Malware Analysis Report

2025-04-14 05:11

Sample ID 250111-s68f3avpbr
Target http://rmax.site
Tags
revengerat guest discovery persistence spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://rmax.site was found to be: Known bad.

Malicious Activity Summary

revengerat guest discovery persistence spyware stealer trojan upx

Revengerat family

RevengeRAT

RevengeRat Executable

Adds policy Run key to start application

Downloads MZ/PE file

Reads user/profile data of web browsers

Uses the VBS compiler for execution

Drops startup file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops autorun.inf file

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Scheduled Task/Job: Scheduled Task

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-11 15:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-11 15:45

Reported

2025-01-11 15:50

Platform

win10v2004-20241007-en

Max time kernel

329s

Max time network

330s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rmax.site

Signatures

RevengeRAT

trojan revengerat

Revengerat family

revengerat

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\status = "present" C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon = "C:\\heap41a\\svchost.exe C:\\heap41a\\std.txt" C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Heap41A.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\AgentTesla.exe N/A
N/A N/A C:\Users\Admin\Downloads\AgentTesla.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bumerang.exe N/A
N/A N/A C:\Windows\SysWOW64\ddraw32.dll N/A
N/A N/A C:\Windows\SysWOW64\ddraw32.dll N/A
N/A N/A C:\Users\Admin\Downloads\Bumerang.exe N/A
N/A N/A C:\Windows\SysWOW64\ddraw32.dll N/A
N/A N/A C:\Users\Admin\Downloads\Heap41A.exe N/A
N/A N/A C:\Users\Admin\Downloads\Heap41A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A
N/A N/A C:\heap41a\svchost.exe N/A
N/A N/A C:\heap41a\svchost.exe N/A
N/A N/A C:\heap41a\svchost.exe N/A

Reads user/profile data of web browsers

spyware stealer

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
File opened (read-only) \??\k: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\q: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\r: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\x: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\z: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
File opened (read-only) \??\e: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\p: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\s: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\t: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\y: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\g: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\i: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\m: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\v: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\w: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
File opened (read-only) \??\h: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\j: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\l: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\n: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\o: C:\heap41a\svchost.exe N/A
File opened (read-only) \??\u: C:\heap41a\svchost.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 0.tcp.ngrok.io N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\heap41a\Offspring\autorun.inf C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A
File opened for modification C:\heap41a\offspring\autorun.inf C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\ddraw32.dll C:\Users\Admin\Downloads\Bumerang.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 388 set thread context of 5596 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5596 set thread context of 2856 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 4660 set thread context of 428 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 428 set thread context of 3172 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 1576 set thread context of 4088 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 4088 set thread context of 4480 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 2260 set thread context of 6128 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6128 set thread context of 4380 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 1664 set thread context of 3408 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 3408 set thread context of 2440 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5140 set thread context of 2332 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 2332 set thread context of 3696 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 3108 set thread context of 1172 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 1172 set thread context of 1292 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5384 set thread context of 5756 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5756 set thread context of 5136 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 2792 set thread context of 5556 N/A C:\Users\Admin\Downloads\RevengeRAT.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 5556 set thread context of 464 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 3120 set thread context of 6052 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PID 6052 set thread context of 4668 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe C:\Users\Admin\Downloads\AgentTesla.exe N/A
File created C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll C:\Users\Admin\Downloads\AgentTesla.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\ddraw32.dll

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bumerang.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\heap41a\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Heap41A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AgentTesla.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 709902.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 525084.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 126400.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 474138.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\svchost\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 988489.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 3360.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 614494.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 664 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rmax.site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcbc46f8,0x7ffbbcbc4708,0x7ffbbcbc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --server-tracking-blob=ODhiN2Y5NzZhYjg3ZmU5ZjdhZGNhOWFmZGE0NTk4NDcxYTJmNDBmNDE0NzEwNzY3Y2U3ZjUwYmZkNzc2YWJiYzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1lNWQ3YjBlYjEzNjI0ZDcyODNkZGRkMTIwMmEyZWUzMSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxJmRsX3Rva2VuPTg0MTYzOTk2IiwidGltZXN0YW1wIjoiMTczNjYxMDM2Ny44MzgzIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6ImU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImNmYmQ3ZGM4LWY3NTUtNDhmOC1hODFlLTVmNDA5NmJiZTRiOSJ9

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x330,0x334,0x338,0x310,0x33c,0x74e8ed4c,0x74e8ed58,0x74e8ed64

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x6c4f48,0x6c4f58,0x6c4f64

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5912 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250111154627" --session-guid=d516adfe-35fd-4145-a5ad-b06a9c99919a --server-tracking-blob="YTI5MTU0MzM0MDVmOGQ3OGE4NmI2NjRmZGU2ODc4Mzc1ZGU2N2ZmNjkxYTFjY2ZlYTM4YmM5NGQ0ZTVjNDViNDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1lNWQ3YjBlYjEzNjI0ZDcyODNkZGRkMTIwMmEyZWUzMSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxJmRsX3Rva2VuPTg0MTYzOTk2Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM2NjEwMzY3LjgzODMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9IVlJfMzczNiIsImNvbnRlbnQiOiIzNzM2XyIsImlkIjoiZTVkN2IwZWIxMzYyNGQ3MjgzZGRkZDEyMDJhMmVlMzEiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiY2ZiZDdkYzgtZjc1NS00OGY4LWE4MWUtNWY0MDk2YmJlNGI5In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=C40A000000000000

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x328,0x32c,0x33c,0x304,0x340,0x7253ed4c,0x7253ed58,0x7253ed64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8020 /prefetch:8

