Analysis Overview
SHA256
af4fc7a1f4d6ebea7eeb15f584e84af31b5c0b15c53dafacf1d069731963b1c4
Threat Level: Likely malicious
The file antA_bump.jpeg was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
A potential corporate email address has been identified in the URL: [email protected]
Reads user/profile data of web browsers
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:37
Reported
2024-11-13 21:42
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\antA_bump.jpg
Network
Files
memory/2988-0-0x0000000000310000-0x0000000000311000-memory.dmp
memory/2988-1-0x0000000000310000-0x0000000000311000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 21:37
Reported
2024-11-13 21:40
Platform
win10v2004-20241007-en
Max time kernel
162s
Max time network
166s
Command Line
Signatures
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ExLoader_Installer (1).exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\neuronet.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\star-border.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow_alternative.webp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\discord.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\users.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow.webp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-synch-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\farmbot.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\description-blank.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\rules.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\permission_handler_windows_plugin.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\Fortnite_press.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\mask.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\tick.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\Steam_press.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\gamepad.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\plug.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\user.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\folder.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-console-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\Standard_hover.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Fallguys_v2.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\check_circle.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_second.png | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-utility-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\msvcp140_1.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\NOTICES.Z | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\shrimp.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sort-ascending.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\thumb-up.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\translate.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-datetime-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-processthreads-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\puffer-fish.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\TastyFoodDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Warcraft.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\complain.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\ExLoader.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\grain.png | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-console-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\steam.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Bold.otf | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-process-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\libmpv-2.