Malware Analysis Report

2025-01-03 06:15

Sample ID 241121-3tapdaznbs
Target EXM_Premium_Tweaking_Utility_1.0_Cracked.bat
SHA256 6bba081474e42a3ce8713a0619664e069ba15e271d28cc134009af3f53c7bdd1
Tags
discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6bba081474e42a3ce8713a0619664e069ba15e271d28cc134009af3f53c7bdd1

Threat Level: Likely malicious

The file EXM_Premium_Tweaking_Utility_1.0_Cracked.bat was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies system certificate store

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 23:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 23:47

Reported

2024-11-21 23:49

Platform

win7-20240903-en

Max time kernel

108s

Max time network

109s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000d48b44ea768c3de861f3e3e153f7278c54105c8aae799118b0dda1ed230bba08000000000e800000000200002000000066b20da06b8149e42ecb7839c7d668150f9d9c2890ed2327358c76476814c3219000000003bc588e91394cd523ebd09bd81121f936fbf7069a7acbca2f4e322acaa4b6be3d581ae2e250f6c9b014623c4e5483366873eb3f5735b5018ab026c50b56ed57a4f160b65063280ceb1b0db91b2df7fb6c9844663fc302bb468f4d7cf256ef760a639da6d00ca37dea5033599db6b13369cd8f16d67d661d10099ddf4493c55673728380e09db3f8e701bdd7c0ce364f400000000bc4a69ac18bf821a7e26eeddaf05c6c4b31fb8928e217da69d361f123208e37c9d69eb8f45ab5d18abb9651992be5306d06447212366cafb66664e2b74035fa C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e215e05e3499b257aa6b3a1d7afd312bb84e9a18f5e86cd61a9373fc7cffc206000000000e800000000200002000000021df8234fd67e9aa514146aef36da5974118c549be778d8dda75742694fd1b792000000093703feac6f3afeccd0fd369b56ffbcfc00af123e4b8c741cd265ad47035017e40000000e4f62f50637e46c8f1123fb344c395f3601d6285a65bb6e6753fd8234404e2f1db1123111e715a8cdbd4f3736fb2d32b03026d53c578d24975ddaf2e964575e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{094A5DC1-A863-11EF-8B05-6E295C7D81A3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438394748" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05f3be26f3cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.upload.ee udp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
IE 3.162.143.134:443 du0pud0sdlmzf.cloudfront.net tcp
NL 23.200.189.154:443 s7.addthis.com tcp
NL 23.200.189.154:443 s7.addthis.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab97A0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar989C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eba9b84e7afbb152c1a14487c0aa9032
SHA1 f7deecf93be861ba19778a6550328593f60e9d6e
SHA256 782de42951518e9732197e373943aae6cb50a0db4fc006194d778f17c9ba3384
SHA512 76a79f863c258649ae34f1bdbac3e33ac92baa30da1e5fbd94695ed5a86ad6ee498346dfbea88dbd062f21d6629899d32f9844bd991fdac9bb69f48368a596b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c24d9c2bce7438def9a588119ed0058
SHA1 d7823508dc5e2e0c443f3d2bfb31d365e2fab0b1
SHA256 a893b322455714c88b8ddda31b2ed33a89c45ddb34f43ba68fa92489f350d64d
SHA512 db8967ec953cdfdbc031b99da97907a6ca64df5278ffed82069a235df16f7d6546b2cba3606fcc67b8d9115c8e8f0aa646fd6bc6a845449c3f8d65c5af55ae63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10632575c958bd65b8537c988835745e
SHA1 9d547e50edf6068df33eff0999ee19d86114cfcb
SHA256 673b97d927026724983ea386bc668407db5dc218dfdcbbcceab8218da7d57736
SHA512 a8f886bc60b73840df1668ad608777bcc1be79e8afabafaefc02382cda525bce59d7f9bc74c41b85cc876ac112b14fe5773822878444ccb46975c16080b692d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 701ee9c41d8f6c173c548e5b47e3a0e2
SHA1 c5dc7af53e1873425f290a3cceed9aae725ee4c3
SHA256 7180f6f5d7fdede16c09052e848d0a573c27fe0114874264c338c5c6fc859daa
SHA512 eccf0c68fcf221f7a41b9b7b81765827c17f7835d3ec40266b45a40822665043844bc64bd933a27a6f452d7b368857f58999f3914331f74acfc58897696cef40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 758afcdbc2021deba89f407db059c5d2
SHA1 e3554092da859317b0d030ff7f71bddd197f9219
SHA256 345ef117d2df729034267442c5994578671ab0eb01446f6c6ee1cfa8792ccc7e
SHA512 8e56e04fbf377beb329bef39fd3bdcccb8614c36dec7584124502df24ef460f1ffd8e3e75d1a76f463a7b74f9d0286eb89ef5e7726197fdc7b6521e59ceab144