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pf_fonra.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DF0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc438C4D55262E41F99624DD722B5C175F.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qadermbg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EAB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2FB13911D9F04C59963546399F5F6A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3qckvxua.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F57.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1AD4793F51334E539181DAC6D19C67B3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x0zm7xnz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4003.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1C0B18826F9842B282492ED461BEBC98.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dmewahte.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4090.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc78F20091FCED44CBBE8A941060965738.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ex8o7n1e.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES411C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE399976624F14EC39CE4B1C8F7B11D60.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\l4w0h79j.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4199.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4A4883B877964D40A99C968D781C876.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\twohqwnz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4226.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc60BCD9D1AC8C4302B11AD563B749451.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwyxzlhe.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES42B3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc44376C5AA503457DA515A6D1BEE9B76.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4l-zauoh.cmdline"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4330.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6950D264EB14F78AD94B32390C9913C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\09ktgpey.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES442A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAA5A31E9307440BBD1D607983402C1C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sogtlmey.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4533.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA0579CC4C10940789BC4AC443724F8D8.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\blbrf2im.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES45C0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5573BED65CD49948E92917C54293644.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hgeafn1x.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES463D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9670E2FD34E74B458433C1504D671C89.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8qb1nmzw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC6880492EEF4628B081DC4474D7C7DB.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dccszyc_.cmdline"

C:\Users\Admin\Downloads\AgentTesla.exe

"C:\Users\Admin\Downloads\AgentTesla.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4746.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc88AE55C2B234649BA85BA7EFB2C469.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zssxon3b.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4860.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB5240A5830141669D928A833EE1D837.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\23hw-fnt.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES492B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1348C7B755943CEBE5A49B4C9823EB.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6yx3jmsc.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES49A8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAF6D1170A9FD4C06BC5982BED7D515E6.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mkpdmhlu.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A92.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD0431ABF580E4F82BB41A7E360E1AC88.TMP"

C:\Users\Admin\Downloads\AgentTesla.exe

"C:\Users\Admin\Downloads\AgentTesla.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gcyysdee.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4BAB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDBB0C8FC80584100BA55E595C61D4AD6.TMP"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6ga_6uuw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEFBB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD9FB8674910142EE8F269660C4670A2.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\srbmg-pz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF096.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc33ACF0F636EB468FAD43CF7F1A63666A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\eoz_oc0q.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF132.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc35F4925993CC44CC9A926B942D337D69.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zosi3mv5.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF1A0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc72EDE5CEA4234E81AD1052E03549E2DE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vfuztrms.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF21D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEA04138EF22A4DA386E16B8FB782F959.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fbktcfks.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF2C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4AB47EC95A8E47E596A2FCFEBDE9715A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\udis97r9.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF365.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc919E5A41D6C249C38585C76F51353CE7.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\oqqwhvsc.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF3D2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCC91158BD474ACC9E6F907422ED730.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\-xyr6i3f.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF47E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFE137746310A4860BDCE2125A7663E4.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\heoh3m69.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF4FB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc77AD81BBD5894B7182CDE7BCE4374ED6.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8

C:\Users\Admin\Downloads\Bumerang.exe

"C:\Users\Admin\Downloads\Bumerang.exe"

C:\Windows\SysWOW64\ddraw32.dll

C:\Windows\system32\ddraw32.dll

C:\Windows\SysWOW64\ddraw32.dll

C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2172 -ip 2172

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 324

C:\Users\Admin\Downloads\Bumerang.exe

"C:\Users\Admin\Downloads\Bumerang.exe"

C:\Windows\SysWOW64\ddraw32.dll

C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7428 /prefetch:8

C:\Users\Admin\Downloads\Heap41A.exe

"C:\Users\Admin\Downloads\Heap41A.exe"

C:\Users\Admin\Downloads\Heap41A.exe

"C:\Users\Admin\Downloads\Heap41A.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe" MicrosoftPowerPoint\install.txt

