Analysis Overview
SHA256
6bba081474e42a3ce8713a0619664e069ba15e271d28cc134009af3f53c7bdd1
Threat Level: Likely malicious
The file EXM_Premium_Tweaking_Utility_1.0_Cracked.bat was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in System32 directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies system certificate store
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 23:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 23:47
Reported
2024-11-21 23:49
Platform
win7-20240903-en
Max time kernel
108s
Max time network
109s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000d48b44ea768c3de861f3e3e153f7278c54105c8aae799118b0dda1ed230bba08000000000e800000000200002000000066b20da06b8149e42ecb7839c7d668150f9d9c2890ed2327358c76476814c3219000000003bc588e91394cd523ebd09bd81121f936fbf7069a7acbca2f4e322acaa4b6be3d581ae2e250f6c9b014623c4e5483366873eb3f5735b5018ab026c50b56ed57a4f160b65063280ceb1b0db91b2df7fb6c9844663fc302bb468f4d7cf256ef760a639da6d00ca37dea5033599db6b13369cd8f16d67d661d10099ddf4493c55673728380e09db3f8e701bdd7c0ce364f400000000bc4a69ac18bf821a7e26eeddaf05c6c4b31fb8928e217da69d361f123208e37c9d69eb8f45ab5d18abb9651992be5306d06447212366cafb66664e2b74035fa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e215e05e3499b257aa6b3a1d7afd312bb84e9a18f5e86cd61a9373fc7cffc206000000000e800000000200002000000021df8234fd67e9aa514146aef36da5974118c549be778d8dda75742694fd1b792000000093703feac6f3afeccd0fd369b56ffbcfc00af123e4b8c741cd265ad47035017e40000000e4f62f50637e46c8f1123fb344c395f3601d6285a65bb6e6753fd8234404e2f1db1123111e715a8cdbd4f3736fb2d32b03026d53c578d24975ddaf2e964575e3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{094A5DC1-A863-11EF-8B05-6E295C7D81A3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438394748" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05f3be26f3cdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| IE | 3.162.143.134:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| NL | 23.200.189.154:443 | s7.addthis.com | tcp |
| NL | 23.200.189.154:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab97A0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar989C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba9b84e7afbb152c1a14487c0aa9032 |
| SHA1 | f7deecf93be861ba19778a6550328593f60e9d6e |
| SHA256 | 782de42951518e9732197e373943aae6cb50a0db4fc006194d778f17c9ba3384 |
| SHA512 | 76a79f863c258649ae34f1bdbac3e33ac92baa30da1e5fbd94695ed5a86ad6ee498346dfbea88dbd062f21d6629899d32f9844bd991fdac9bb69f48368a596b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c24d9c2bce7438def9a588119ed0058 |
| SHA1 | d7823508dc5e2e0c443f3d2bfb31d365e2fab0b1 |
| SHA256 | a893b322455714c88b8ddda31b2ed33a89c45ddb34f43ba68fa92489f350d64d |
| SHA512 | db8967ec953cdfdbc031b99da97907a6ca64df5278ffed82069a235df16f7d6546b2cba3606fcc67b8d9115c8e8f0aa646fd6bc6a845449c3f8d65c5af55ae63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10632575c958bd65b8537c988835745e |
| SHA1 | 9d547e50edf6068df33eff0999ee19d86114cfcb |
| SHA256 | 673b97d927026724983ea386bc668407db5dc218dfdcbbcceab8218da7d57736 |
| SHA512 | a8f886bc60b73840df1668ad608777bcc1be79e8afabafaefc02382cda525bce59d7f9bc74c41b85cc876ac112b14fe5773822878444ccb46975c16080b692d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 701ee9c41d8f6c173c548e5b47e3a0e2 |
| SHA1 | c5dc7af53e1873425f290a3cceed9aae725ee4c3 |
| SHA256 | 7180f6f5d7fdede16c09052e848d0a573c27fe0114874264c338c5c6fc859daa |
