Analysis Overview
Threat Level: Known bad
The file http://rmax.site was found to be: Known bad.
Malicious Activity Summary
Revengerat family
RevengeRAT
RevengeRat Executable
Adds policy Run key to start application
Downloads MZ/PE file
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Drops startup file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
UPX packed file
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops autorun.inf file
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Program crash
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
NTFS ADS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-01-11 15:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-11 15:45
Reported
2025-01-11 15:50
Platform
win10v2004-20241007-en
Max time kernel
329s
Max time network
330s
Command Line
Signatures
RevengeRAT
Revengerat family
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\status = "present" | C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon = "C:\\heap41a\\svchost.exe C:\\heap41a\\std.txt" | C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Heap41A.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| File opened (read-only) | \??\k: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\q: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\r: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\x: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\z: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| File opened (read-only) | \??\e: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\p: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\s: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\t: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\y: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\g: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\i: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\m: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\v: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\w: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| File opened (read-only) | \??\h: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\j: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\l: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\n: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\o: | C:\heap41a\svchost.exe | N/A |
| File opened (read-only) | \??\u: | C:\heap41a\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\heap41a\Offspring\autorun.inf | C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe | N/A |
| File opened for modification | C:\heap41a\offspring\autorun.inf | C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\ddraw32.dll | C:\Users\Admin\Downloads\Bumerang.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\ddraw32.dll |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Bumerang.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\heap41a\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Heap41A.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 709902.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 525084.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 126400.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 474138.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 988489.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 3360.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 614494.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AgentTesla.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rmax.site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcbc46f8,0x7ffbbcbc4708,0x7ffbbcbc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --server-tracking-blob=ODhiN2Y5NzZhYjg3ZmU5ZjdhZGNhOWFmZGE0NTk4NDcxYTJmNDBmNDE0NzEwNzY3Y2U3ZjUwYmZkNzc2YWJiYzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1lNWQ3YjBlYjEzNjI0ZDcyODNkZGRkMTIwMmEyZWUzMSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxJmRsX3Rva2VuPTg0MTYzOTk2IiwidGltZXN0YW1wIjoiMTczNjYxMDM2Ny44MzgzIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6ImU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImNmYmQ3ZGM4LWY3NTUtNDhmOC1hODFlLTVmNDA5NmJiZTRiOSJ9