C:\heap41a\svchost.exe

C:\heap41a\svchost.exe C:\heap41a\std.txt

C:\heap41a\svchost.exe

C:\heap41a\svchost.exe C:\heap41a\script1.txt

C:\heap41a\svchost.exe

C:\heap41a\svchost.exe C:\heap41a\reproduce.txt

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_7kge-vy.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8B30.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4F67CE35E21E431EA9752EEAD13C9F5A.TMP"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 rmax.site udp
DE 3.124.100.143:80 rmax.site tcp
DE 3.124.100.143:80 rmax.site tcp
DE 3.124.100.143:443 rmax.site tcp
US 8.8.8.8:53 proftrafficcounter.com udp
DE 3.73.241.61:443 proftrafficcounter.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 143.100.124.3.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 156.133.100.95.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 61.241.73.3.in-addr.arpa udp
US 8.8.8.8:53 layerrepeatedlychancy.com udp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 8.8.8.8:53 www.1candy.pro udp
DE 3.75.10.80:443 www.1candy.pro tcp
DE 3.75.10.80:443 www.1candy.pro tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 1candy.pro udp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 192.243.59.20:443 layerrepeatedlychancy.com tcp
US 8.8.8.8:53 20.59.243.192.in-addr.arpa udp
US 8.8.8.8:53 80.10.75.3.in-addr.arpa udp
US 8.8.8.8:53 127.163.164.3.in-addr.arpa udp
DE 3.73.241.61:443 proftrafficcounter.com tcp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
FR 13.32.158.145:443 d17iy0164v753e.cloudfront.net tcp
US 8.8.8.8:53 d25mdneknrv20w.cloudfront.net udp
FR 13.249.12.66:443 d25mdneknrv20w.cloudfront.net tcp
FR 13.249.12.66:443 d25mdneknrv20w.cloudfront.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 145.158.32.13.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.12.249.13.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 d39fkvblvwpxa1.cloudfront.net udp
US 8.8.8.8:53 buxspot.com udp
FR 13.249.12.225:443 d39fkvblvwpxa1.cloudfront.net tcp
US 104.21.75.113:443 buxspot.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 113.75.21.104.in-addr.arpa udp
US 8.8.8.8:53 225.12.249.13.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 app.cloudtrks.com udp
FR 13.249.12.225:443 d39fkvblvwpxa1.cloudfront.net tcp
NL 34.91.218.141:443 app.cloudtrks.com tcp
NL 34.91.218.141:443 app.cloudtrks.com tcp
US 8.8.8.8:53 mr.macgsapptrck.com udp
NL 34.141.179.97:443 mr.macgsapptrck.com tcp
US 8.8.8.8:53 141.218.91.34.in-addr.arpa udp
US 8.8.8.8:53 97.179.141.34.in-addr.arpa udp
US 8.8.8.8:53 get-gx.com udp
US 35.174.198.186:443 get-gx.com tcp
DE 52.58.51.150:443 www.opera.com tcp
DE 52.58.51.150:443 www.opera.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 186.198.174.35.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
GB 216.58.204.78:443 www.googleoptimize.com tcp
NO 23.49.26.10:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 150.51.58.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.26.49.23.in-addr.arpa udp
DE 52.58.51.150:443 www.opera.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 79.133.100.95.in-addr.arpa udp
GB 216.58.204.78:443 www.googleoptimize.com udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
GB 142.250.180.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 11199305.fls.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.38:443 11199305.fls.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 172.217.169.3:443 www.google.co.uk tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
GB 142.250.200.38:443 11199305.fls.doubleclick.net udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 172.217.169.3:443 www.google.co.uk udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.123:443 autoupdate.opera.com tcp
NL 82.145.216.46:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 82.145.216.16:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.25.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.49:443 download.opera.com tcp
US 8.8.8.8:53 151.133.100.95.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 46.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 16.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 download3.operacdn.com udp
IT 2.18.254.43:443 download3.operacdn.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 43.254.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.1.140:443 www.redditstatic.com tcp
FR 18.245.175.102:443 static.hotjar.com tcp
FR 92.122.166.181:443 snap.licdn.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 57.144.120.128:443 connect.facebook.net tcp
US 8.8.8.8:53 script.hotjar.com udp
FR 18.164.52.40:443 script.hotjar.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.1.140:443 alb.reddit.com tcp
US 151.101.193.140:443 alb.reddit.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 151.101.193.140:443 alb.reddit.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 102.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 181.166.122.92.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 128.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 40.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 140.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 bat.bing.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 204.79.197.237:443 bat.bing.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 4.227.249.197:443 u.clarity.ms tcp
DE 92.122.215.65:443 www.bing.com tcp
US 8.8.8.8:53 65.215.122.92.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
DE 2.20.142.155:443 r.bing.com tcp
DE 2.20.142.187:443 r.bing.com tcp
DE 2.20.142.187:443 r.bing.com tcp
DE 2.20.142.155:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 187.142.20.2.in-addr.arpa udp
US 8.8.8.8:53 155.142.20.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 3.12.57.198:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp
US 3.12.245.36:19521 0.tcp.ngrok.io tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_664_EIXNZAJZFQXSMLKF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7de6bd6c3d4e59218f84077d678f5171
SHA1 5bcd320ef441defe40df29155e3dec56690b857b
SHA256 99324029218168474cd9c52cd736da0f253a29f437bfeb430e4609126c57c0d8
SHA512 231b5cbfaad559025bbef53c9219baa972c5ce453736e8cc4c7b973a4b7295e911cbde20964eb821459f1c508d75db8e28c63db27986222eaeaab21e8b11a294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 62f8db60f39674cda6dda054a610d025
SHA1 5b2cfa46249256bc90fb46f07134e2c9e9392380
SHA256 7ea2496c6be7092f0c8aeee483fe30b1cf25b2bbd7a3febac86e590e86c51e79
SHA512 e4bf17e6f8184b76b02e7f0207ba943f4f18b096e0e807b5d569f7061fa352a132697efd96d8917d06c54a78f8551996cd6f1321c724106324d1a3c9cecfd5a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5007676db3c43ac6bd1cbe932558aa6
SHA1 1a681afb38a44f6d7bdc296a04dc3670f0f41f56
SHA256 84ae81c5b35405090c0c640640f0882e943b8c0a07e7144bfdfd9955aa6f6486
SHA512 a8a6c616d51778bb9ac5c5b0e973e2b9deac54de607cc5fed5e3060443cf9f871a8603163648ad48248adac33d2fb8d2ffec53c27d8dddbc72b31a12d84b2e78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5e99fad9bb444d00bf99f78be31db27
SHA1 0b06cc5000d3295effd5ae846947878bbb4ed118
SHA256 828c2e38cefd6cdbb89951ad43b7c0480ff40526d5a02d8674d29887bc9e541b
SHA512 742cc8a1a1b0e6f35fd8103bf5230f8ba01d6a2cb1176fa29a71272d43836d1aa4bf19678f0fe99467f8c1851a0f7f6b3a6f8f1abd9f7b880ba7db160fb520c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5838de.TMP