| SHA512 | eccf0c68fcf221f7a41b9b7b81765827c17f7835d3ec40266b45a40822665043844bc64bd933a27a6f452d7b368857f58999f3914331f74acfc58897696cef40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 758afcdbc2021deba89f407db059c5d2 |
| SHA1 | e3554092da859317b0d030ff7f71bddd197f9219 |
| SHA256 | 345ef117d2df729034267442c5994578671ab0eb01446f6c6ee1cfa8792ccc7e |
| SHA512 | 8e56e04fbf377beb329bef39fd3bdcccb8614c36dec7584124502df24ef460f1ffd8e3e75d1a76f463a7b74f9d0286eb89ef5e7726197fdc7b6521e59ceab144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee14c5060894fd763d98f2c0feb73b7b |
| SHA1 | 01cba101d3fd87cb41b2e0900f39f5f22235ec78 |
| SHA256 | 0991a7c18715d7f326f491fb23c742c37a004995a0449d5cfdaec9620bc99cc9 |
| SHA512 | e98d5eca2084e2c2d85c52d9049c3045d209377be9b90bb8632f9da0a6786349dd97303816edba8deacb9a0d2b1c0e28ec4a29e711c7a5cc8df21b0965052ef8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad029715e1f34c955d66146bf1602f6f |
| SHA1 | 68039e45667db978240bfdbc418bc4ba0af1a6b1 |
| SHA256 | ae38209838717bd1e75dee6e2d2ba4483372603556013e0e567c4516d3aad34f |
| SHA512 | 7a02bcb7e9580e6bed98dbddb70a70a93ce9da24aab8776716054bbee60dbd2f7fa6bf2e3148266a4758775e83c83a57e1445685290f9317c449473d61b68c9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 862b3b99d12ac8f12fbb5bd6a2d9dacf |
| SHA1 | 9458f9b073cad0af6d623dffe2bbf954c3de7f95 |
| SHA256 | c4178f48a8c790ebf77f5287cd469422de90efe42ea0bfd5da765343b935349d |
| SHA512 | b618fdc4a82e99f06438c7d700208fd271011d729ed6c5f3eec24b8bcf4ca8917f8a90f14e10aa15a1e766cfb5aa93883059de109d7dd1ca0368d3b1bbbff0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29023f45f1b2d84d39815e83e2f48577 |
| SHA1 | d7d2c32a60c12cb96b0d0e29b077478f723dbd76 |
| SHA256 | 71eec6413127e4f4de0b615037c0116ed561981a0384d056e739807e7d48c467 |
| SHA512 | 0de7f75f21a139d08f066e19e07121576dd2d300195acc092a4951062da3804b26c594c6659ae69243f67b944efacfbfd3457373b50c1a9ca5260f31d5110d41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbd2fc5fdda857d7deb6a234a22657b4 |
| SHA1 | a6d501effacc6b6b2a39096cc30557b767d2674a |
| SHA256 | 14743550cb576053c2bbf72b68497a08e5288fadb3f466cc8c33cbb6bf730bca |
| SHA512 | eb53d1b101ae1717e0acf8a121a1adf927c1fcc3dcc097af67f13e3cbc6fc7374d7fc5411759b59cb3f49e6c1ca1a791fd004d7c07ac401ce7885febd8e93cdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c02d91c8f6c3b2886e04d49c9e393d11 |
| SHA1 | 6ae4681662c5947a0e2e9fad7677ef2ad3a4813e |
| SHA256 | 2534efb8bd668786cd8afc4ceeb7f41bcb3b9db31257fa4dfe7e6e2c14ce122b |
| SHA512 | d176db978fb83212d36f7c8d43c0342f242fcd33d79117fca38364016b885f425b3feef5126cd5f254023a40a2d0554c25065d7f0533a45229d9b1fe895834c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 737be4e2c10ddb82c83e9ad7d43a74cb |
| SHA1 | d6b07318fc448bba55ec7070b38cdf6261b4e876 |
| SHA256 | d7d6a6fb877cd895a97fd6990c862ac90765eef959ff2275bfb7c77d129b21bb |
| SHA512 | df8f9951eeaf9818a77ae605858a18a7a6b00d27624a53282b1ba8f3e4209f858c25c324670734eac627a71d89b6a1504e79823fde5801653a375acecd400b53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c3c6cfffe5434b7d4fbe1ba4d1f9550 |
| SHA1 | 921b19d65dcde9b91be2c0e43e042a60288441b9 |
| SHA256 | e6ddb660a0274d0a2a833518579e80580767712ea39189d8a278874d8d9b96c0 |
| SHA512 | 56d9b656f3eddc386db40c0f7a89e404ed0aa58cd19c798cb0d90512f23fdffb236debe3a40a0b1e1e174768ef1fc3ae75611d7878b728f4cad4228641f82fb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8c0311fcbfc0322ad44bbbadd69b60f |
| SHA1 | 4ea90866fa09fa5887627fc5cb75c7004a5f3eba |
| SHA256 | 48b051865a5db4b8901ecf768fe02b4095fbf31c486a35645fd07a8918e9d085 |