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x330,0x334,0x338,0x310,0x33c,0x74e8ed4c,0x74e8ed58,0x74e8ed64
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x6c4f48,0x6c4f58,0x6c4f64
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5912 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250111154627" --session-guid=d516adfe-35fd-4145-a5ad-b06a9c99919a --server-tracking-blob="YTI5MTU0MzM0MDVmOGQ3OGE4NmI2NjRmZGU2ODc4Mzc1ZGU2N2ZmNjkxYTFjY2ZlYTM4YmM5NGQ0ZTVjNDViNDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1lNWQ3YjBlYjEzNjI0ZDcyODNkZGRkMTIwMmEyZWUzMSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWU1ZDdiMGViMTM2MjRkNzI4M2RkZGQxMjAyYTJlZTMxJmRsX3Rva2VuPTg0MTYzOTk2Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM2NjEwMzY3LjgzODMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9IVlJfMzczNiIsImNvbnRlbnQiOiIzNzM2XyIsImlkIjoiZTVkN2IwZWIxMzYyNGQ3MjgzZGRkZDEyMDJhMmVlMzEiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiY2ZiZDdkYzgtZjc1NS00OGY4LWE4MWUtNWY0MDk2YmJlNGI5In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=C40A000000000000
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x328,0x32c,0x33c,0x304,0x340,0x7253ed4c,0x7253ed58,0x7253ed64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8020 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pf_fonra.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DF0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc438C4D55262E41F99624DD722B5C175F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qadermbg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EAB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2FB13911D9F04C59963546399F5F6A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3qckvxua.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F57.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1AD4793F51334E539181DAC6D19C67B3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x0zm7xnz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4003.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1C0B18826F9842B282492ED461BEBC98.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dmewahte.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4090.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc78F20091FCED44CBBE8A941060965738.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ex8o7n1e.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES411C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE399976624F14EC39CE4B1C8F7B11D60.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\l4w0h79j.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4199.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4A4883B877964D40A99C968D781C876.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\twohqwnz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4226.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc60BCD9D1AC8C4302B11AD563B749451.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwyxzlhe.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES42B3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc44376C5AA503457DA515A6D1BEE9B76.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4l-zauoh.cmdline"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4330.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6950D264EB14F78AD94B32390C9913C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\09ktgpey.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES442A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAA5A31E9307440BBD1D607983402C1C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sogtlmey.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4533.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA0579CC4C10940789BC4AC443724F8D8.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\blbrf2im.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES45C0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5573BED65CD49948E92917C54293644.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hgeafn1x.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES463D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9670E2FD34E74B458433C1504D671C89.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8qb1nmzw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC6880492EEF4628B081DC4474D7C7DB.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dccszyc_.cmdline"