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee14c5060894fd763d98f2c0feb73b7b
SHA1 01cba101d3fd87cb41b2e0900f39f5f22235ec78
SHA256 0991a7c18715d7f326f491fb23c742c37a004995a0449d5cfdaec9620bc99cc9
SHA512 e98d5eca2084e2c2d85c52d9049c3045d209377be9b90bb8632f9da0a6786349dd97303816edba8deacb9a0d2b1c0e28ec4a29e711c7a5cc8df21b0965052ef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad029715e1f34c955d66146bf1602f6f
SHA1 68039e45667db978240bfdbc418bc4ba0af1a6b1
SHA256 ae38209838717bd1e75dee6e2d2ba4483372603556013e0e567c4516d3aad34f
SHA512 7a02bcb7e9580e6bed98dbddb70a70a93ce9da24aab8776716054bbee60dbd2f7fa6bf2e3148266a4758775e83c83a57e1445685290f9317c449473d61b68c9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 862b3b99d12ac8f12fbb5bd6a2d9dacf
SHA1 9458f9b073cad0af6d623dffe2bbf954c3de7f95
SHA256 c4178f48a8c790ebf77f5287cd469422de90efe42ea0bfd5da765343b935349d
SHA512 b618fdc4a82e99f06438c7d700208fd271011d729ed6c5f3eec24b8bcf4ca8917f8a90f14e10aa15a1e766cfb5aa93883059de109d7dd1ca0368d3b1bbbff0d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29023f45f1b2d84d39815e83e2f48577
SHA1 d7d2c32a60c12cb96b0d0e29b077478f723dbd76
SHA256 71eec6413127e4f4de0b615037c0116ed561981a0384d056e739807e7d48c467
SHA512 0de7f75f21a139d08f066e19e07121576dd2d300195acc092a4951062da3804b26c594c6659ae69243f67b944efacfbfd3457373b50c1a9ca5260f31d5110d41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbd2fc5fdda857d7deb6a234a22657b4
SHA1 a6d501effacc6b6b2a39096cc30557b767d2674a
SHA256 14743550cb576053c2bbf72b68497a08e5288fadb3f466cc8c33cbb6bf730bca
SHA512 eb53d1b101ae1717e0acf8a121a1adf927c1fcc3dcc097af67f13e3cbc6fc7374d7fc5411759b59cb3f49e6c1ca1a791fd004d7c07ac401ce7885febd8e93cdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c02d91c8f6c3b2886e04d49c9e393d11
SHA1 6ae4681662c5947a0e2e9fad7677ef2ad3a4813e
SHA256 2534efb8bd668786cd8afc4ceeb7f41bcb3b9db31257fa4dfe7e6e2c14ce122b
SHA512 d176db978fb83212d36f7c8d43c0342f242fcd33d79117fca38364016b885f425b3feef5126cd5f254023a40a2d0554c25065d7f0533a45229d9b1fe895834c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 737be4e2c10ddb82c83e9ad7d43a74cb
SHA1 d6b07318fc448bba55ec7070b38cdf6261b4e876
SHA256 d7d6a6fb877cd895a97fd6990c862ac90765eef959ff2275bfb7c77d129b21bb
SHA512 df8f9951eeaf9818a77ae605858a18a7a6b00d27624a53282b1ba8f3e4209f858c25c324670734eac627a71d89b6a1504e79823fde5801653a375acecd400b53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c3c6cfffe5434b7d4fbe1ba4d1f9550
SHA1 921b19d65dcde9b91be2c0e43e042a60288441b9
SHA256 e6ddb660a0274d0a2a833518579e80580767712ea39189d8a278874d8d9b96c0
SHA512 56d9b656f3eddc386db40c0f7a89e404ed0aa58cd19c798cb0d90512f23fdffb236debe3a40a0b1e1e174768ef1fc3ae75611d7878b728f4cad4228641f82fb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8c0311fcbfc0322ad44bbbadd69b60f
SHA1 4ea90866fa09fa5887627fc5cb75c7004a5f3eba
SHA256 48b051865a5db4b8901ecf768fe02b4095fbf31c486a35645fd07a8918e9d085
SHA512 69eab5f6891d98a1d1a8dcd268c764979a336876afbf0d4d326c51fc69c0a0581d8833298188292cc96db7825dd30cf45acdbc418c8097bdf42b856aca9c0ca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9021c8e675b54c123e744463c70a535
SHA1 36d501d6ca5deecd15953f87f9d1a646122db7c9
SHA256 cb1a880c43b70a88c0d86583070637418a0b9593a502900c3ff67c1f27dccddc
SHA512 38cc08a7ffd256fab2f0d14e4d0c4aa80b0eafda0d0862fcb6168831a3e8e82ababcad1e8cc72f9f2fee0de25a099b5822f508e9af80feb18155f13f9f94cd7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15c0f95259c3f5b3394b5b964dc8290a
SHA1 03bcf927d205e218307d326d29d78b08a0af020a
SHA256 3fea0b150ecc4cdedd81076f0805735baef6f5a380b073bc5937e3e4b741132d
SHA512 4d1871eb918a8f9e3e04d2fc93e181177417ec170fcd05e2681efe1c2810b5449dfb6895986a8300d4933ff1c7342e7561eaec76b318d81a3cc5971ad4e20c56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c771882ccb67bd9410daf3ee4260a0e
SHA1 6e4d9986b0a91e09ded41f0923815706ca5a6f9e
SHA256 7dca905b3dc471cd089fd96df13e8d3345e054f809ae8f8c4e94a97057cca8a7
SHA512 c5b4072efc70b78e2c6feaeb901815aec790a757f2b1c1b3761caacc56323dc8d066d0b51048a95934a720bc53e4aff2c26f040b95a0c6eb79a03f3d8a366c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2640bcb2dca10e5e7d1d41eed3fd30d
SHA1 286fbf772ee83dd459a09f6280606244df9a04c8
SHA256 8b03085aa41a9192db84bada302af0191149c0ae7eb5fa17850c1cfd0e779f18
SHA512 4be2d5950639b559887bc8cd00e95753bdaeeca410d8888afe08e2d4af27001eb247c5ae2eb53091d2f9b024dc1d73ae14176aa0a7d0aecf7a3a8468264d944c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 659158145193661d7651d3b16b96222d
SHA1 1807f4ea25145701eb9897c189339c31865128bb
SHA256 5918abf8b62e1b7cce6832815244773b57b6c40a3c5415e68c3039317c8d029f
SHA512 0d9c618e0fbc4798e30152302c2a97a485361f0c436f17075779fbad45b89e0781c45914adfa8579d844401d2f7396ff8ed70b5b2e4c564b2c757051f964c598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65a59ff7d2f328692cd95c7f6b7703ff
SHA1 a5987b23769bd484d01a90c18e0de799cd467ceb
SHA256 08ab93a96d1a0f803e7d11d0a39cae91d8e49c3689a17f1ae5cd25dabd597bcd
SHA512 810c8e76d3fd9570bf5347faefc9b37ba5717f943e6472f79c88c33f5e192fb70443b159804c4556234aeac0a5f6fd01bf73bc2371dde1a18028038335a88896