| SHA512 | 69eab5f6891d98a1d1a8dcd268c764979a336876afbf0d4d326c51fc69c0a0581d8833298188292cc96db7825dd30cf45acdbc418c8097bdf42b856aca9c0ca4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9021c8e675b54c123e744463c70a535 |
| SHA1 | 36d501d6ca5deecd15953f87f9d1a646122db7c9 |
| SHA256 | cb1a880c43b70a88c0d86583070637418a0b9593a502900c3ff67c1f27dccddc |
| SHA512 | 38cc08a7ffd256fab2f0d14e4d0c4aa80b0eafda0d0862fcb6168831a3e8e82ababcad1e8cc72f9f2fee0de25a099b5822f508e9af80feb18155f13f9f94cd7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15c0f95259c3f5b3394b5b964dc8290a |
| SHA1 | 03bcf927d205e218307d326d29d78b08a0af020a |
| SHA256 | 3fea0b150ecc4cdedd81076f0805735baef6f5a380b073bc5937e3e4b741132d |
| SHA512 | 4d1871eb918a8f9e3e04d2fc93e181177417ec170fcd05e2681efe1c2810b5449dfb6895986a8300d4933ff1c7342e7561eaec76b318d81a3cc5971ad4e20c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c771882ccb67bd9410daf3ee4260a0e |
| SHA1 | 6e4d9986b0a91e09ded41f0923815706ca5a6f9e |
| SHA256 | 7dca905b3dc471cd089fd96df13e8d3345e054f809ae8f8c4e94a97057cca8a7 |
| SHA512 | c5b4072efc70b78e2c6feaeb901815aec790a757f2b1c1b3761caacc56323dc8d066d0b51048a95934a720bc53e4aff2c26f040b95a0c6eb79a03f3d8a366c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2640bcb2dca10e5e7d1d41eed3fd30d |
| SHA1 | 286fbf772ee83dd459a09f6280606244df9a04c8 |
| SHA256 | 8b03085aa41a9192db84bada302af0191149c0ae7eb5fa17850c1cfd0e779f18 |
| SHA512 | 4be2d5950639b559887bc8cd00e95753bdaeeca410d8888afe08e2d4af27001eb247c5ae2eb53091d2f9b024dc1d73ae14176aa0a7d0aecf7a3a8468264d944c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659158145193661d7651d3b16b96222d |
| SHA1 | 1807f4ea25145701eb9897c189339c31865128bb |
| SHA256 | 5918abf8b62e1b7cce6832815244773b57b6c40a3c5415e68c3039317c8d029f |
| SHA512 | 0d9c618e0fbc4798e30152302c2a97a485361f0c436f17075779fbad45b89e0781c45914adfa8579d844401d2f7396ff8ed70b5b2e4c564b2c757051f964c598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65a59ff7d2f328692cd95c7f6b7703ff |
| SHA1 | a5987b23769bd484d01a90c18e0de799cd467ceb |
| SHA256 | 08ab93a96d1a0f803e7d11d0a39cae91d8e49c3689a17f1ae5cd25dabd597bcd |
| SHA512 | 810c8e76d3fd9570bf5347faefc9b37ba5717f943e6472f79c88c33f5e192fb70443b159804c4556234aeac0a5f6fd01bf73bc2371dde1a18028038335a88896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9258024d7cde1eec9b6f5701061935f7 |
| SHA1 | 248c98d2b75b312d9076c3d70e1f876229d3dfbd |
| SHA256 | 36be8218b50f2fab3a4446118453fecc7befc7ae5aefca183ad86e12db2cf9ea |
| SHA512 | c621b2990a9e982ebd78fe3e8a9d760b2e27ade838f21b9d9aa20253b419cf03fb995253595450b01042f1df388d3741f9b9a8ea955fa6f715858458e403294b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07e64fa1157d9c352eff5f322eda6746 |
| SHA1 | b08d4f6d0fd9e686aa90186574b08599376a692c |
| SHA256 | 00018ac33cf03d44b5f4370177510aa6cfeb8708e890a6c186058de54b013e00 |
| SHA512 | 3caebad56f09d7b31f829a85c0ab6ab31cec7b01d64932c74a55d9f3d413b1a48eb80de6d810d1b8046bcf82a42e49cf4ccceb7887d798ab856863d8863c001f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31458eb8d28f806a663ce88bcd268391 |
| SHA1 | ef7dad8e53c907710c024a01d87c790847b8dabf |
| SHA256 | f67d97e7bc1eaf40b42ac08607331d159f3e20fa7256fa6fc9893abf19646d23 |
| SHA512 | 8850265a426cb8df1dabb61cf49c33ffc8bd6c1fc80cbccb9620f6a89d633539818b6ba4a68f2797f75c0e107d8ef691382fcb715c731206a0bc2097060dba61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 864969d8dd2819101b8b931abcd3afb6 |