C:\Users\Admin\Downloads\AgentTesla.exe
"C:\Users\Admin\Downloads\AgentTesla.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4746.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc88AE55C2B234649BA85BA7EFB2C469.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zssxon3b.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4860.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB5240A5830141669D928A833EE1D837.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\23hw-fnt.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES492B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1348C7B755943CEBE5A49B4C9823EB.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6yx3jmsc.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES49A8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAF6D1170A9FD4C06BC5982BED7D515E6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mkpdmhlu.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A92.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD0431ABF580E4F82BB41A7E360E1AC88.TMP"
C:\Users\Admin\Downloads\AgentTesla.exe
"C:\Users\Admin\Downloads\AgentTesla.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gcyysdee.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4BAB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDBB0C8FC80584100BA55E595C61D4AD6.TMP"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6ga_6uuw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEFBB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD9FB8674910142EE8F269660C4670A2.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\srbmg-pz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF096.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc33ACF0F636EB468FAD43CF7F1A63666A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\eoz_oc0q.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF132.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc35F4925993CC44CC9A926B942D337D69.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zosi3mv5.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF1A0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc72EDE5CEA4234E81AD1052E03549E2DE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vfuztrms.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF21D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEA04138EF22A4DA386E16B8FB782F959.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fbktcfks.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF2C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4AB47EC95A8E47E596A2FCFEBDE9715A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\udis97r9.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF365.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc919E5A41D6C249C38585C76F51353CE7.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\oqqwhvsc.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF3D2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCC91158BD474ACC9E6F907422ED730.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\-xyr6i3f.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF47E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFE137746310A4860BDCE2125A7663E4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\heoh3m69.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF4FB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc77AD81BBD5894B7182CDE7BCE4374ED6.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Users\Admin\Downloads\Bumerang.exe
"C:\Users\Admin\Downloads\Bumerang.exe"
C:\Windows\SysWOW64\ddraw32.dll
C:\Windows\system32\ddraw32.dll
C:\Windows\SysWOW64\ddraw32.dll
C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2172 -ip 2172
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 324
C:\Users\Admin\Downloads\Bumerang.exe
"C:\Users\Admin\Downloads\Bumerang.exe"
C:\Windows\SysWOW64\ddraw32.dll