MD5 f8fb4923da9f5cb1c1279836723f9015
SHA1 a56600782673481ea6dfc76c990ced613d034924
SHA256 e0f64c9804fa4d22c896231d261ba9dd52ec31721add6ee2980b052b7ada48ea
SHA512 f5a06f73e197349d4a21ee4180126fc27e839e90079f1950dc2ea995a278b5014180a340024ba4d63750ce6e26fa2359f5c8910624c77bd1c163fcccbc4e35d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 516460d94e5405572ba44a00b82bf6b1
SHA1 07043d18cc153447dc7c905928b6959ad7afbd9d
SHA256 49fb7e86a69b193f03e10d9a6b4142db967321d8fbccffc123e78e93156763ad
SHA512 fa778b14a28f420ac1b20caa3f47b0119407429816997cd55760dc2b86ffac5750e4a952284580ce13237627335340dd334e7c287a11d2531bb8667ba902ae33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 670eb011d6eb62e0c2a62b5a24c08312
SHA1 e2d4ec13924e83b2944e2430384aaf00cd4c1446
SHA256 6e4878eac11149ae7c8432e293a9dacb6a153e335965445406ca0997b2dc95a1
SHA512 3741bdac0037cea0d42556ed9e69ed63566440e23646833dd4a58c0dc41c60a9e6b28fb86f248dd81f68ccfcf01fb01b4a3400571289be34a86f0edd5f8174a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 825746e551c1395ccda61b68f0a6bedc
SHA1 8fbeca78c8b314c52c4bd767d589b73798feebcc
SHA256 88c925a35492c0a1491fbb607f10466ed5826c3f89da11170435aab1a214d166
SHA512 90fab3539a8c4644a618f5fd322b0f9dc934f5580ca3de2eca1c517c0b68223eb8b8a3da6c64f8793448cdb595452dc60805184be7cd5439a16007010e8f9339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32ea70325c12277ee06263796bc62e5f
SHA1 1b67b64ec8078f9f74233549fa6f6504d9772b10
SHA256 dc82821e811d8671bcf34b3e3c27837e068e95ff5a258b26da6672cbfddec702
SHA512 90282fc072361d215bbf106022dc9aeb82d1c979d9e6dc25109d3a27b32e92c5bdfa650183af100b6f85516ef588953d7302004dbf36be66f6b7cec9b5e523af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2f12cd2f081bdb2f07313eb2e96bba06
SHA1 ff61844636ea9b901e031e2b78cdb574edabc2c1
SHA256 7d5dbfa28490079385fbde5aaf7398cf0142a3b59c4b21b15115c771b5e70643
SHA512 65fd8165f3e4da9463c28afd4671caee7389bf4acc8f59c033b018d6ae7035fb06e8d96f09537d3ce5423cb6bbebec950060918c3a0c0ed35ccb1223d9d81817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587635.TMP

MD5 f7fb64ebe752fa4185d10bab07b38923
SHA1 7da4be82a6e406d47a0f9e471be2f0bd0be7acd9
SHA256 a8adad6cf7a97f067cb87e069b86a5b6cefd328ab918c4f4d9715ee3489e2895
SHA512 7413c0e51c6dc15196bf75daca48ded5e5b3f4a3c3128eced6d9c583a3bd88912c74fa30569471969d1ae602bc5cca3fefd00db34fad195c2e8fedb683c7d2cc

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 491d718268e220385a4f985fe3e14f63
SHA1 2c1cf8957436576ee57c0ea7cddff1726ac3725c
SHA256 c32e4c7827bef72d6f9420afabf04bc1329458d03249e1ef31d25463645e6244
SHA512 17aa6a70d5cdb3766c0c19e2ccca660d21f91e296acf6240cc1b1615e018e62b094833dcf7aa109d20cb945e3774d9d0b2144269a90e7e7f8add7f38e83b2bb5

C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe

MD5 31824cf3d0d413089f861f703997857e
SHA1 3f9f8b948abf1c5f968444f0b2fa6ea64d74c344
SHA256 71e528e4c023b2acafeaa8551c691f83d563abacf534a05d2d3b9d10ed02fbe6
SHA512 70f4d0b5721ed1f785f31082f59acf529c847489824301651353c3aa079d53d4b8e77b1a86df4adc3b35db4731ce2d0bc685fbfa6899dc03702d673c9fd7288a

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501111546251315912.dll

MD5 5614930f6f984c8f2e36ab2df60a0bf9
SHA1 495a0e214cf5b97336a0bf7d419a0e6f08b271ff
SHA256 a0f1430b90e328b644e58446b716366449696fbf8a10e2bcd804fd4ea2bce542
SHA512 bd43755d662be76e3b15ed3fe1c1f25974b9a57d93c09b15732efb2c9ebd2b411a92c216062f6b28f0187e11d2ed0ccc2657f9ac878e631bef11b409b5948ca4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7fca7119bb3597842f707b892dd70d61
SHA1 30b62b51521dce83c15b9ec92543b7fc138b53af
SHA256 504118b98c5790725ddcc1e308791d41081b3360b76f056bcb00e0f87ad6e17e
SHA512 3d5c1e127b390a3bcd9c66f059cd0b7fedf06ce2c277309098d32e9188bbec4173efd3e6132b41e68a64bd96e795590d63bec5b0cfe8bb79535c61f812a92f2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 3dc68c2e908a55af8cd914333948ecfc
SHA1 a70fdf31a8c5500de831fe0008ff840756992995
SHA256 03ce663604f5449fc9b1e163e02b5eed936f3d1d9c5bb80b592eba8fcd1d84ac
SHA512 2955a3be14100683036ac96e8d99536f5ef3a365ef270739a797ceeb08f74bfb9f121df039aaae9eede54356deec1919bc2a7c1e18ab5502cc3731125ac96b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 1ad120de27f91abc8c21e8cd78dfe279
SHA1 f75bd0db424d53dc719396d0f31a5ba1e5641076
SHA256 8bd9355cc657c6dbe56359c991ed65f2cd5ba13432c82d9372c140089df9f189
SHA512 9ec635d44bc437ee2858180ff2474fabd0551dbc73076fef9e69c687d11e242e8f8962769ff8849e9660ab646852c42a21b78ed0bf69be78f0249de0f23c4291