| SHA1 | 981b8d2cea874d1889b5c2915c669052c3d5cfbc |
| SHA256 | 95c91a3f3960137be3a1179ba94ab397cea6398a17a43f91951ec7431e708a83 |
| SHA512 | 497d6f3c9d22643d7186b983cbe8dd0c45b73796c6bb8249ff0ecd92ff55fd256f2be0dc8e9b6205d152ba75f3917b59fe1617705f7982a792684eeb72495109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d086629642997603748acb3ed90b83f4 |
| SHA1 | 398abc3c4754dd8f6bacd8d1ccec7619e17b10d2 |
| SHA256 | 889a8910855eba4eb7f84c330f6af46583f540c69873b35fdf912d4f18ad935c |
| SHA512 | 301dd2dd285c2305427baba071e8bd8f912d64df3962694d657673fa3e7a5f4e00fe31868ff4348b936bfd807675ef6fa07ef514effdbdbefde0f9354bde90f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 783d94587fa4ecd7495f9315ae96b7d1 |
| SHA1 | dc08af4e848a4dd3024c7de9cabd89a47849fa8d |
| SHA256 | ae20b5f792b19920951da92a9e37fdbd38b0de299fbc3c4926b978179eed0eb3 |
| SHA512 | d48434e38ced847b94d1edcab0312dff39f2a4dcd92d5981fb2667a34e79b1a544a9c16cf0177fcce26a5267955c0b1ba2f16a74350403e63dd612a3b9ad2c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76d9e1d552fbf56a60cf91b699deee02 |
| SHA1 | 93c9e8400d7abf1199c961768352b02b221b2fe3 |
| SHA256 | 8d955f7346aaff4b774b1ef0f333a80b54e06da5a04419e7b6b7581795df7773 |
| SHA512 | 62cbe52841464c3a2f9a3d53fe4e543c12cfb8480a854c441d8d30ccda6a7bfcc056e7893046819f0f8e5c785c558af9a28a62bceafd18c976e8041b58bb534e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e39aa9e4c4c1dffd2032f75f6ecad8 |
| SHA1 | cdb3c33fc753ed6e4da483514e0ef964f045e4d1 |
| SHA256 | 883c054ae37bb823dc6b4f645f8f8eedff5d3bb05860ed9f98f7d25076673472 |
| SHA512 | e4453758ce08f9397505ae54e1ee824e2d9dc2be90f46718d89bb21049c7279add131315c7ed54ade6fdb35f9249c9d0b11742f4c8f003dd4fb7ac560e480e1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 202a0bb44473138e5d23540b5e1aba10 |
| SHA1 | f271b78af7d75446b279a968d131d53b434d2ccf |
| SHA256 | 317ff470e400e06a004f719ef2097f828449cfc3605f2739ac7090d2fdeb8ce7 |
| SHA512 | 8e3696890095271829761d6679f7880bdc04d2a726d8bf5c156d1b0c0aaffbd890ba91b45fc1451da6045aed3f4d37394de8545626311441591298f0ff5450ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dddcf3c6be31bac5f0b88355648e98d |
| SHA1 | 018bd1158db5c6196a5e1f4a5d1e08402fe5efc5 |
| SHA256 | 6fac130b5f3fdbb5d8faa16f818e01a039891ef107afeb0c590964756984f50d |
| SHA512 | 2f78c58a4a28043a9dae9796e1ea8b1c39d4f35841e4f7034535f71251364e3b9dda11dd5d9c39473dff035f93673d7d21bf9231faad32a444b266faa89e8455 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff80a84c9be976160c3d9901faa03ca2 |
| SHA1 | 55c494ccdf47ef3568f63032fb2b68fb1e8eb3d9 |
| SHA256 | 73660994643963eab2de38eff8116c4f878cd6acfbc9cd1e04808ffc5220ff45 |
| SHA512 | 16265578cbe21b98ffa96e1295e1a896f308b3420f764200c5affa6cfdfa8b5ed71ac07818dc2bfd20717e12409389c17d59f3c84e8cf1285c4f8dcf688c9f9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d275eb94221b1b95d2dbe3fb101784e |
| SHA1 | 16b9c7903a3dd4735c381f9da4a6f9db285af886 |
| SHA256 | c0afaf7a56bf62e09b832b4272c86dafa2f2c2d5edcc96aef356ec69c1a063b7 |
| SHA512 | 61fea95b6f39dabcf9f9467630594ec5b043c2714b043b1c798e316b27a629f346768011d1fb518ec87b5cfaf328776ab785e5e95c153dc552084c017949a729 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 23:47
Reported
2024-11-21 23:50
Platform
win10v2004-20241007-en
Max time kernel
151s
Max time network
157s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaSetup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 191492.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\EXM_Premium_Tweaking_Utility_1.0_Cracked.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd914c46f8,0x7ffd914c4708,0x7ffd914c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x330,0x334,0x338,0x308,0x33c,0x746dfb14,0x746dfb20,0x746dfb2c