C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,1168145015014619550,47852764229104782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7428 /prefetch:8
C:\Users\Admin\Downloads\Heap41A.exe
"C:\Users\Admin\Downloads\Heap41A.exe"
C:\Users\Admin\Downloads\Heap41A.exe
"C:\Users\Admin\Downloads\Heap41A.exe"
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe" MicrosoftPowerPoint\install.txt
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe C:\heap41a\std.txt
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe C:\heap41a\script1.txt
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe C:\heap41a\reproduce.txt
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_7kge-vy.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8B30.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4F67CE35E21E431EA9752EEAD13C9F5A.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rmax.site | udp |
| DE | 3.124.100.143:80 | rmax.site | tcp |
| DE | 3.124.100.143:80 | rmax.site | tcp |
| DE | 3.124.100.143:443 | rmax.site | tcp |
| US | 8.8.8.8:53 | proftrafficcounter.com | udp |
| DE | 3.73.241.61:443 | proftrafficcounter.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.100.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.241.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | layerrepeatedlychancy.com | udp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 8.8.8.8:53 | www.1candy.pro | udp |
| DE | 3.75.10.80:443 | www.1candy.pro | tcp |
| DE | 3.75.10.80:443 | www.1candy.pro | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 1candy.pro | udp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 192.243.59.20:443 | layerrepeatedlychancy.com | tcp |
| US | 8.8.8.8:53 | 20.59.243.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.10.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| DE | 3.73.241.61:443 | proftrafficcounter.com | tcp |
| US | 8.8.8.8:53 | d17iy0164v753e.cloudfront.net | udp |
| FR | 13.32.158.145:443 | d17iy0164v753e.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d25mdneknrv20w.cloudfront.net | udp |
| FR | 13.249.12.66:443 | d25mdneknrv20w.cloudfront.net | tcp |
| FR | 13.249.12.66:443 | d25mdneknrv20w.cloudfront.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 145.158.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d39fkvblvwpxa1.cloudfront.net | udp |
| US | 8.8.8.8:53 | buxspot.com | udp |
| FR | 13.249.12.225:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| US | 104.21.75.113:443 | buxspot.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 113.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.cloudtrks.com | udp |
| FR | 13.249.12.225:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| NL | 34.91.218.141:443 | app.cloudtrks.com | tcp |
| NL | 34.91.218.141:443 | app.cloudtrks.com | tcp |
| US | 8.8.8.8:53 | mr.macgsapptrck.com | udp |
| NL | 34.141.179.97:443 | mr.macgsapptrck.com | tcp |
| US | 8.8.8.8:53 | 141.218.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.141.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get-gx.com | udp |
| US | 35.174.198.186:443 | get-gx.com | tcp |
| DE | 52.58.51.150:443 | www.opera.com | tcp |
| DE | 52.58.51.150:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.198.174.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.204.78:443 | www.googleoptimize.com | tcp |
| NO | 23.49.26.10:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 150.51.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.26.49.23.in-addr.arpa | udp |
| DE | 52.58.51.150:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.133.100.95.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.38:443 | 11199305.fls.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.184.233.64.in-addr.arpa | udp |
| GB | 142.250.200.38:443 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.216.46:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.16:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 151.133.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| IT | 2.18.254.43:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.254.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| FR | 18.245.175.102:443 | static.hotjar.com | tcp |