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9258024d7cde1eec9b6f5701061935f7
SHA1 248c98d2b75b312d9076c3d70e1f876229d3dfbd
SHA256 36be8218b50f2fab3a4446118453fecc7befc7ae5aefca183ad86e12db2cf9ea
SHA512 c621b2990a9e982ebd78fe3e8a9d760b2e27ade838f21b9d9aa20253b419cf03fb995253595450b01042f1df388d3741f9b9a8ea955fa6f715858458e403294b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e64fa1157d9c352eff5f322eda6746
SHA1 b08d4f6d0fd9e686aa90186574b08599376a692c
SHA256 00018ac33cf03d44b5f4370177510aa6cfeb8708e890a6c186058de54b013e00
SHA512 3caebad56f09d7b31f829a85c0ab6ab31cec7b01d64932c74a55d9f3d413b1a48eb80de6d810d1b8046bcf82a42e49cf4ccceb7887d798ab856863d8863c001f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31458eb8d28f806a663ce88bcd268391
SHA1 ef7dad8e53c907710c024a01d87c790847b8dabf
SHA256 f67d97e7bc1eaf40b42ac08607331d159f3e20fa7256fa6fc9893abf19646d23
SHA512 8850265a426cb8df1dabb61cf49c33ffc8bd6c1fc80cbccb9620f6a89d633539818b6ba4a68f2797f75c0e107d8ef691382fcb715c731206a0bc2097060dba61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 864969d8dd2819101b8b931abcd3afb6
SHA1 981b8d2cea874d1889b5c2915c669052c3d5cfbc
SHA256 95c91a3f3960137be3a1179ba94ab397cea6398a17a43f91951ec7431e708a83
SHA512 497d6f3c9d22643d7186b983cbe8dd0c45b73796c6bb8249ff0ecd92ff55fd256f2be0dc8e9b6205d152ba75f3917b59fe1617705f7982a792684eeb72495109