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 45bf2abfd1a60226d1329f9bb2c5bdb0
SHA1 156e77b78601352f568237f72fea309540b983ed
SHA256 59c76126ec916c0e191f2de03327c83531cc50d60eabd997f1fd7f1ed84e4357
SHA512 88f2fffd11141bd6314961460558352636b04cc73326a866e9e01bfdcf5912cda62283fb4b92f14082d69ae5842105d9ce8f89e0b0c85067a89f16b9804034fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 83848a0dee303dae6e93cfa917dfb7ba
SHA1 47951e6755557270e9713d1493eee69a616f0d15
SHA256 6721c80239cbabc7a025fd3d1f41960452adb77b670351229a99411df525bc07
SHA512 5d586a9ad6bddaa0204eb9e42b7325e6ab25bc82790e292849a022332a66a4d1a04d72abc5f563e6c1e1ff800037c11c8f09425c702e0539e9d2783e65fdf2fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9276189712d727169a5de96ca66e667c
SHA1 54363de9a3114026dbb37a83762f48c2f6fd52dc
SHA256 b3ca2fd8f3ad28d5eee490f03a982d37b53ee34fcbd0fabcc8031046a66ad79f
SHA512 734bb354305caff801f51083f40348e94820d24c1f3db6f86780ba27193f74994477fcb047d0d34bb484203e030c68caca020e30fb0c18818fbe3fa7fe5dedf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 7a0d3de9cd9218bb03f9b514ed50f789
SHA1 b2beb6e56c8256219c3cadfce890c12535461e14
SHA256 16e10942df8f4e2d9b6d6da840de52f83c2c2ec091b28ac0dd8eace01864cf1a
SHA512 15558de1fef18152ceefecf89f5ade098d4574a7c0ac5bb67053f475cd91487ebaa0ea4c320741989049ec7d38353cc1a849678f87363abb26bb4817c1113d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 1b1fcf15c265917d465dd9e1b7451d01
SHA1 74bc4500fc0a36fe8f700a4ecdff9ec131e7585b
SHA256 2f03442a1f19b4f82b6e77cca8aadc425d6cef3d34a0819e43da44fcf717c57b
SHA512 c061a9ea55c4784544286e0c792186c753d4f73d93dab5027cbbfa8eedc089dfa65278471a54e36635a2149065d2cb98e2f04c0ce1a4a9abf723387837cf59b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 61073bebbecb44e3c127f243abb5e08c
SHA1 8bf7917b448402438bdf83410879adddacf924ff
SHA256 17048f945c7afa531042491bbb5a0424407023bbb3d817f11da4432ec8dfbc9e
SHA512 9cd3e1c94116abe0610cc9fad92f2d448604d48d044a01019fbab4512c6f1269d385b2398131dd2d9965245b8901867e6eaf01b2547f00d23b6bee397cd184ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1937ee313c962cec1a1f6bfb493609e3
SHA1 935a4fd3aa7cb430b19b7152ee95888e168e1168
SHA256 f07f039659795b78602bc88b2ece5c934f0d91ac72e0ca4f8f9ea14cbcc8257f
SHA512 0aeee1b5127d9dfdf4b7938761b63a701994ad91a92fda506ef6346c655eb50c16ef4e7bcc5664f1ba2732634b3210e724d630f53ecb31a8e0ad39af0f6af89e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 30b20a893bc934a279c2e0ffd900c274
SHA1 0e48c33db887b2fb3dce559a939ca0ed5c8003b5
SHA256 d7451a4a16c71e70cc6e420b77adf412a6de4ff740391e3057a03993acf4802a
SHA512 21fa0c2b47e4ccbc93b720a78a268f8fe70894cb0157863dbc6fbe95245dfcab7271b6a205ecb027d68ff3e96b1306565bf45cfdf031d3536987b2daafc72a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 904dd12903906ce081f4472591f36d92
SHA1 b8e666eeb9193032b12366a82bfe2b8fc0be1c13
SHA256 75e13d1568a8dd50e639b3d9c0c5d03141cb4fe8f00b34d0229b6d55913ecca6
SHA512 70831dec65a124b1c6850f67e55247eab00a5edab5d3461eff04552065459d86bfd1a9154a73ed69107a7dd76c3b8b74bcef84b013f2100a6d08cf9803e1a21f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86736747dd55aeb05e9c16362d9c6d0e
SHA1 0b2d19f1e0af4be8d29dc55ab2f39bc782755c4f
SHA256 b1c6f7fda05781fdc439a895fea682f0b18805b7480e6821021bed77af02f597
SHA512 aa3fed14847fcf855978813562bc6ef19019922b57a486319077b4406c0e6a1724161a7cc291475befe67266a5b672585a1247b6f638c855c11410cd28dbad17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 7b68fe9194aa041042763d9ee493c3c8
SHA1 a612850058eed0123e6e5b3e8e9722de825c1e78
SHA256 418b6c83848bc7110ccb2e3887e493bfe258846f9e957d1d895f5c8a9ffd58bd
SHA512 95f3c14da34db0dc136827214c89630018daa67fa1609eb0bad17d5691c0b66c0118285b2a60afc8eac9fb1d0f7e08f0db0a1b30149827ad29b891d895cf01dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 f003ce7ba601c6c1bdb683c875c99742
SHA1 384f3965d8df2e061916b413d25f7a6e263a593c
SHA256 49e38c86d988f61715eb98023e965433a7b9ad5a362c145bb8930e85138a7076
SHA512 e08260c801c4d740184fa17e6399d6d3c13c0f684a4dac6f3fda4c32713afc7b0ba20053176811acb1c4a01f662dda43a5bea7873b7fd03d69ce60345bfd3c2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