| FR | 92.122.166.181:443 | snap.licdn.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 57.144.120.128:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FR | 18.164.52.40:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 102.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 140.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | bat.bing.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 204.79.197.237:443 | bat.bing.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| DE | 92.122.215.65:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 65.215.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| DE | 2.20.142.155:443 | r.bing.com | tcp |
| DE | 2.20.142.187:443 | r.bing.com | tcp |
| DE | 2.20.142.187:443 | r.bing.com | tcp |
| DE | 2.20.142.155:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 187.142.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.142.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_664_EIXNZAJZFQXSMLKF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7de6bd6c3d4e59218f84077d678f5171 |
| SHA1 | 5bcd320ef441defe40df29155e3dec56690b857b |
| SHA256 | 99324029218168474cd9c52cd736da0f253a29f437bfeb430e4609126c57c0d8 |
| SHA512 | 231b5cbfaad559025bbef53c9219baa972c5ce453736e8cc4c7b973a4b7295e911cbde20964eb821459f1c508d75db8e28c63db27986222eaeaab21e8b11a294 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 62f8db60f39674cda6dda054a610d025 |
| SHA1 | 5b2cfa46249256bc90fb46f07134e2c9e9392380 |
| SHA256 | 7ea2496c6be7092f0c8aeee483fe30b1cf25b2bbd7a3febac86e590e86c51e79 |
| SHA512 | e4bf17e6f8184b76b02e7f0207ba943f4f18b096e0e807b5d569f7061fa352a132697efd96d8917d06c54a78f8551996cd6f1321c724106324d1a3c9cecfd5a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5007676db3c43ac6bd1cbe932558aa6 |
| SHA1 | 1a681afb38a44f6d7bdc296a04dc3670f0f41f56 |
| SHA256 | 84ae81c5b35405090c0c640640f0882e943b8c0a07e7144bfdfd9955aa6f6486 |
| SHA512 | a8a6c616d51778bb9ac5c5b0e973e2b9deac54de607cc5fed5e3060443cf9f871a8603163648ad48248adac33d2fb8d2ffec53c27d8dddbc72b31a12d84b2e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5e99fad9bb444d00bf99f78be31db27 |
| SHA1 | 0b06cc5000d3295effd5ae846947878bbb4ed118 |
| SHA256 | 828c2e38cefd6cdbb89951ad43b7c0480ff40526d5a02d8674d29887bc9e541b |
| SHA512 | 742cc8a1a1b0e6f35fd8103bf5230f8ba01d6a2cb1176fa29a71272d43836d1aa4bf19678f0fe99467f8c1851a0f7f6b3a6f8f1abd9f7b880ba7db160fb520c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5838de.TMP
| MD5 | f8fb4923da9f5cb1c1279836723f9015 |
| SHA1 | a56600782673481ea6dfc76c990ced613d034924 |
| SHA256 | e0f64c9804fa4d22c896231d261ba9dd52ec31721add6ee2980b052b7ada48ea |
| SHA512 | f5a06f73e197349d4a21ee4180126fc27e839e90079f1950dc2ea995a278b5014180a340024ba4d63750ce6e26fa2359f5c8910624c77bd1c163fcccbc4e35d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 516460d94e5405572ba44a00b82bf6b1 |
| SHA1 | 07043d18cc153447dc7c905928b6959ad7afbd9d |
| SHA256 | 49fb7e86a69b193f03e10d9a6b4142db967321d8fbccffc123e78e93156763ad |
| SHA512 | fa778b14a28f420ac1b20caa3f47b0119407429816997cd55760dc2b86ffac5750e4a952284580ce13237627335340dd334e7c287a11d2531bb8667ba902ae33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 670eb011d6eb62e0c2a62b5a24c08312 |
| SHA1 | e2d4ec13924e83b2944e2430384aaf00cd4c1446 |
| SHA256 | 6e4878eac11149ae7c8432e293a9dacb6a153e335965445406ca0997b2dc95a1 |
| SHA512 | 3741bdac0037cea0d42556ed9e69ed63566440e23646833dd4a58c0dc41c60a9e6b28fb86f248dd81f68ccfcf01fb01b4a3400571289be34a86f0edd5f8174a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 825746e551c1395ccda61b68f0a6bedc |
| SHA1 | 8fbeca78c8b314c52c4bd767d589b73798feebcc |
| SHA256 | 88c925a35492c0a1491fbb607f10466ed5826c3f89da11170435aab1a214d166 |
| SHA512 | 90fab3539a8c4644a618f5fd322b0f9dc934f5580ca3de2eca1c517c0b68223eb8b8a3da6c64f8793448cdb595452dc60805184be7cd5439a16007010e8f9339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32ea70325c12277ee06263796bc62e5f |
| SHA1 | 1b67b64ec8078f9f74233549fa6f6504d9772b10 |
| SHA256 | dc82821e811d8671bcf34b3e3c27837e068e95ff5a258b26da6672cbfddec702 |