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d086629642997603748acb3ed90b83f4
SHA1 398abc3c4754dd8f6bacd8d1ccec7619e17b10d2
SHA256 889a8910855eba4eb7f84c330f6af46583f540c69873b35fdf912d4f18ad935c
SHA512 301dd2dd285c2305427baba071e8bd8f912d64df3962694d657673fa3e7a5f4e00fe31868ff4348b936bfd807675ef6fa07ef514effdbdbefde0f9354bde90f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 783d94587fa4ecd7495f9315ae96b7d1
SHA1 dc08af4e848a4dd3024c7de9cabd89a47849fa8d
SHA256 ae20b5f792b19920951da92a9e37fdbd38b0de299fbc3c4926b978179eed0eb3
SHA512 d48434e38ced847b94d1edcab0312dff39f2a4dcd92d5981fb2667a34e79b1a544a9c16cf0177fcce26a5267955c0b1ba2f16a74350403e63dd612a3b9ad2c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d9e1d552fbf56a60cf91b699deee02
SHA1 93c9e8400d7abf1199c961768352b02b221b2fe3
SHA256 8d955f7346aaff4b774b1ef0f333a80b54e06da5a04419e7b6b7581795df7773
SHA512 62cbe52841464c3a2f9a3d53fe4e543c12cfb8480a854c441d8d30ccda6a7bfcc056e7893046819f0f8e5c785c558af9a28a62bceafd18c976e8041b58bb534e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8e39aa9e4c4c1dffd2032f75f6ecad8
SHA1 cdb3c33fc753ed6e4da483514e0ef964f045e4d1
SHA256 883c054ae37bb823dc6b4f645f8f8eedff5d3bb05860ed9f98f7d25076673472
SHA512 e4453758ce08f9397505ae54e1ee824e2d9dc2be90f46718d89bb21049c7279add131315c7ed54ade6fdb35f9249c9d0b11742f4c8f003dd4fb7ac560e480e1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 202a0bb44473138e5d23540b5e1aba10
SHA1 f271b78af7d75446b279a968d131d53b434d2ccf
SHA256 317ff470e400e06a004f719ef2097f828449cfc3605f2739ac7090d2fdeb8ce7
SHA512 8e3696890095271829761d6679f7880bdc04d2a726d8bf5c156d1b0c0aaffbd890ba91b45fc1451da6045aed3f4d37394de8545626311441591298f0ff5450ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dddcf3c6be31bac5f0b88355648e98d
SHA1 018bd1158db5c6196a5e1f4a5d1e08402fe5efc5
SHA256 6fac130b5f3fdbb5d8faa16f818e01a039891ef107afeb0c590964756984f50d
SHA512 2f78c58a4a28043a9dae9796e1ea8b1c39d4f35841e4f7034535f71251364e3b9dda11dd5d9c39473dff035f93673d7d21bf9231faad32a444b266faa89e8455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff80a84c9be976160c3d9901faa03ca2
SHA1 55c494ccdf47ef3568f63032fb2b68fb1e8eb3d9
SHA256 73660994643963eab2de38eff8116c4f878cd6acfbc9cd1e04808ffc5220ff45
SHA512 16265578cbe21b98ffa96e1295e1a896f308b3420f764200c5affa6cfdfa8b5ed71ac07818dc2bfd20717e12409389c17d59f3c84e8cf1285c4f8dcf688c9f9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d275eb94221b1b95d2dbe3fb101784e
SHA1 16b9c7903a3dd4735c381f9da4a6f9db285af886
SHA256 c0afaf7a56bf62e09b832b4272c86dafa2f2c2d5edcc96aef356ec69c1a063b7
SHA512 61fea95b6f39dabcf9f9467630594ec5b043c2714b043b1c798e316b27a629f346768011d1fb518ec87b5cfaf328776ab785e5e95c153dc552084c017949a729