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7386fb14,0x7386fb20,0x7386fb2c
C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS49522B97\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe --server-tracking-blob=MDFiOTIxMGIxMTg5OWRiYWJiOTg2YTBhZTIyMDIwMjA3NjFmZGEzOTM3ZGVkMDQ2MmY2ZTk5MzE1MWVlNzNjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInRpbWVzdGFtcCI6IjE3MzIyMzI4OTEuODA0MCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoicHJlbXB1YiIsImNvbnRlbnQiOiJNREZfUEJfMTY0MDlfIiwiaWQiOiIxZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJ5ZXBhZHMifSwidXVpZCI6ImI5MjAxMTEyLTBjODItNGMxNy04MmRmLWRhNmY4NmYzM2QyZCJ9
C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B777A87\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71dcfb14,0x71dcfb20,0x71dcfb2c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5784 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241121234823" --session-guid=e2016c29-f223-45e7-8ebf-4c843c928297 --server-tracking-blob="MGNmMzcyNTU4ZmM3YWMyYTkwZjVkYzI2ZDk3NDE3ZjkwZGVjZWVkMzRlZWIxZTdjNGU3NTA2YmZkY2ZkMjkxNDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9eWVwYWRzJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1wcmVtcHViJnV0bV9pZD0xZTQ1NWM2MC01YzFhLTQ1ZTctOTY1Yi1kZjgzOWYxNGQ3YzYmdXRtX2NvbnRlbnQ9TURGX1BCXzE2NDA5XyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMjIzMjg5MS44MDQwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJwcmVtcHViIiwiY29udGVudCI6Ik1ERl9QQl8xNjQwOV8iLCJpZCI6IjFlNDU1YzYwLTVjMWEtNDVlNy05NjViLWRmODM5ZjE0ZDdjNiIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6InllcGFkcyJ9LCJ1dWlkIjoiYjkyMDExMTItMGM4Mi00YzE3LTgyZGYtZGE2Zjg2ZjMzZDJkIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=D008000000000000
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0E52DA97\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x334,0x338,0x33c,0x280,0x340,0x71dcfb14,0x71dcfb20,0x71dcfb2c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xe517a0,0xe517ac,0xe517b8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5077662328291454622,5808053664206348969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x500
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeHide.bat" "
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\WatchUnblock.png" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| NL | 23.200.189.154:443 | s7.addthis.com | tcp |
| NL | 23.200.189.154:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| IE | 3.162.143.98:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| IE | 3.162.143.98:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 102.39.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.143.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.140.162.3.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | strangineersalyl.org | udp |
| US | 8.8.8.8:53 | ndtheyeiedm.info | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | paintydevelela.org | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ukankingwithea.com | udp |
| GB | 18.164.68.122:443 | paintydevelela.org | tcp |
| GB | 18.164.68.122:443 | paintydevelela.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.140.162.3.in-addr.arpa | udp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| PT | 3.160.132.62:443 | ndtheyeiedm.info | tcp |