MD5 e9da3565b2020bb542ca0c5f1c7b205e
SHA1 ed859aa88b286aa58e94cbf57ec6a46a25196519
SHA256 7dcfc124d9efd62d7e9d1b4ceb55ba4e2d7a2e1ff81a6545fced44c80c66b584
SHA512 5e884ebe730a50796fa7ac5d3d66a2577cbe40d4f60a156deed1cd2cc4dfb3f176b69c3fc0492c7c8daa861d36d6b89660f084f0448cabacca94bade0b4d3152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 c0a0c86dd99c50f73a1e595dd3af937a
SHA1 1e14113699fb8284f88db01b9ccd796da54a36b1
SHA256 bed690884f77464e60d669d63150aa7217de87f4ac5aea2596b23e25cc926787
SHA512 90f507f0fc59c363e2fec3c66afbce6d868c3eb466002427e334fe63f24556e04f5dc242a36dd180798155dbb1e5b765c9e646fb2553d20a01ae29bd93bfac5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 ad92e3bfe91d09efb09c5aafb0124172
SHA1 21b13f63f1fe4fb194cdd71d56ff355311b9ee84
SHA256 870ef333f1342a90fc181ab4c9ae751b3aa1d6b26e2040c6567f1d978e062a54
SHA512 570070ed5fb76eb9e8142a7bff549bd5676ad11f70e1022dbe76af26bd47b35222a36c94af1258108679dc47b827f93078f5767349839fd4b52bb86cf9aa832f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 8eaaa1ea8e7cd255482e9076b6a84fd6
SHA1 55c6d9e03ede1d15559a9f80636c2319c8c5c20a
SHA256 bfd892ad976b64c1a932ec4e5e7e45f1c247068abfcfbde434eb9bfd7faeadc7
SHA512 3e8926aea20fde3bd1b5deb03f8076f09282595b7e51a4fe14e3054d10b734ca5e7a52fac73970d08e44f4b9d7dfa1b7f75d3a2d478fe3b2225ef18995832530

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 098fdf8fe25a95a13d1b7af9a7d06724
SHA1 94926c543956b7e7f0e8aa159ac2585d4589bb1b
SHA256 94da5170cba4a49803b39502328c3905908533bd633b9ffbb46544975b02487c
SHA512 bd79294ea9f6765d994becb8af81baf11f295097e9a593dfb68b8f05fada1f2567a64aefa6a10ac34b2e51f1e44f6d2c4be9271a019fdac02d8f01c45a1114e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 d0e139c1a07bc95bfaaa9d38968e344c
SHA1 010f2e791807a87e1baa3c57c71ea7afd6b5e846
SHA256 a56f591156670ee2f5a8e67ab16b75ede349ab78214cab07520d0565497892f6
SHA512 d5945d062032e459a6f1114b2f76a10d272e3ed434aac9cb05589789c3bd5ce222cdc517aff2f71992859fe370795b5522ae793816ba9b53fcdc77a9595861b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 67816f1c7795be69fcb337cb63adc542
SHA1 711c0d22435f4e34dd26b5c462f708cf26ca192f
SHA256 7aa39de6f0c8cf0c21b13e3c045f100012dd1064f7f6de8ebeb9592338545d6b
SHA512 62edf4b2e6f23085a6b96af7fc24c4d5f0d7348fa3cf04d7dc8bff5076ce84aeadb3bcb053ad4584db9b80aa66558c8facc040fb402184717ef08838bf2116e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ec7e11f376c48a87103d1837de1e177
SHA1 ab9c0e774ada7034e9112296cbabcc9b99cd386f
SHA256 cf68e179964b811d67c74d534170670102bbe9a692e269f71d7c39b7b69f26c6
SHA512 72a1b840eb94d776c56e57e4fd06342761ecbcb6d2d130eb40049bb1a17e63649aa99d53389e4906d18516a946efce1e264e064e02305e9ded1c6f3454445aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5e3f227c12464015d8cee8756dc4478
SHA1 7c519143eb2cf577f6e37795a83498db1c5368ce
SHA256 d364df6e257b47739ad8e9e31c8f68e9344b4ed674f391c4b4fd347907fc5740
SHA512 377fc2bb213e6d8ff0497f1a36985f176bd808d26d37fba393d097871ffc3d4602764789fd03520c96a0e9e93e067a9c303b6871b585e3b29aedd658d0607224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fabb5e3966b1bdb217f5acb849484ef
SHA1 45816e1efede99f713631327ebbff32c6bc2291c
SHA256 d619a07bbee9d4f98d40026e31e3b9f1264cd55a654cff08780b589cf58b62fb
SHA512 86a090470a0c2b3cdc73cd9d90cc635442150d8a8b097e4696affe363c706212fbd0a9d7b237d2d824449b78aaa1f8ed66c0ae97f6ae046c88011974774e9b97