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\SpaceDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\food.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\icecream.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\library.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\star.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\checkmark.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search-alternative.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sun.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chevron-down.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 285152.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 700696.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 505989.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\antA_bump.jpg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe64d846f8,0x7ffe64d84708,0x7ffe64d84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe64d846f8,0x7ffe64d84708,0x7ffe64d84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10383249821745054191,4565428037082247930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,10383249821745054191,4565428037082247930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7472 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe --server-tracking-blob=ZmU0MGU2MmY3NzQ3NGY0NzQzZmIxMzFkNWQ1NzIxMDI4ZWM4ODM3NGRiYjllYjQ4MTRhOTgwZTI0OGI5MWVjODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9TVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTAyZDg5NDhhY2I3NTRlZTk4MzM5N2IxMmEyYjE3ZDQ3Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9MDJkODk0OGFjYjc1NGVlOTgzMzk3YjEyYTJiMTdkNDcmZGxfdG9rZW49Njc0MjM2OTYiLCJ0aW1lc3RhbXAiOiIxNzMxNTMzOTExLjUzNzIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9TVlJfT09NIiwiaWQiOiIwMmQ4OTQ4YWNiNzU0ZWU5ODMzOTdiMTJhMmIxN2Q0NyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI5ODdmOTIzYi1kM2NiLTQ1MmQtYmFlZC1hN2M3YWQ4Zjg3YzQifQ==
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x330,0x334,0x338,0x308,0x33c,0x74e08c5c,0x74e08c68,0x74e08c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe --server-tracking-blob=ZmU0MGU2MmY3NzQ3NGY0NzQzZmIxMzFkNWQ1NzIxMDI4ZWM4ODM3NGRiYjllYjQ4MTRhOTgwZTI0OGI5MWVjODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9TVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTAyZDg5NDhhY2I3NTRlZTk4MzM5N2IxMmEyYjE3ZDQ3Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9MDJkODk0OGFjYjc1NGVlOTgzMzk3YjEyYTJiMTdkNDcmZGxfdG9rZW49Njc0MjM2OTYiLCJ0aW1lc3RhbXAiOiIxNzMxNTMzOTExLjUzNzIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9TVlJfT09NIiwiaWQiOiIwMmQ4OTQ4YWNiNzU0ZWU5ODMzOTdiMTJhMmIxN2Q0NyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI5ODdmOTIzYi1kM2NiLTQ1MmQtYmFlZC1hN2M3YWQ4Zjg3YzQifQ==
C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCD99C088\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x72658c5c,0x72658c68,0x72658c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1616 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241113213852" --session-guid=80cc1822-dcd4-4b3d-be5f-dd2b73b22ff8 --server-tracking-blob=MmUyYWY1YzU5MmE3NWY5NmJlODVmNDIwZmY4ZTNiNDNkM2QwMzljYmNmNjM2NTVlYjkzOWU0ZDYxMmJhZGE3Mjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9TVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTAyZDg5NDhhY2I3NTRlZTk4MzM5N2IxMmEyYjE3ZDQ3Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9MDJkODk0OGFjYjc1NGVlOTgzMzk3YjEyYTJiMTdkNDcmZGxfdG9rZW49Njc0MjM2OTYiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MzE1MzM5MTEuNTM3MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1NWUl9PT00iLCJpZCI6IjAyZDg5NDhhY2I3NTRlZTk4MzM5N2IxMmEyYjE3ZDQ3IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6Ijk4N2Y5MjNiLWQzY2ItNDUyZC1iYWVkLWE3YzdhZDhmODdjNCJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=2009000000000000