| SHA512 | 90282fc072361d215bbf106022dc9aeb82d1c979d9e6dc25109d3a27b32e92c5bdfa650183af100b6f85516ef588953d7302004dbf36be66f6b7cec9b5e523af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2f12cd2f081bdb2f07313eb2e96bba06 |
| SHA1 | ff61844636ea9b901e031e2b78cdb574edabc2c1 |
| SHA256 | 7d5dbfa28490079385fbde5aaf7398cf0142a3b59c4b21b15115c771b5e70643 |
| SHA512 | 65fd8165f3e4da9463c28afd4671caee7389bf4acc8f59c033b018d6ae7035fb06e8d96f09537d3ce5423cb6bbebec950060918c3a0c0ed35ccb1223d9d81817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587635.TMP
| MD5 | f7fb64ebe752fa4185d10bab07b38923 |
| SHA1 | 7da4be82a6e406d47a0f9e471be2f0bd0be7acd9 |
| SHA256 | a8adad6cf7a97f067cb87e069b86a5b6cefd328ab918c4f4d9715ee3489e2895 |
| SHA512 | 7413c0e51c6dc15196bf75daca48ded5e5b3f4a3c3128eced6d9c583a3bd88912c74fa30569471969d1ae602bc5cca3fefd00db34fad195c2e8fedb683c7d2cc |
C:\Users\Admin\Downloads\OperaGXSetup.exe
| MD5 | 491d718268e220385a4f985fe3e14f63 |
| SHA1 | 2c1cf8957436576ee57c0ea7cddff1726ac3725c |
| SHA256 | c32e4c7827bef72d6f9420afabf04bc1329458d03249e1ef31d25463645e6244 |
| SHA512 | 17aa6a70d5cdb3766c0c19e2ccca660d21f91e296acf6240cc1b1615e018e62b094833dcf7aa109d20cb945e3774d9d0b2144269a90e7e7f8add7f38e83b2bb5 |
C:\Users\Admin\AppData\Local\Temp\7zS086B00D8\setup.exe
| MD5 | 31824cf3d0d413089f861f703997857e |
| SHA1 | 3f9f8b948abf1c5f968444f0b2fa6ea64d74c344 |
| SHA256 | 71e528e4c023b2acafeaa8551c691f83d563abacf534a05d2d3b9d10ed02fbe6 |
| SHA512 | 70f4d0b5721ed1f785f31082f59acf529c847489824301651353c3aa079d53d4b8e77b1a86df4adc3b35db4731ce2d0bc685fbfa6899dc03702d673c9fd7288a |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501111546251315912.dll
| MD5 | 5614930f6f984c8f2e36ab2df60a0bf9 |
| SHA1 | 495a0e214cf5b97336a0bf7d419a0e6f08b271ff |
| SHA256 | a0f1430b90e328b644e58446b716366449696fbf8a10e2bcd804fd4ea2bce542 |
| SHA512 | bd43755d662be76e3b15ed3fe1c1f25974b9a57d93c09b15732efb2c9ebd2b411a92c216062f6b28f0187e11d2ed0ccc2657f9ac878e631bef11b409b5948ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7fca7119bb3597842f707b892dd70d61 |
| SHA1 | 30b62b51521dce83c15b9ec92543b7fc138b53af |
| SHA256 | 504118b98c5790725ddcc1e308791d41081b3360b76f056bcb00e0f87ad6e17e |
| SHA512 | 3d5c1e127b390a3bcd9c66f059cd0b7fedf06ce2c277309098d32e9188bbec4173efd3e6132b41e68a64bd96e795590d63bec5b0cfe8bb79535c61f812a92f2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 3dc68c2e908a55af8cd914333948ecfc |
| SHA1 | a70fdf31a8c5500de831fe0008ff840756992995 |
| SHA256 | 03ce663604f5449fc9b1e163e02b5eed936f3d1d9c5bb80b592eba8fcd1d84ac |
| SHA512 | 2955a3be14100683036ac96e8d99536f5ef3a365ef270739a797ceeb08f74bfb9f121df039aaae9eede54356deec1919bc2a7c1e18ab5502cc3731125ac96b40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 1ad120de27f91abc8c21e8cd78dfe279 |
| SHA1 | f75bd0db424d53dc719396d0f31a5ba1e5641076 |
| SHA256 | 8bd9355cc657c6dbe56359c991ed65f2cd5ba13432c82d9372c140089df9f189 |
| SHA512 | 9ec635d44bc437ee2858180ff2474fabd0551dbc73076fef9e69c687d11e242e8f8962769ff8849e9660ab646852c42a21b78ed0bf69be78f0249de0f23c4291 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 45bf2abfd1a60226d1329f9bb2c5bdb0 |
| SHA1 | 156e77b78601352f568237f72fea309540b983ed |
| SHA256 | 59c76126ec916c0e191f2de03327c83531cc50d60eabd997f1fd7f1ed84e4357 |
| SHA512 | 88f2fffd11141bd6314961460558352636b04cc73326a866e9e01bfdcf5912cda62283fb4b92f14082d69ae5842105d9ce8f89e0b0c85067a89f16b9804034fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 83848a0dee303dae6e93cfa917dfb7ba |
| SHA1 | 47951e6755557270e9713d1493eee69a616f0d15 |
| SHA256 | 6721c80239cbabc7a025fd3d1f41960452adb77b670351229a99411df525bc07 |
| SHA512 | 5d586a9ad6bddaa0204eb9e42b7325e6ab25bc82790e292849a022332a66a4d1a04d72abc5f563e6c1e1ff800037c11c8f09425c702e0539e9d2783e65fdf2fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9276189712d727169a5de96ca66e667c |
| SHA1 | 54363de9a3114026dbb37a83762f48c2f6fd52dc |
| SHA256 | b3ca2fd8f3ad28d5eee490f03a982d37b53ee34fcbd0fabcc8031046a66ad79f |