C:\Users\Admin\Downloads\Unconfirmed 709902.crdownload

MD5 fe537a3346590c04d81d357e3c4be6e8
SHA1 b1285f1d8618292e17e490857d1bdf0a79104837
SHA256 bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a
SHA512 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c521bc4a6a9e308afa3fa02602ae3b0
SHA1 dfb40c943f836c3702ca6a8c5e330386b65b24c3
SHA256 e611f985707b40d7fcd6a4704de1f6667bfdf3b2cf24c522d4c635fa033d38f3
SHA512 b84a84631b1f7851619fd0ad8883dfe1f42a91583b261c0778ad1faf85bdffa8ea6d36e03dd5710e6539bc09c3a0557be5148b53f0ccf59491a26fe197d20349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93344ac931cb8e466d338cbbf178f626
SHA1 8f175eda2b18e3c9ee063abbaf632e532c55e7b7
SHA256 dbc71e665ff288967a39379d3212275b53642f54c65d52334ee0369a55381764
SHA512 26ef8aff20a415ddfb74f27c94c917aa4948234283a6a191acdd2114b6f5971da003071820d56562a1142f8c9de27a929b091e8780154a220bc76c562494f113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fdfa547a0b8a9d72e7139f7634d12a7f
SHA1 02ed635033bd98a55a003df1dcb17f151c599c33
SHA256 09bf0fa2d19584ddf4931d9d642ed4799c092bed1af56bce1657ac1ac6291221
SHA512 49e982dde153e55ed1ed50d49e13c5d4f86572e5aa1a44313f66263ad3dec114943cd78a7968331bfee91115d93fc98be2887f42665228f4326eadebf892ad9e

C:\Users\Admin\Downloads\Unconfirmed 525084.crdownload

MD5 1d9045870dbd31e2e399a4e8ecd9302f
SHA1 7857c1ebfd1b37756d106027ed03121d8e7887cf
SHA256 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA512 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

memory/388-1168-0x000000001BE60000-0x000000001C32E000-memory.dmp

memory/388-1169-0x000000001C3E0000-0x000000001C486000-memory.dmp

memory/388-1170-0x000000001C5B0000-0x000000001C612000-memory.dmp

memory/5596-1172-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b72ecebd4172bf666f868f5b953efb7
SHA1 835dbd99d82bdc812f0a772f6ea7374cf073f408
SHA256 2ae5c57ffc95ca07c0c19d151a8784070f71bd3f03aaf4b18a5529f3123c7072
SHA512 28e6e0561da5c6d9406b5c8174b830647c1b09101c7ea3d186b11992417ea1cf05cb725d1c9695f9f2dd8d71461137d0c962d19422754d134d209b84c9c0af48

memory/3172-1195-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

MD5 502984a8e7a0925ac8f79ef407382140
SHA1 0e047aa443d2101eb33ac4742720cb528d9d9dba
SHA256 d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c
SHA512 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17

memory/2332-1205-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload

MD5 cce284cab135d9c0a2a64a7caec09107
SHA1 e4b8f4b6cab18b9748f83e9fffd275ef5276199e
SHA256 18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9
SHA512 c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f

C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acee68eb11cd1120d72b1adb66892259
SHA1 4e7cede05bced46f1fa406dfead8b77e23376d6e
SHA256 2a9ece5bcb96e91ad7cbdb7937ed9fd44efc0759b119b5b50750aa74d032f226
SHA512 3401e657cefcabfae5131dfd0659628901bc1f1d68205060d87c9f580480214c0551bf7f09f7748bd64ec515b9c934539da68891d9bba347552b7618a9ccf1ce

C:\ProgramData\svchost\vcredist2012_x86_0_vcRuntimeMinimum_x86.ico

MD5 fde1b01ca49aa70922404cdfcf32a643
SHA1 b0a2002c39a37a0ccaf219d42f1075471fd8b481
SHA256 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5
SHA512 b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78c88151718e549fe11205a2e2cb66e9
SHA1 6c1b605761e237a3984a915c1313f5b9e1b329c2
SHA256 d141b243cbf72cd44bd460f635e04fc68d8c29b434b1fc5aa328084a8c715a6a
SHA512 6c62ea0fb7dc78ad51c6f0787349b18283cebf721fffa47851594afa841c2e0cb28e48480dc2868e613a88ad095e209dd44bc2c17a06328907f389ed04b7e18d

C:\Users\Admin\Downloads\Unconfirmed 988489.crdownload

MD5 a56d479405b23976f162f3a4a74e48aa
SHA1 f4f433b3f56315e1d469148bdfd835469526262f
SHA256 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512 f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3eb2ad616108bb3e6394b896b516ff0
SHA1 a02dceb65e594eaa3f7b8cce713360faab4e3ac2
SHA256 db54580f1a1b2f2b1b7ea5f4da88fda698fbb0fea8865a884e012da0dbf74204
SHA512 f2b5be344d7ad65d64edfe6286190d1ee86f88d260e141f50d0fa829643196f8aedef76e8a809bca46d1b76cf29070996228e53ee86159bad678ffbef545c844

C:\Users\Admin\AppData\Local\Temp\vbc72EDE5CEA4234E81AD1052E03549E2DE.TMP

MD5 3906bddee0286f09007add3cffcaa5d5
SHA1 0e7ec4da19db060ab3c90b19070d39699561aae2
SHA256 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00
SHA512 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0

C:\Users\Admin\AppData\Local\Temp\vbcEA04138EF22A4DA386E16B8FB782F959.TMP

MD5 85c61c03055878407f9433e0cc278eb7
SHA1 15a60f1519aefb81cb63c5993400dd7d31b1202f
SHA256 f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b
SHA512 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756

C:\Users\Admin\AppData\Local\Temp\vbcCC91158BD474ACC9E6F907422ED730.TMP

MD5 dac60af34e6b37e2ce48ac2551aee4e7
SHA1 968c21d77c1f80b3e962d928c35893dbc8f12c09
SHA256 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6
SHA512 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084