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x72658c5c,0x72658c68,0x72658c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x1064f48,0x1064f58,0x1064f64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6556 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,5116189779680923017,8756628067402995587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Users\Admin\Downloads\ExLoader_Installer (1).exe
"C:\Users\Admin\Downloads\ExLoader_Installer (1).exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38a1055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 88.221.135.43:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.135.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.185:443 | th.bing.com | tcp |
| GB | 88.221.135.35:443 | r.bing.com | tcp |
| GB | 88.221.135.35:443 | r.bing.com | tcp |
| GB | 95.101.143.185:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 185.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.exloader.net | udp |
| US | 172.67.22.232:443 | en.exloader.net | tcp |
| US | 172.67.22.232:443 | en.exloader.net | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.22.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.exloader.net | udp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.22.232:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.179.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | devtools.azureedge.net | udp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 142.251.32.99:443 | csi.gstatic.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | exloader.net | udp |
| US | 8.8.8.8:53 | 99.32.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get-gx.com | udp |
| US | 18.235.247.136:443 | get-gx.com | tcp |
| US | 18.235.247.136:443 | get-gx.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.196.165.29:443 | www.opera.com | tcp |
| DE | 18.196.165.29:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 136.247.235.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.187.238:443 | www.googleoptimize.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 29.165.196.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| DE | 18.196.165.29:443 | www.opera.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.76.194.173.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.googleoptimize.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.200.34:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 82.145.216.19:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.94:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.216.145.82.in-addr.arpa | udp |
| GB | 95.101.143.176:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 176.143.101.95.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.29.239:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | 239.28.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 172.67.69.226:443 | ipapi.co | tcp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 104.16.132.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | 226.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
\??\pipe\LOCAL\crashpad_4824_HAZBIXAFRPHXTMRI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c689304ec17ad623c66ea8f80052ac99 |
| SHA1 | 852d713f1cf819bf98e975e853e9193b805448bb |
| SHA256 | 6aa9b0c780682a6af58182d9abd149cf437a96e3f8fec209093eeed6f5d9b8c3 |
| SHA512 | 5526c9073e5f9926293b17fd178ea2d1e3d61a4a8a6ffcf3a417daaf9a87a66abdcdc3f5afc6dc83fa53eb63f386d9eb8e89f5f4b25d3582c9370600b236fdec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6973ecc72fc575efe7cedaab60e0a5de |
| SHA1 | 49b15b644fdbdb86990627fd972e6635fb42e8a7 |
| SHA256 | b6a0012874c83a02f5cfbd504bda1a192735599c232c3ab74a9f844c6bb69f7b |