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 23:47

Reported

2024-11-21 23:50

Platform

win10v2004-20241007-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaSetup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 191492.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4100 wrote to memory of 1912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd914c46f8,0x7ffd914c4708,0x7ffd914c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x330,0x334,0x338,0x308,0x33c,0x746dfb14,0x746dfb20,0x746dfb2c

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7386fb14,0x7386fb20,0x7386fb2c

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9

C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71dcfb14,0x71dcfb20,0x71dcfb2c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5784 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241121234823" --session-guid=e2016c29-f223-45e7-8ebf-4c843c928297 --server-tracking-blob="MGNmMzcyNTU4ZmM3YWMyYTkwZjVkYzI2ZDk3NDE3ZjkwZGVjZWVkMzRlZWIxZTdjNGU3NTA2YmZkY2ZkMjkxNDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMjIzMjg5MS44MDQwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJwcmVtcHViIiwiY29udGVudCI6Ik1ERl9QQl8xNjQwOV8iLCJpZCI6IjFlNDU1YzYwLTVjMWEtNDVlNy05NjViLWRmODM5ZjE0ZDdjNiIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6InllcGFkcyJ9LCJ1dWlkIjoiYjkyMDExMTItMGM4Mi00YzE3LTgyZGYtZGE2Zjg2ZjMzZDJkIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=D008000000000000

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x334,0x338,0x33c,0x280,0x340,0x71dcfb14,0x71dcfb20,0x71dcfb2c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xe517a0,0xe517ac,0xe517b8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4cc 0x500

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\WatchUnblock.png" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
NL 23.200.189.154:443 s7.addthis.com tcp
NL 23.200.189.154:443 s7.addthis.com tcp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
IE 3.162.143.98:443 du0pud0sdlmzf.cloudfront.net tcp
IE 3.162.143.98:443 du0pud0sdlmzf.cloudfront.net tcp
US 8.8.8.8:53 102.39.129.57.in-addr.arpa udp
US 8.8.8.8:53 154.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 98.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 40.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.140.162.3.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 strangineersalyl.org udp
US 8.8.8.8:53 ndtheyeiedm.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 paintydevelela.org udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ukankingwithea.com udp
GB 18.164.68.122:443 paintydevelela.org tcp
GB 18.164.68.122:443 paintydevelela.org tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
IE 3.162.140.85:80 crt.rootg2.amazontrust.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 122.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.140.162.3.in-addr.arpa udp
GB 18.244.140.79:443 ghabovethec.info tcp
US 172.67.146.219:443 strangineersalyl.org tcp
US 172.67.146.219:443 strangineersalyl.org tcp
US 172.67.146.219:443 strangineersalyl.org tcp
US 172.67.146.219:443 strangineersalyl.org tcp
US 172.67.146.219:443 strangineersalyl.org tcp
US 8.8.8.8:53 getrunkhomuto.info udp
PT 3.160.132.62:443 ndtheyeiedm.info tcp
US 172.67.146.219:443 strangineersalyl.org tcp
GB 143.204.176.42:443 getrunkhomuto.info tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
PT 3.160.132.62:443 ndtheyeiedm.info tcp
US 8.8.8.8:53 79.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 219.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 190.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 62.132.160.3.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 primenetworkchain.com udp
DE 168.119.149.123:443 primenetworkchain.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 123.149.119.168.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 utll.techproductupdate.com udp
DE 18.198.9.59:443 utll.techproductupdate.com tcp
DE 18.198.9.59:443 utll.techproductupdate.com tcp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 59.9.198.18.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 autoupdate.opera.com udp
NL 82.145.216.46:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.opera.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 46.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.93:443 features.opera-api2.com tcp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 93.182.26.185.in-addr.arpa udp
NL 82.145.216.24:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.11.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 89.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_4100_QLUREUFAEQMAVQLX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af6770be1d5ab28a448c9745a6e62417
SHA1 fd9dbaaedd9bf49ea94d5920e3daa59419895ae3
SHA256 18d4ee48c2cd1b38bafb98fdd2c99dd2e9a70a6b9edd35eac4829ad4acb900e0
SHA512 76c633520abfff931a7e6c50f5d8739e20514cc1d6b0ebebc2eef18019e2076e02842bb5be41c94fb4e82a52d5a4bb4388d7a4ce706e2b4cab09d10718cc027f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f509e6e409e88fbff549de18f41a7a5
SHA1 1fa6522701112b0757239b4d7bfadbbac752229d
SHA256 2e8ecfacdae77b60ed042d9c62d3f867521d04d0e154df9ed7b5b3290f404aa2
SHA512 51e51fa18c8f6e548c79a6a9c7fcdb7a738af3e42a45589ee63b70088abd4c08d5edacf5e6ffa3cb328f9782018c201af38df4ad13e87c880ae79be30cc28a65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de609fc0b15795a46a6435daec534b5c
SHA1 c6e35c6674d99979d80c5a3d88c0de2b1f558d9a
SHA256 3f8ca011f756b194c85386eca2569a60d93c239054dead42fa99d025967d69fc
SHA512 4e4e3971eb16c5de4a833c0dc8f25fe24d842195da428fb0fc60567e52eff6718c13d18a99b4938827c906ac72e589c8e941e257a44938e73547c23059be1e0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\Downloads\OperaSetup.exe