C:\Users\Admin\Downloads\Unconfirmed 126400.crdownload

MD5 b6c78677b83c0a5b02f48648a9b8e86d
SHA1 0d90c40d2e9e8c58c1dafb528d6eab45e15fda81
SHA256 706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822
SHA512 302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cc079b3ff1f7e4d0cdb662903fad67e
SHA1 be14c0c072f1f89b3b0f0cd1e53f7c498544e76e
SHA256 4943afb08e5193d670824439b0021991bfd30bf3b1dfd804dd5887b3abd636e2
SHA512 b62e4358e4e3d10c818e92a5549db96ec84a1d6b2d42a3b4f5328374f25e5a6dad9df4b4b05d8f5b72666ecd9efa1ef5c96ddc2a4c31cb42c29365dc22f8c538

memory/2336-1726-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2336-1731-0x0000000000400000-0x0000000000410000-memory.dmp

memory/4708-1733-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2172-1743-0x0000000000400000-0x0000000000410000-memory.dmp

memory/5196-1748-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2612-1749-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2612-1761-0x0000000000400000-0x0000000000410000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 768a196e83631072971c1b42a083dea0
SHA1 127c311ec6a4d4e42e1e852f2fd5ac82ba691b16
SHA256 bfdd7beb5538772945774be3b7c96a5b73edf6cd681924b20df1319dc0e89118
SHA512 3b73b0503c5545d37433b307921b0b8f43954a9c28abbda462c2e6723e20565d4b5207f66a5347b6fb77e3e6a755f5f090e89bd65bbcdeb0225befe5ae48b2d0

C:\Users\Admin\Downloads\Unconfirmed 3360.crdownload

MD5 4f30003916cc70fca3ce6ec3f0ff1429
SHA1 7a12afdc041a03da58971a0f7637252ace834353
SHA256 746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c
SHA512 e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029

C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe

MD5 155e389a330dd7d7e1b274b8e46cdda7
SHA1 6445697a6db02e1a0e76efe69a3c87959ce2a0d8
SHA256 6390a4374f8d00c8dd4247e271137b2fa6259e0678b7b8bd29ce957058fd8f05
SHA512 df8d78cf27e4a384371f755e6d0d7333c736067aeeb619e44cbc5d88381bdcbc09a9b8eeb8aafb764fc1aaf39680e387b3bca73021c6af5452c0b2e03f0e8091

memory/1292-1821-0x0000000000400000-0x0000000000486000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 300cf80b1d893263e933a7233a2111ce
SHA1 4c70715afb9dd01d95f296e6c4484c0b632af98b
SHA256 8fbc2f1abc78b47e41e0a54e025300a44eb3ceaf5c83c2257a2da10204d20448
SHA512 bfec8e55b43fcd500bdcb64b5755d3943411eaeecda3b81896d2325a7bd079e61dba2ec11d890ce15580cbcb5a40b493660c54f37893503c11d5df58cc5284fc

memory/2828-1831-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\drivelist.txt

MD5 343c6f5dcbc9f70509a2659b6dcca34e
SHA1 573ce994df7f433ba8d897a03b8beebc1a1e80b7
SHA256 375c1af6f2d1fec8595df303bced33d9f80da01fea7d4968e24ef64dfccf78bd
SHA512 4b92a1a45c2f1d00eaa58feda3a0de94d91727824c5ec5472f0eb4ba0ee8edfcae8f05b01bacba5263e870f79e5737137f75434e009260d53853b7f86f94ba4e

memory/804-1846-0x0000000000400000-0x0000000000486000-memory.dmp

memory/1292-1852-0x0000000000400000-0x0000000000486000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\2.mp3

MD5 996867ee0cfd71ede0cda93e57789c75
SHA1 15abbe1362ca9ae1889ea56d3ea07f793ee76665
SHA256 c3d83fa6b168c9c53b7f9f4324be6f8053e47047e63199c05665a6bad5a587ed
SHA512 e4c3505e9f3c3f4469c858f08e612982e0a24b05b0c3e5aee5c63cd028b48f232c4e7470be50f3443f80b09aa74f2f9e59fc78fd8aba52777a1811033fb6cf00

C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\Icon.ico

MD5 e4231534c2813fda3a98d6d6b5b8b3b5
SHA1 c22ac56a296756120228cfe77fcc17b9000934c9
SHA256 143c93447046030853857088e31ee6c121d63fdfd03f10d36dfdcf6f0634ba43
SHA512 59aa526796c7e1de9bf2074fecae7b7520f34fd0f523bbb4c1f111b1b289f0a5bb7b94dc73fd8fec6187076c10d87a56273a09c79c718e388fcbaf5f0dd676cd

memory/804-1858-0x0000000000400000-0x0000000000486000-memory.dmp

memory/3088-1868-0x0000000000400000-0x0000000000486000-memory.dmp

memory/1108-1869-0x0000000000400000-0x0000000000486000-memory.dmp

memory/548-1879-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3088-1880-0x0000000000400000-0x0000000000486000-memory.dmp

memory/1108-1881-0x0000000000400000-0x0000000000486000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3436e447d1c2d36134bbb61c7cab2f6
SHA1 ce1813f5a20505b8f2714d73e95f83b4219bc027
SHA256 d47c14a708ea168a6f2e0401398841b8cbec8fbcfb3818bcd0d45fc6214a8ad7
SHA512 71cd32b0242ed03b56e52ec3cfd466395c6d6d026ea73029bb9bd52e8ba80e08b6ee03caf1d26505e111a909bd965ce471658dfc81e49a6da5f55b1f559f9576

memory/3088-1892-0x0000000000400000-0x0000000000486000-memory.dmp

memory/1108-1893-0x0000000000400000-0x0000000000486000-memory.dmp