| SHA512 | 7a1ccc973a843123230dd468957ab25c0ffb67e485760ef3048f9ce1d997b6488f0cf1d072138ac99c683f98b5c1099c132be2d7e399a355494b62083f0d5eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1020f410dae98ab94b1d69fa525bbb32 |
| SHA1 | b3dd90a9fd18aa6953425129692ac3e28153b03e |
| SHA256 | 9b23d85592a666f139318891c2cde5a7b34944a10407f74a22b6f019384641eb |
| SHA512 | 3a50dbe6b31ea08dc70102ffe539557c581025dd3ebc3e22a92a63ffd1db757ae6d360f6f36f812a6c2a0d9a25e6ba5245f3e839ecfa3520a17ad5548df49e7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de4d45f97adf7b3e8d6710d01f91948e |
| SHA1 | ddc36a3ca77f772a448e974b29f8da92aa88c47b |
| SHA256 | ad34a783243366bc1b65d0b36e5824e20068f4b03b8cd7c9dfad7c4c8888ca1c |
| SHA512 | d93bdcd728aaaaa73a0a79b3750b781d34abc04daa87c0f33fcae7c6dc8b9669947140d5a6b092e6331f7ff51308a83648b3b97e0eb1b46791885052a51dc046 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 445d7ca13d334a0838cff9d6905c1790 |
| SHA1 | 5747ad731326797179dac0f4770e09c36a8aa248 |
| SHA256 | ac47705cb831ecb13f1c94a76fe667e40af99a5ff58ab9e50a1846ec84ec3b37 |
| SHA512 | 096f26d1d0cfaca0faeb975c62fd0b820215905a01194f96853d3f050b0c33b1b30c96a006e3eeb2924acf939d8713df98e1a3c0e1d1d9a9a9096a0be421bb6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eee5b5828c1df29994994b58836fb00d |
| SHA1 | 8f3fc39f669b2a22c90b40e449dc3024f61651f2 |
| SHA256 | b9459f2804548bf844743029f6661636b826a4427bc896e2f72be47d8a59b25b |
| SHA512 | 39bf15537d9866f32869263ef05622f91de8964e79fd26d0dd3b65bb275fc38a3b8b7d5881d4b42ce841f508e813ff5ba2835c932d151722c7aab512d259d91a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | afbca65c5a3edec0352c7eb59a42b193 |
| SHA1 | 83147bd37303f55cbea3657afbaa4bfd8702c0a0 |
| SHA256 | 45e839881cd5753524ce1ddcc359099d90cf1953b8aeb6b3a03598077dad66e3 |
| SHA512 | b939c4709389f56ba5e80e59669c43db95e3c6b263e75c0082a437280cae4d426456a71c27302b11acd8a4de2333dec13e2bbd9444233203666833bf20ce4077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c23.TMP
| MD5 | c6702b6a82aee5b6c02112220e8db13d |
| SHA1 | a4a6d02c66c4264d84d1fa1e04b23472769e5fed |
| SHA256 | 08a24b5871c6dccf9ec6e590e730a8289cd753faf1c62b9bb5814e79ad3f37fe |
| SHA512 | fd1981a00e0cedd869b68b007ff3f7929657a12c258188e6b10c6f3ef79262bf13129b8fca6176790c8d117d8d550fe88514e214ca1c3fe7f89223e63a734a87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8ea5812f4828bc587915216eb884a8b |
| SHA1 | e98a7d2c089db3546e3cb057e8cd17b7733778db |
| SHA256 | 8d3e1026f856df8ab1cdfa4d8e692f0fdc7553f01f2a0b9f6e7971b350e1313e |
| SHA512 | 15caa089977ab2a267fcc1e00bcf5bf2b8fb7c300cdfd172d41fa2fae0cf61e0aaf2f247f84d1d35d14ba91e85d0f31bde9fe218a2010ca1a932f22e2b8d11db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20563f2da4cb145028f39d604ab08632 |
| SHA1 | 581a66a09c0c6c5dec06637f98940edcf657746b |
| SHA256 | 4e529e9e06ced7a5dbe4cc03db6dfd73cc349a5371afda6c4aff72ed6f10f836 |
| SHA512 | bd4c8f18e5b03643c7bd4d9331039144f914343ad41adda4f1776444e2e07d41367d19e909192a8386d1eaa12c740a429ed4af1522a9e2d973a38c13f3549200 |
C:\Users\Admin\Downloads\OperaGXSetup.exe
| MD5 | ddbf01732ce62e17891142dedbfded8d |
| SHA1 | 7f2a890bd24ec02b163901c6d58f971e435aa646 |
| SHA256 | e9d345b551117260b59e9a654ae5dcef6d9807316ee61d7eb517178b1664d17d |
| SHA512 | 84ffe6a26024b53f41a56c74de950f77a81dbe2e0246b9e02d25cc2eb5c267dbda7b015a5a9945af16f26c8a5761dd023edce39cd46decdeee5b359f13ef33b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba7a587c06d0505f15ceb87ed32b1b8e |
| SHA1 | d58c0cd24c0e06b798882c8934dab7407d1b4905 |
| SHA256 | e79036a8b7fa41ab992748c5d72c35176615ea9efa6593c83d56b004e6bdb12e |
| SHA512 | 44bff63f1d90edf3953783f91c50d5c420a8298bd624379871ee16585daabf06bf5637d893e7d5ccaf96b84d3ed51d62866e35979da8b235c29937000fea9c82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 76585502c8b64174885c5bbb2d680b2b |