| US | 172.67.146.219:443 | strangineersalyl.org | tcp |
| GB | 143.204.176.42:443 | getrunkhomuto.info | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| PT | 3.160.132.62:443 | ndtheyeiedm.info | tcp |
| US | 8.8.8.8:53 | 79.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.132.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | primenetworkchain.com | udp |
| DE | 168.119.149.123:443 | primenetworkchain.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 123.149.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | utll.techproductupdate.com | udp |
| DE | 18.198.9.59:443 | utll.techproductupdate.com | tcp |
| DE | 18.198.9.59:443 | utll.techproductupdate.com | tcp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.9.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 82.145.216.46:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.93:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| US | 8.8.8.8:53 | 93.182.26.185.in-addr.arpa | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_4100_QLUREUFAEQMAVQLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af6770be1d5ab28a448c9745a6e62417 |
| SHA1 | fd9dbaaedd9bf49ea94d5920e3daa59419895ae3 |
| SHA256 | 18d4ee48c2cd1b38bafb98fdd2c99dd2e9a70a6b9edd35eac4829ad4acb900e0 |
| SHA512 | 76c633520abfff931a7e6c50f5d8739e20514cc1d6b0ebebc2eef18019e2076e02842bb5be41c94fb4e82a52d5a4bb4388d7a4ce706e2b4cab09d10718cc027f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f509e6e409e88fbff549de18f41a7a5 |
| SHA1 | 1fa6522701112b0757239b4d7bfadbbac752229d |
| SHA256 | 2e8ecfacdae77b60ed042d9c62d3f867521d04d0e154df9ed7b5b3290f404aa2 |
| SHA512 | 51e51fa18c8f6e548c79a6a9c7fcdb7a738af3e42a45589ee63b70088abd4c08d5edacf5e6ffa3cb328f9782018c201af38df4ad13e87c880ae79be30cc28a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de609fc0b15795a46a6435daec534b5c |
| SHA1 | c6e35c6674d99979d80c5a3d88c0de2b1f558d9a |
| SHA256 | 3f8ca011f756b194c85386eca2569a60d93c239054dead42fa99d025967d69fc |
| SHA512 | 4e4e3971eb16c5de4a833c0dc8f25fe24d842195da428fb0fc60567e52eff6718c13d18a99b4938827c906ac72e589c8e941e257a44938e73547c23059be1e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\OperaSetup.exe
| MD5 | 49cb72afffa46597fc0e78dced3d3d2b |
| SHA1 | 12e9fb912016eddf94b10ff05f5d30b9031b9278 |
| SHA256 | 4c1b9fa2ff780ac48c5f03484cfc1f8557241619e95278afa83db18d67c78e63 |
| SHA512 | bda5637ff3735727ef83cc212b03e24d7f8dbcb3238abc2366cc968dccf14977ae5f6aaa87556d51a1a21ad2caa670aa5f668933d9d9379b185a518b3a5dd0a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8130dc719fb83e1bbf199950585a5a5d |
| SHA1 | f8157ef8f527b70e7ac9fde7a2d096cc9a3350aa |
| SHA256 | 057d097526eb2b5ada1e5d7634c999d34238caef6eeac315cdd2732858aa4300 |
| SHA512 | 4ca516772316703a2e8c546f8bb562e1dc57f1281c1ae7e8849cd0a131e1e15ae2187f3bd0327357a367eae1998c48d0f19358e1a876705183bdf75e98b5e3e9 |
C:\Users\Admin\AppData\Local\Temp\7zS49522B97\setup.exe
| MD5 | 7e293ea90477b4293d42b35b9a7eefbc |
| SHA1 | 32d9c1e87d9f8cbecc4794a106b6baddbeb0fa82 |
| SHA256 | 61325bf8db458c0f321b7d3e0a0b968313556e84cd74ef062b1ab8f4d37f1af3 |
| SHA512 | 6966e8a5658455a561c891b0b0d0fa2158a98a06695c3f76794def1629317ed7f29ae1762c2564154c20c0fb3285196a791583761ee65c5f274838f5cd833e50 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411212348222025772.dll
| MD5 | 90f1c76397815e9755e2c266f79c5a4b |
| SHA1 | 85f9e93c084ab61f6e4d7eacc9a00575bd48f191 |
| SHA256 | 6bae4a4046069b92479a475da99b408a2fd767e921e43eebe2ceea0fa8b330c5 |