MD5 49cb72afffa46597fc0e78dced3d3d2b
SHA1 12e9fb912016eddf94b10ff05f5d30b9031b9278
SHA256 4c1b9fa2ff780ac48c5f03484cfc1f8557241619e95278afa83db18d67c78e63
SHA512 bda5637ff3735727ef83cc212b03e24d7f8dbcb3238abc2366cc968dccf14977ae5f6aaa87556d51a1a21ad2caa670aa5f668933d9d9379b185a518b3a5dd0a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8130dc719fb83e1bbf199950585a5a5d
SHA1 f8157ef8f527b70e7ac9fde7a2d096cc9a3350aa
SHA256 057d097526eb2b5ada1e5d7634c999d34238caef6eeac315cdd2732858aa4300
SHA512 4ca516772316703a2e8c546f8bb562e1dc57f1281c1ae7e8849cd0a131e1e15ae2187f3bd0327357a367eae1998c48d0f19358e1a876705183bdf75e98b5e3e9

C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe

MD5 7e293ea90477b4293d42b35b9a7eefbc
SHA1 32d9c1e87d9f8cbecc4794a106b6baddbeb0fa82
SHA256 61325bf8db458c0f321b7d3e0a0b968313556e84cd74ef062b1ab8f4d37f1af3
SHA512 6966e8a5658455a561c891b0b0d0fa2158a98a06695c3f76794def1629317ed7f29ae1762c2564154c20c0fb3285196a791583761ee65c5f274838f5cd833e50

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411212348222025772.dll

MD5 90f1c76397815e9755e2c266f79c5a4b
SHA1 85f9e93c084ab61f6e4d7eacc9a00575bd48f191
SHA256 6bae4a4046069b92479a475da99b408a2fd767e921e43eebe2ceea0fa8b330c5
SHA512 6992facb8d0b658be74f243dba4af807dc45ae51dc310360e3de1ebdf1e6dc5c91cf1e39e19b8074ea74285f03969e32bd89411af9c41d794437a765d7ac2704

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 2fa22ab10f7d6262c65be11e5769c2a1
SHA1 8f9ae2836442a76fd6c3e76a4f083adcbfcd0e2c
SHA256 6cc61267d7fbf1234620e2e42adaf5b40ec2d7dc21c4f3f26d6a3b192f2eabc6
SHA512 e28014406fec8364f0db17e156e46b0e4712ab31e45326ec4338979d8b0cd2a81c103e6775baca1627b74c3a9c7fce4cb58eb6755ea24951366501ac7524616b

