c2f948678487b93114f81c6cac7dd9a5b0f3768c75b2ec6192aab302ebdb534ee6269416fdd7a93a4c4e086
-
Filesize
9KB
MD5318175ba7c019793c8b39fba362a1cbd
SHA11a05807302c242ddc9989596011031acccf52460
SHA2567e80924fe19b03afd54e8bdda9f67c75a25aedcad3194dbda100b0db0d104f5d
SHA5124224f6bf3e834aeabc8bc7d1f1154c892b84ba61045ee49b55bb879748b71275b65121db463798089726d59f638ba1b26aa00beee3967a8f5421a4619731b8ab
-
Filesize
9KB
MD54baea55914ac27edb663eacfd38a6070
SHA1324494a7ffff70ed21a5a7f4d4d226993a2ecbb9
SHA2563a2b55a4a4b7a275b64822e3902c798257b1c91239c62dd2c22fc6e61abafbaa
SHA512e1de46d692e518dc95f3bfc32b7bae2c3223f7a01a6c1d65018b148fb0be1837928331ae4b66b2321570e8d8b73dadef2d78c77a2ae83a0921b0229af5c946bf
-
Filesize
9KB
MD546c034ec3a1848ef12e9e28e8507d7d5
SHA13626b5ed462e07456c31485ef041e9afaae15242
SHA2565e0e393ec49d2c9de8d8f4f3b2696e59d7495c5db49f5ff00cdd8f1894d82f41
SHA512d5a24cf14766da3f55bd07046119d65143a55da368279d705e8d4b622e25775a4f309c6b75f669e8babee438fe8f65ec4b3da8b9655213c7f948f9c651b0a49a
-
Filesize
8KB
MD5c86f16f541425fd31055d884f4c88c32
SHA12b185b4db06b5287ad7e1d18a6c1918ca48f02d5
SHA25643123bcfe69a1244ea37cd2367d8490be3c0c4b3d61576c13aeb46f410f0410d
SHA5123c81e9208e002a1dbd160e9464344671f021a50643f6a8cc4ab4908dbbd799fe9a5ca9affc2d6402412b283e2a42849851862d54b6c713e1abbcc54887d028de
-
Filesize
1KB
MD5ff8d375923cbed3182e7ecde7c469d55
SHA14a07f9e53d6f8694117eb2a8d4d506d3c63f66ff
SHA2566ebae0b653ae3585e2256722c1b2c051db6f9e327ef76e0afeaf705fadd831ec
SHA512789e43c1e82ca60d63e4e856d7b788243028bf9dc83212f2159fc318be2647c26cf70a8983a5b36ae7214591c77c86ffccc5429810605dc66fcca5a65d4f3ab7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a59a2a94795c2a94b98a0b0a57adc979
SHA16d0c40d53e47f0d7621f1a6fb3aa5e21e59d1d79
SHA256e7040e2025fc5a475d6e3ae5d93a3bbbb6ca2451b85eab6a92ada971ac220ddf
SHA5122ff2606d9b388c7e856ff9d6d9cd866976de2359f3d1e98d2db8184084998a2da356c6cb611dc517eccdf520b32de77dc30ef97e52f93ad3c3b9c6ff28b32d2a
-
Filesize
10KB
MD57ba447f7aab4e97c3500d0421fc5bfa3
SHA1012158ea3db39f2f64b885b30f1247e9dd2145b7
SHA2566efb1c6e06d6f0e79374ead9553c7066c02fc6a9b9fd9b91a013d23adba0f3ad
SHA512ace146ba93fa2c7faea045a9260ddd6e35c566cece7cb5cb37bf879c50f9e22bab2bff900c19b686e57043cc9a559120e229fcaa4994b887b035cce00b41d5e9
-
Filesize
11KB
MD5fa8e056332ff5e1567c7eee35609df92
SHA1f30004f88d6ab29873a54f944542ebe91272f263
SHA256358610d11b38cd3273c0b700d9a62afc57322c4cda1a9714dc0b284978ce88d6
SHA512edf8058a849750422d69ef1ef938a03e82d261698647d18d8bfcecc24d34023f3a04dc4c61725a249accdd33a88f6c801c73497504791cfa24a84b5f9b8a5a88
-
Filesize
11KB
MD52aced2c823a70b29032fd6d4fdc825b7
SHA1a0691eaa94a015de0b1fd58ac0a6d798f94595ae
SHA256bb0b8f2d1d4c0e7482a23927afb4c6f6b85e155ab034dfe8b9892bfd617887ba
SHA512566b341f85ec0de9113722017d328855c43bf4f8a039898df0173d1e3b2cdf0a7717d916e34ecc7433a91ee9ecbc4cf1fe46a18ec87c79682e7767f8ae4ea307
-
Filesize
10KB
MD5f9740a3be7d3a97bf82c97c0cca7a45a
SHA137b2931c232f9cf36fa1bd3c315a2a9b5bcda9de
SHA256a7407bd2aed7954be00ccc8dfe4ded4f3a3b76715452290a962190f5ae9c09c4
SHA5122f7eaf96e2ecbe11a38f86b01e1810499eb7f63fa100a80a9902f0b8f285a78faf826706a1b281bd51193827420e01f826bbae38518e7a1e5ade4882c0133ee9
-
C:\Users\Admin\AppData\Local\Temp\7zS4BC29AFA\.opera\Opera GX Installer Temp\opera_package_202411092055471\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