| SHA512 | 6992facb8d0b658be74f243dba4af807dc45ae51dc310360e3de1ebdf1e6dc5c91cf1e39e19b8074ea74285f03969e32bd89411af9c41d794437a765d7ac2704 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 2fa22ab10f7d6262c65be11e5769c2a1 |
| SHA1 | 8f9ae2836442a76fd6c3e76a4f083adcbfcd0e2c |
| SHA256 | 6cc61267d7fbf1234620e2e42adaf5b40ec2d7dc21c4f3f26d6a3b192f2eabc6 |
| SHA512 | e28014406fec8364f0db17e156e46b0e4712ab31e45326ec4338979d8b0cd2a81c103e6775baca1627b74c3a9c7fce4cb58eb6755ea24951366501ac7524616b |
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck
| MD5 | 50407f1d5931c1e7294519c8dd33de98 |
| SHA1 | 222bf7898acfb0b13b7cf3854224e3789e410033 |
| SHA256 | a9bb8a000d4c40a0bf36db953af569425965683377b5ef44b9a18d34a74c4291 |
| SHA512 | c9eaaec6190b550f7bab2824952d83d83dc576616935f2fe2a4adea0553b8ce775a0572eb3ca88c00ae99fa75d2bab2d1a44eca084d5a55fbca66d4ee2f88954 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e363edbfb542c8862381ae51efa2fc3 |
| SHA1 | 380ffb459608afd82bfdc208b6e68c8198dd268c |
| SHA256 | 5580f66e6996f799e0fff7ec17bb81c3e09a3c5e323916587f8b591d07d5c0c8 |
| SHA512 | f438d7a722b3f9af820daec1661ac4c85397f78f4455057f98f7fcaeb3812df6397e5306cda8018e4477eb618f2ec8c554ca286dae1e748bd572940a474195de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74a4b99adfc8708ae57b50d532157094 |
| SHA1 | 067d035ad93940ad774c563aa4e95bd9ac83ef8d |
| SHA256 | 4f567294dd5bec9f208f48c0bf431cd10ad7afc5680b03fbbff14746b877e562 |
| SHA512 | 9423f4ffbe1c174c8464870d414f2f4ec9fda12a5eab0420ba538b0436b0b1754128651ec9f1697de6f7ca8a7ab580a806605d9077faea72d2f9ef682977d02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811
| MD5 | fa7f2f1296c981ddb4c2901a533033bc |
| SHA1 | c97d36333cfe007810e41862ad3466b87c123cc3 |
| SHA256 | c996d8c8e94665d43c1cb881f3d381daaf4e1e6bbcb1f4a9b6ed9075bd34758a |
| SHA512 | b56f8cac8349ebc56020ddc0418d87da32d49931cdecaa4b55f8d956edcee7d39d19af54564ab95075a11a962a2074aba6bd005ec054344dc36c16033d0dde22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811
| MD5 | 20b9c1d5e2b04a3007f1fbaa3cca9493 |
| SHA1 | dc51d648a1d66dd4f0ba3773b8081011552383f2 |
| SHA256 | 46e94f971268a7e59407d09cf5f1d76dd4fe5a9357237e8b6496cf050151d9af |
| SHA512 | 67ee805624bfcefc9b58250ae533bfe0e393403711838341949b4734fec009d589b1635d6bebf2912ddc1dfd8a27b2596fdb62a3f32aec6a6f2d2443153d7512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | c59fe2122c01472472b32153f9357db9 |
| SHA1 | ffd45432839790442f659390e16b2b4f96c066c5 |
| SHA256 | fbe269cbc7e81263ef32c8a3b320697dc8d0b9f90d72c13b7e74b482a640b71b |
| SHA512 | 51ae31fd5603d1b6038a3ed1134143bfb757372b8daf06f471d7ca5e54c4fb2bb27c4b257149861e5e3e841070f7d1bc7488bf3f799ea39c7daa7ec62fe5eb31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | c211417c34753d3f2f496fad20ba67d3 |
| SHA1 | 863a4987e57055220f3670c1fd06f86f4f86ffb5 |
| SHA256 | 66f8376f9c2b74e6f98463e40966fc2f059b8a68b5c592b3d19a580f0a5564ab |
| SHA512 | 89565e7122d9737357c04357432eda06ffb66e97e057053256a6644551e379da84aed258761caa21a6db963d4134068ccfeb56687245c726dc482cc0d2074213 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 719182e07998ae9226d45680aa1fe178 |
| SHA1 | 8f8b03c110c129cb3a35841ed959de7a7266ffec |
| SHA256 | 8f1d64c2c4dbb6ca892083e4b4a8bdb4585597e1269c218340c6b12517bb3dbe |
| SHA512 | 2df474f0ac4d1ef93b14deda32c5476da130bc41f37c0a5cd0c271c990914613c3c788116a4b87d44876695f71e5a131847fdf96d609364c06cb2f5ed6ce76a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | d880ed53a7a4d6f0641528d795124316 |