C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

MD5 50407f1d5931c1e7294519c8dd33de98
SHA1 222bf7898acfb0b13b7cf3854224e3789e410033
SHA256 a9bb8a000d4c40a0bf36db953af569425965683377b5ef44b9a18d34a74c4291
SHA512 c9eaaec6190b550f7bab2824952d83d83dc576616935f2fe2a4adea0553b8ce775a0572eb3ca88c00ae99fa75d2bab2d1a44eca084d5a55fbca66d4ee2f88954

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e363edbfb542c8862381ae51efa2fc3
SHA1 380ffb459608afd82bfdc208b6e68c8198dd268c
SHA256 5580f66e6996f799e0fff7ec17bb81c3e09a3c5e323916587f8b591d07d5c0c8
SHA512 f438d7a722b3f9af820daec1661ac4c85397f78f4455057f98f7fcaeb3812df6397e5306cda8018e4477eb618f2ec8c554ca286dae1e748bd572940a474195de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74a4b99adfc8708ae57b50d532157094
SHA1 067d035ad93940ad774c563aa4e95bd9ac83ef8d
SHA256 4f567294dd5bec9f208f48c0bf431cd10ad7afc5680b03fbbff14746b877e562
SHA512 9423f4ffbe1c174c8464870d414f2f4ec9fda12a5eab0420ba538b0436b0b1754128651ec9f1697de6f7ca8a7ab580a806605d9077faea72d2f9ef682977d02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

MD5 fa7f2f1296c981ddb4c2901a533033bc
SHA1 c97d36333cfe007810e41862ad3466b87c123cc3
SHA256 c996d8c8e94665d43c1cb881f3d381daaf4e1e6bbcb1f4a9b6ed9075bd34758a
SHA512 b56f8cac8349ebc56020ddc0418d87da32d49931cdecaa4b55f8d956edcee7d39d19af54564ab95075a11a962a2074aba6bd005ec054344dc36c16033d0dde22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

MD5 20b9c1d5e2b04a3007f1fbaa3cca9493
SHA1 dc51d648a1d66dd4f0ba3773b8081011552383f2
SHA256 46e94f971268a7e59407d09cf5f1d76dd4fe5a9357237e8b6496cf050151d9af
SHA512 67ee805624bfcefc9b58250ae533bfe0e393403711838341949b4734fec009d589b1635d6bebf2912ddc1dfd8a27b2596fdb62a3f32aec6a6f2d2443153d7512

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 c59fe2122c01472472b32153f9357db9
SHA1 ffd45432839790442f659390e16b2b4f96c066c5
SHA256 fbe269cbc7e81263ef32c8a3b320697dc8d0b9f90d72c13b7e74b482a640b71b
SHA512 51ae31fd5603d1b6038a3ed1134143bfb757372b8daf06f471d7ca5e54c4fb2bb27c4b257149861e5e3e841070f7d1bc7488bf3f799ea39c7daa7ec62fe5eb31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 c211417c34753d3f2f496fad20ba67d3
SHA1 863a4987e57055220f3670c1fd06f86f4f86ffb5
SHA256 66f8376f9c2b74e6f98463e40966fc2f059b8a68b5c592b3d19a580f0a5564ab
SHA512 89565e7122d9737357c04357432eda06ffb66e97e057053256a6644551e379da84aed258761caa21a6db963d4134068ccfeb56687245c726dc482cc0d2074213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 719182e07998ae9226d45680aa1fe178
SHA1 8f8b03c110c129cb3a35841ed959de7a7266ffec
SHA256 8f1d64c2c4dbb6ca892083e4b4a8bdb4585597e1269c218340c6b12517bb3dbe
SHA512 2df474f0ac4d1ef93b14deda32c5476da130bc41f37c0a5cd0c271c990914613c3c788116a4b87d44876695f71e5a131847fdf96d609364c06cb2f5ed6ce76a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 d880ed53a7a4d6f0641528d795124316
SHA1 a25d0269d0784b4c2600567bfdb595f654f697fd
SHA256 e53b0e3d52a300324996efc2ff9239e7fd44d95f07fcdf8a6d3c70dc60a8f07a
SHA512 0514e6a046fccceeefd2d372a1fd60cd170627006fa9fff483e1977e4950f64b0ab72837c8c52e7e2d83047f3229e52b43e82a142c3d4d486b278ed527f4f94e