| SHA1 | cba10c35a6b62c0b69b84b1e7ce629a95243caa4 |
| SHA256 | 5c3dca738bed6df6c8a76859be825a73e691f90ecbf715c3b18d5e7eac869dd7 |
| SHA512 | ecc421fdd3ea9ec4505dbc0b9f851be9cb0362ac71e340c4664c9b1bfc4d7182b44fc90b0c69cfef68e86a097ae38bc77e53f5adb11f3c3ce05624ee551edad4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b205.TMP
| MD5 | cf27122d7ff879150468d79b43acb4c6 |
| SHA1 | 56c0135a1b83fe7bcda73bc5ab5fad262af850c9 |
| SHA256 | 8aceaee83179addd2b36564b90c9587dae4c3000cdd8c9ace427378d3d1a8244 |
| SHA512 | b6be06869cf00bea8b4464ece7a952e52bb4085c3101e6851e70722d1ed6eb887652d95498a40f6c6682809253dcbd7ef387a196201cd8e38914ddb6eabebd68 |
C:\Users\Admin\AppData\Local\Temp\7zS835E1EE8\setup.exe
| MD5 | dcc0d15e77a7872758e65deb0bfc6745 |
| SHA1 | 1efb89e143bf5edd34d46ae8370ecc13d4c3339f |
| SHA256 | 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64 |
| SHA512 | 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411132138497941616.dll
| MD5 | 1b07ce60bc1c77f0cadf13c2e62b1383 |
| SHA1 | ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d |
| SHA256 | e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f |
| SHA512 | 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d9bf4df95663e90f73b095fac0c9b331 |
| SHA1 | d9ee9f0038a3e6c84ae462f70f0e765ab766fdf3 |
| SHA256 | 33eee7f6e0ef2807fd2ec3155230d116e768e0b2aff5ef56553eb56bf52772ee |
| SHA512 | ba0469672b442106a086da7541e31b0ada7401c391c596ff494737a131ea6ff590222842e5c9a9d3d71f11b20e337e10a9e556a691fdb3757c4390d1d25dd5f2 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 3de5e6e447dff35a8f249e5c1ba8f4a3 |
| SHA1 | 284d10e268fb6ceb20967e27fccc337905c21479 |
| SHA256 | fd1cea1d6152ecd0d543bbb7310a22adae70dfa5b5a1e487afe9862e6e71cc97 |
| SHA512 | 2a5750f1ae0cfc2f75d8d18b69cfbeeea05abceb0932283ef6abbf267d6170bc02af1aae7b090b06a10cc4bbecae47c9e97716288f938d98adcf5051ae334c96 |
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck
| MD5 | c6894ed154a0b8e852ad30ee4ee840bf |
| SHA1 | 19e2b2269bb99cd29495a07274c427eb93dcbc86 |
| SHA256 | 62a270b29e926adc39f0daaa2f168b6efc02fe42ffc145f60aaf71fa2507aa86 |
| SHA512 | 3c3548874ce26856b2808557fb0517a36b837446fca1991322f569ecafc2f0a914ee6b45c6060494731217fb672dbffc74882aa751874ecba9c57b74c128a0d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64064ea9af17ca1cb23017c5fe544521 |
| SHA1 | 29740b3e5ce86b2559fd9d12a5c36c19ecfdd9f9 |
| SHA256 | 23afa095c086e28662b28b50600d26d51f6d76de4dd993e39eb93aa898fa8ba5 |
| SHA512 | 080b5c350af6a998227aa66d0d97900d2d6bf202ecf27ab279ab4f118c2a62c7b8bd54d22547e5d469ea784bc452e4045424f5e8c98746b04fae603ed1645fb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84b74254dda53df94d0a3719f9e1190f |
| SHA1 | 6fc63ef48956f375f641b463266f528261c7dc50 |
| SHA256 | 995022c91f9348e725f68a390aebaa8667654fba7124cdf77fa8bb75a783d838 |
| SHA512 | da49070cc166c37127f95cc58943117988c2dfc4dcb98b5b7bd5225fa41b7f47e42d6951e4b2ca93d6a37c153aee475b5c3361c29858afd599332ed8e43b1278 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c07bb1b20d4bc7736c5bf68470245903 |
| SHA1 | 97365f21264b9ef9f9814a177b4fc85d88a9d71d |
| SHA256 | 68e6954a6b5da867230048d129eccb76b675e9a6ee9f908e4a3b9e64614365ff |
| SHA512 | 5b5c11d117ac7e3dfbc23a3694adbe01835ed3c3e40656f57eaf8efa283f7349913ca4e6bdf24305bd3b38504dad5b4fed7c67ce9da5e9939087776ebab54f17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9cea608f939898677e79e208e452d9fa |
| SHA1 | 1d4114a77f0fbb4862184d2633458bb9d32bd85f |
| SHA256 | 3019991a1f8850c597d5f8c532ecb5c6a9133742055829eb71486ae7db503467 |
| SHA512 | ca4a34db9a950ab9e8b6c3af8ad655c5713a0943c6e30da06ac029a2cfbf81510418b2511451822ca9ced324193735d0567e3d56fc9d6863f081b50057d4bca5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132138521\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fbd706c6f1f66829c4cac9fe65aa3c77 |