Filesize
6.5MB
MD5dcc0d15e77a7872758e65deb0bfc6745
SHA11efb89e143bf5edd34d46ae8370ecc13d4c3339f
SHA25687a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64
SHA5129cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778
-
Filesize
6.0MB
MD51b07ce60bc1c77f0cadf13c2e62b1383
SHA1ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d
SHA256e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f
SHA51294c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5fcedd740c2a38e69d633835a31bc206b
SHA13f0830431593e0d49ef4d96f76fd8ba38c204327
SHA256aff6dfc649a6a89865230e32d2351a35e1099a37ca09c18bdfe0644b777d4ddc
SHA512af1734231da80b4e704a9cde30eea7cdb393b224324b9dcbc47b77b6d3c3c9c290d10439ce34c15abed149ad5ce957a7d79f2fd807e5a462b9a7b5f4725ce850
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5e8daf75ee5c79b4a4ec2fcd7f11382e9
SHA16fded4d682dc9ea6758ffce50e488c220ac646ac
SHA2564e2a5a9a423203a73942c544fa10d7ce064056b1dcc913f059868983ad4f88de
SHA5122f960c808dd94cd7004137ffd29e362b94f22f1b96cf8fe9d5e16f4e90a88b6d7ac1546653fe86fb88ba27d00449a8e899f4bb3745bc64e8b7c64b86d5f317d9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD53eae28e014a5fb290789cd993039d171
SHA1f718bebb3225db006df06bd4da80fe878befb130
SHA256bf0785e134c29f78999b25a552bc734641ce56b69aa6669ffde531a9a0b6f5d9
SHA512478f9ced73a28fb70536cecc5bcc92de539c2afc90187fb95ea3b1de5e236eeaf7a61d0160ca63d1cb8ac7a58cc60ed1e6abe8bc1f5ca4622941c899a4b7674a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD59b267616bbe3a514e405b1b493490681
SHA1f42e1e78fae27c59531470a58d602fdb8146330c
SHA256e8b0278afa95b9ea6192106555f46b1df5f12d084b230c5c27a9c0e1594ed7e2
SHA5124cedb3df3293ea028df753b747a932dee4734db2ab4826621bc6d15833bb15ca7e018ecb149b33abc51fb6ca66269db7a468d80d2f8d0ff1925b613b0e25f42e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD56f0f6e8e64777367a2f856a861ad4a52
SHA1caaaeeb97c3efa49a22845bf71256f9000f61c6a
SHA256d603ac46ff60b6d792129ae4ba8973a0414d2d46abd98b98d179ed9deef064af
SHA512e4e1eb918647e230c26d33cb639dc8d66750228b8f094a9c2d29222d9fb5153ad553818d72c360546380d68af9a9c203c401d928b71fef10cca2c5b6d8f4de76
-
Filesize
40B
MD530650c90b06a4d4c4a78e27928459d62
SHA1c4e208b93d988d64962e9054da29d97e1056c9e8
SHA25658081749ea9d30e6da096eee68758b17b659b34bb6e9485256986ef03d7bfa15
SHA512e933089f7dcb072f64283ff22aecedae3c8d162943c0228505fb83e88c48828e41becd1a5882f62c04a83c5a256c3debb29c501ffc9bdaa1e7eb727833c10737
-
Filesize
3.2MB
MD59c747dc0b9b6d0abc09b7e35d531d020
SHA17393781987d34c12fee2126e5314f4809fefdbe6
SHA256c41e70cecf5ac7e4e7f55db2a1b2cd426fbadaa141376bfcc1f8c9727791259e
SHA5128d57aefe0b29f21f4ea6874e64c6eb9e08ccd83222baa4338591b54cbeebc7fb4bb0ca56bc359ad211c4e33e2b83c22f7fc6c72d621596fcbcab2f7518eac276
-
Filesize
3.2MB
MD5826544c9d1a161814833fe24e9bb7975
SHA1b94aa7b148e09d45600f4aaf06300ee79657cdcb
SHA256cc6709a5617c090987d5baaf157c68793b3dde44f90c7c5308df45a57e86d764
SHA512dd9b267edd5a2269ff167f2bef41fc41a662237b9fdc99df039b095f60837227ff6a5b68279a7376cdf18441a7eec39f9c1a44fa875d558b2f28afa08e1d7de6
-
Filesize
18.6MB
MD5b464744ab9c9ebd75169f1c8639e432a
SHA1ce83cff14a367c1fc88fdf1b9aa3df2e64549d85
SHA25608975e2665243e02ad55dd53892d907554b297bc19ba2e4d11334eb67b45f3a6
SHA51237f4cd8560b480126ca38135cdac10d28e56f36ba42583b8cfbdaf6555bc656a2448c67fc715b2337e1db07d4d87ec9336e7f7ab5418bf2bb4f9a0206817beaf