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

MD5 be22df47dd4205f088dc18c1f4a308d3
SHA1 72acfd7d2461817450aabf2cf42874ab6019a1f7
SHA256 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8
SHA512 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe

MD5 3b103a9ba068fb4f932d272d19f5619f
SHA1 8270adf6a18d0101ce54afb77179d55a78a35fc7
SHA256 7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15
SHA512 83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 304059a5e55f0f76feb2952d0ac33459
SHA1 9b38b4e9ff487694a484807de318d1c759c18047
SHA256 1330faf9e6da3f81eccd28dbcaaa523e529a55e2534836038a02b739e1903061
SHA512 db3126359f42734629d5f87f7092ea3842f161bb9466adfa6f0c72912eeb71aecffc3f99f2038c32ee8be1933a7da5b37925e3406dbfe6faa0eb0094a5346f26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a3036f607e73de1b33053c447d4a6103
SHA1 560fe820008a8fdab18d433f6972aafb5bbaa5af
SHA256 346a1bb87733acf55f9817c3b1624da4ea162a26b680f9dece17654c6c548887
SHA512 cecc5362521ea727ae9b019d09e11e233cfde7b47e644361169100f225ea091e78f020eb3f7a885ba1f01a345e1cef71e95aeac50caf763f5259997d0aedf88e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab9a9aa075a0d55664619f4beecdfbd8
SHA1 01b656ddbc5bf7a76a7fbb29d03c135acdedbb08
SHA256 ff9e7d1991f95829ff253d3be8eedd5b7d05fc61d1fe0be44c716a261d102f1b
SHA512 7853472fab1e853ae6a3c75117d1bd0629ac736a6a35b39680eaca03d12a6c7f8a046a1aaefe8ef14d13f6c322bc03291b289f13351f33b8db1e1fc03cd69eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aeed4e2ef7313e05b30b0aa23624fd94
SHA1 623b0403b457f9dae9bc6d8e22a958d62764a6d6
SHA256 bd05134dc72f22558d3a6bfeee2f8a58e43cc702e858dbb9070a2feb69054c07
SHA512 7dd671327021fc769b50e7a23ff62d4f4a9b37595564e994cff27cbc69cdf24ef28ed7579099bd47e9ecb0e4db2e80b9fcf8d9be5c74647d74869dce714bc3f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9a7b99dd6c647abd48d273c80447d2f
SHA1 1f5e3e696046dba6f5cfa28f2bfd432d2649d793
SHA256 8bee6a1bac0fa9b360c457e9f2a1ec320a093bccf751c46a1cf997b24eb0828e
SHA512 04ef47a727f31ef252e1b224482f2a76497726c54b66d565178b169f0c219ae61fe1f6cd9441604498cc9602736c2bc403afb9f0e0f5434098ce2f62bde3e70d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cac3c6045b064b60caad633868eec553
SHA1 eccbe428aa57a2d4cd1495c10efc67de3f2b2328
SHA256 869cb4ee53d80c1330a68ccdc0937e94183bd2119a85511b5108c50401d8d1da
SHA512 51253c02336c6eede2b72463a96ab76483849dfb309463770749ec9e8f286380b09531eb32b7b93ce25dbb60f78c7493b7b51f69b8818cbe830364ebe21ca285

memory/3120-520-0x000001E6C1660000-0x000001E6C1670000-memory.dmp

memory/3120-516-0x000001E6C0D90000-0x000001E6C0DA0000-memory.dmp

memory/3120-527-0x000001E6C9920000-0x000001E6C9921000-memory.dmp

memory/3120-529-0x000001E6C99A0000-0x000001E6C99A1000-memory.dmp

memory/3120-531-0x000001E6C99A0000-0x000001E6C99A1000-memory.dmp

memory/3120-532-0x000001E6C9A30000-0x000001E6C9A31000-memory.dmp

memory/3120-533-0x000001E6C9A30000-0x000001E6C9A31000-memory.dmp

memory/3120-534-0x000001E6C9A40000-0x000001E6C9A41000-memory.dmp

memory/3120-535-0x000001E6C9A40000-0x000001E6C9A41000-memory.dmp