| SHA1 | a25d0269d0784b4c2600567bfdb595f654f697fd |
| SHA256 | e53b0e3d52a300324996efc2ff9239e7fd44d95f07fcdf8a6d3c70dc60a8f07a |
| SHA512 | 0514e6a046fccceeefd2d372a1fd60cd170627006fa9fff483e1977e4950f64b0ab72837c8c52e7e2d83047f3229e52b43e82a142c3d4d486b278ed527f4f94e |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
| MD5 | be22df47dd4205f088dc18c1f4a308d3 |
| SHA1 | 72acfd7d2461817450aabf2cf42874ab6019a1f7 |
| SHA256 | 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8 |
| SHA512 | 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411212348231\assistant\assistant_installer.exe
| MD5 | 3b103a9ba068fb4f932d272d19f5619f |
| SHA1 | 8270adf6a18d0101ce54afb77179d55a78a35fc7 |
| SHA256 | 7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15 |
| SHA512 | 83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 304059a5e55f0f76feb2952d0ac33459 |
| SHA1 | 9b38b4e9ff487694a484807de318d1c759c18047 |
| SHA256 | 1330faf9e6da3f81eccd28dbcaaa523e529a55e2534836038a02b739e1903061 |
| SHA512 | db3126359f42734629d5f87f7092ea3842f161bb9466adfa6f0c72912eeb71aecffc3f99f2038c32ee8be1933a7da5b37925e3406dbfe6faa0eb0094a5346f26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a3036f607e73de1b33053c447d4a6103 |
| SHA1 | 560fe820008a8fdab18d433f6972aafb5bbaa5af |
| SHA256 | 346a1bb87733acf55f9817c3b1624da4ea162a26b680f9dece17654c6c548887 |
| SHA512 | cecc5362521ea727ae9b019d09e11e233cfde7b47e644361169100f225ea091e78f020eb3f7a885ba1f01a345e1cef71e95aeac50caf763f5259997d0aedf88e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab9a9aa075a0d55664619f4beecdfbd8 |
| SHA1 | 01b656ddbc5bf7a76a7fbb29d03c135acdedbb08 |
| SHA256 | ff9e7d1991f95829ff253d3be8eedd5b7d05fc61d1fe0be44c716a261d102f1b |
| SHA512 | 7853472fab1e853ae6a3c75117d1bd0629ac736a6a35b39680eaca03d12a6c7f8a046a1aaefe8ef14d13f6c322bc03291b289f13351f33b8db1e1fc03cd69eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aeed4e2ef7313e05b30b0aa23624fd94 |
| SHA1 | 623b0403b457f9dae9bc6d8e22a958d62764a6d6 |
| SHA256 | bd05134dc72f22558d3a6bfeee2f8a58e43cc702e858dbb9070a2feb69054c07 |
| SHA512 | 7dd671327021fc769b50e7a23ff62d4f4a9b37595564e994cff27cbc69cdf24ef28ed7579099bd47e9ecb0e4db2e80b9fcf8d9be5c74647d74869dce714bc3f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9a7b99dd6c647abd48d273c80447d2f |
| SHA1 | 1f5e3e696046dba6f5cfa28f2bfd432d2649d793 |
| SHA256 | 8bee6a1bac0fa9b360c457e9f2a1ec320a093bccf751c46a1cf997b24eb0828e |
| SHA512 | 04ef47a727f31ef252e1b224482f2a76497726c54b66d565178b169f0c219ae61fe1f6cd9441604498cc9602736c2bc403afb9f0e0f5434098ce2f62bde3e70d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cac3c6045b064b60caad633868eec553 |
| SHA1 | eccbe428aa57a2d4cd1495c10efc67de3f2b2328 |
| SHA256 | 869cb4ee53d80c1330a68ccdc0937e94183bd2119a85511b5108c50401d8d1da |
| SHA512 | 51253c02336c6eede2b72463a96ab76483849dfb309463770749ec9e8f286380b09531eb32b7b93ce25dbb60f78c7493b7b51f69b8818cbe830364ebe21ca285 |
memory/3120-520-0x000001E6C1660000-0x000001E6C1670000-memory.dmp
memory/3120-516-0x000001E6C0D90000-0x000001E6C0DA0000-memory.dmp
memory/3120-527-0x000001E6C9920000-0x000001E6C9921000-memory.dmp
memory/3120-529-0x000001E6C99A0000-0x000001E6C99A1000-memory.dmp
memory/3120-531-0x000001E6C99A0000-0x000001E6C99A1000-memory.dmp
memory/3120-532-0x000001E6C9A30000-0x000001E6C9A31000-memory.dmp
memory/3120-533-0x000001E6C9A30000-0x000001E6C9A31000-memory.dmp
memory/3120-534-0x000001E6C9A40000-0x000001E6C9A41000-memory.dmp
memory/3120-535-0x000001E6C9A40000-0x000001E6C9A41000-memory.dmp