| SHA1 | 23d2f6b7364d994de223fcfb0882c4f5f4bd109a |
| SHA256 | e79b0977793ac8750063857fa9b8bda18c87c921a551beb53b6d38f396390971 |
| SHA512 | e93de58bdf71a8bb0a5c163f28252c6d2c4c30553e0f8cefd558131961e6ea133920fd3afccd9a72835a23ef0c3afe681033a71f07a68316cfd91fb08f512c32 |
C:\Users\Admin\Downloads\Unconfirmed 505989.crdownload
| MD5 | 51d5e87ae7bc99d3acc39daa20b03431 |
| SHA1 | 7320a8cd779bd18f572422aa53b241fadeae6a34 |
| SHA256 | 07f61f7c87bdeacfe34388001489136c563f55891d1a7e4481048b0e26e888a4 |
| SHA512 | 273eb5f5c93df9885ce2bcdc35df234a1f99e13af7b904d7e9a257b5e75a9a38b95f2ee4bc27a4cb069718cde57804aea45cc79223b34aa211a3a5604189c7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4ca5b1259fd4358eddc789fcf367ec5 |
| SHA1 | 4eded91db977a30649a1ca4bcae400c030bbfd53 |
| SHA256 | 437ff7add143fd78792fcabadf938cc96b01c38b68d64fadd4c8c52973c04982 |
| SHA512 | 7b43d857ff157b061ec6880d3d18ea4cec075e39eaf81a2450883662b2aa6cd499bf0400520108985d5f9950d12b48020caf67a8ac745a2558b7bd9626eafcbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c9905d0f39002e88e71a769c80f9c73 |
| SHA1 | 260b0428d37fc8a34d23f36cbe107ec87bf80c34 |
| SHA256 | 736256ef5ffae22451173efe8929d9d60226794e7497df1ba536dfaa21fcd0a6 |
| SHA512 | 0aa7a41d224eda2af1dee53a5f4f9cee5822cec834711edf7ed3750e6ca5c8b5c5e48acbff28308dfe4fefe6476fe86528d40bb50c29cc80925e81a8d5ba524d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
| MD5 | b51f61c70894e92875d5530d0f553067 |
| SHA1 | 6cfe241ad503445443463faa5f869e0ec9cf0cb5 |
| SHA256 | 0cb547550924bc73727d60885a82df098ead1eddb37f39b32dd46eac8e83db27 |
| SHA512 | e8ed6fa9f10dbad7cd7e420aecf655079cb04d59229b8c014eec2cdae545de16566f8c784786dbb98e2c12f3f3bcdbba2d78445fed14807ec154bea0ce653ccc |
memory/2016-1536-0x000001835A210000-0x000001835A211000-memory.dmp
memory/2016-1540-0x000001835A220000-0x000001835A221000-memory.dmp
memory/2016-1538-0x000001835A2F0000-0x000001835B081000-memory.dmp
memory/2016-1537-0x000001835A2F0000-0x000001835B081000-memory.dmp
memory/2016-1539-0x000001835A2F0000-0x000001835B081000-memory.dmp
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json
| MD5 | 90de94dac203930a5b78859624c846fd |
| SHA1 | ecd72888fa9a686994a06b44640900247966a0c1 |
| SHA256 | 965a9cffa869bf0531cc12b7e3c453d0211d18996347676114271d0c2e9a1833 |
| SHA512 | abfa3adf18c573136d1fb51d70acdd0cdf09becb018f8f42fe2f3e260720a7c61774129191293a0d98a8ee3580cb64f947f0130b9d0b6b664662fa6b3735757e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4609f7187af657f4e13b333b88b19afd |
| SHA1 | 45f821d8a0802f990c07857b40000057ed25ce9d |
| SHA256 | 1767a1a0b4230bf6f71c6ed2e037e3f4b93ddd096c3d0984f6d39a24196c414b |
| SHA512 | fe07ba87744533458f126736276350bb1ce4c8c9b3f513b9ce0ddfc85e539ab572cdea4f6ba2d79134f887744f2d65432ba430e0d95faa560607b446fd307051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 441bccf5fbdeaf9dc9105362c0dd327e |
| SHA1 | 12a147df3a6277187aa3e85f3af054f147babd28 |
| SHA256 | ccc903f1c7809a2f39f8c37ef4889e218494497823114fa97f051e84178d19fb |
| SHA512 | 7dcf67503f63d52cc53eb26d0ea77e0f24d68c3d43740d7e063939d862392b5744193ba9ef1deabc14a2017f731fad57be7a09ab3c1c486975c525f7f1080913 |
C:\Program Files\ExLoader\ExLoader.zip
| MD5 | f8f5d8a48f0c2cab57db0ce48c44b320 |
| SHA1 | cc82c726e916a5f2a6dcdbeecef3fa4a0319ee42 |
| SHA256 | d8cc2d4e4e84e42f0724e0c5e63ec38381a2c40b87b699e2c55648a56e61588f |
| SHA512 | b412014a279ae9e61a70bf07c63789f2c90129fe7f75cb967cf7400a9d81c91ee75a4e91c1fd18972d6d1dcea7a9fe7544c7f5a105fcaac0d132b1c7a29eb316 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b3kbsa0e.3pt.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/408-1876-0x0000022B6D400000-0x0000022B6D422000-memory.dmp