| SHA512 | 734bb354305caff801f51083f40348e94820d24c1f3db6f86780ba27193f74994477fcb047d0d34bb484203e030c68caca020e30fb0c18818fbe3fa7fe5dedf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 7a0d3de9cd9218bb03f9b514ed50f789 |
| SHA1 | b2beb6e56c8256219c3cadfce890c12535461e14 |
| SHA256 | 16e10942df8f4e2d9b6d6da840de52f83c2c2ec091b28ac0dd8eace01864cf1a |
| SHA512 | 15558de1fef18152ceefecf89f5ade098d4574a7c0ac5bb67053f475cd91487ebaa0ea4c320741989049ec7d38353cc1a849678f87363abb26bb4817c1113d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 1b1fcf15c265917d465dd9e1b7451d01 |
| SHA1 | 74bc4500fc0a36fe8f700a4ecdff9ec131e7585b |
| SHA256 | 2f03442a1f19b4f82b6e77cca8aadc425d6cef3d34a0819e43da44fcf717c57b |
| SHA512 | c061a9ea55c4784544286e0c792186c753d4f73d93dab5027cbbfa8eedc089dfa65278471a54e36635a2149065d2cb98e2f04c0ce1a4a9abf723387837cf59b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 61073bebbecb44e3c127f243abb5e08c |
| SHA1 | 8bf7917b448402438bdf83410879adddacf924ff |
| SHA256 | 17048f945c7afa531042491bbb5a0424407023bbb3d817f11da4432ec8dfbc9e |
| SHA512 | 9cd3e1c94116abe0610cc9fad92f2d448604d48d044a01019fbab4512c6f1269d385b2398131dd2d9965245b8901867e6eaf01b2547f00d23b6bee397cd184ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1937ee313c962cec1a1f6bfb493609e3 |
| SHA1 | 935a4fd3aa7cb430b19b7152ee95888e168e1168 |
| SHA256 | f07f039659795b78602bc88b2ece5c934f0d91ac72e0ca4f8f9ea14cbcc8257f |
| SHA512 | 0aeee1b5127d9dfdf4b7938761b63a701994ad91a92fda506ef6346c655eb50c16ef4e7bcc5664f1ba2732634b3210e724d630f53ecb31a8e0ad39af0f6af89e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 30b20a893bc934a279c2e0ffd900c274 |
| SHA1 | 0e48c33db887b2fb3dce559a939ca0ed5c8003b5 |
| SHA256 | d7451a4a16c71e70cc6e420b77adf412a6de4ff740391e3057a03993acf4802a |
| SHA512 | 21fa0c2b47e4ccbc93b720a78a268f8fe70894cb0157863dbc6fbe95245dfcab7271b6a205ecb027d68ff3e96b1306565bf45cfdf031d3536987b2daafc72a32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 904dd12903906ce081f4472591f36d92 |
| SHA1 | b8e666eeb9193032b12366a82bfe2b8fc0be1c13 |
| SHA256 | 75e13d1568a8dd50e639b3d9c0c5d03141cb4fe8f00b34d0229b6d55913ecca6 |
| SHA512 | 70831dec65a124b1c6850f67e55247eab00a5edab5d3461eff04552065459d86bfd1a9154a73ed69107a7dd76c3b8b74bcef84b013f2100a6d08cf9803e1a21f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86736747dd55aeb05e9c16362d9c6d0e |
| SHA1 | 0b2d19f1e0af4be8d29dc55ab2f39bc782755c4f |
| SHA256 | b1c6f7fda05781fdc439a895fea682f0b18805b7480e6821021bed77af02f597 |
| SHA512 | aa3fed14847fcf855978813562bc6ef19019922b57a486319077b4406c0e6a1724161a7cc291475befe67266a5b672585a1247b6f638c855c11410cd28dbad17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 7b68fe9194aa041042763d9ee493c3c8 |
| SHA1 | a612850058eed0123e6e5b3e8e9722de825c1e78 |
| SHA256 | 418b6c83848bc7110ccb2e3887e493bfe258846f9e957d1d895f5c8a9ffd58bd |
| SHA512 | 95f3c14da34db0dc136827214c89630018daa67fa1609eb0bad17d5691c0b66c0118285b2a60afc8eac9fb1d0f7e08f0db0a1b30149827ad29b891d895cf01dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
| MD5 | f003ce7ba601c6c1bdb683c875c99742 |
| SHA1 | 384f3965d8df2e061916b413d25f7a6e263a593c |
| SHA256 | 49e38c86d988f61715eb98023e965433a7b9ad5a362c145bb8930e85138a7076 |
| SHA512 | e08260c801c4d740184fa17e6399d6d3c13c0f684a4dac6f3fda4c32713afc7b0ba20053176811acb1c4a01f662dda43a5bea7873b7fd03d69ce60345bfd3c2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
| MD5 | e9da3565b2020bb542ca0c5f1c7b205e |
| SHA1 | ed859aa88b286aa58e94cbf57ec6a46a25196519 |
| SHA256 | 7dcfc124d9efd62d7e9d1b4ceb55ba4e2d7a2e1ff81a6545fced44c80c66b584 |
| SHA512 | 5e884ebe730a50796fa7ac5d3d66a2577cbe40d4f60a156deed1cd2cc4dfb3f176b69c3fc0492c7c8daa861d36d6b89660f084f0448cabacca94bade0b4d3152 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | c0a0c86dd99c50f73a1e595dd3af937a |
| SHA1 | 1e14113699fb8284f88db01b9ccd796da54a36b1 |
| SHA256 | bed690884f77464e60d669d63150aa7217de87f4ac5aea2596b23e25cc926787 |
| SHA512 | 90f507f0fc59c363e2fec3c66afbce6d868c3eb466002427e334fe63f24556e04f5dc242a36dd180798155dbb1e5b765c9e646fb2553d20a01ae29bd93bfac5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | ad92e3bfe91d09efb09c5aafb0124172 |
| SHA1 | 21b13f63f1fe4fb194cdd71d56ff355311b9ee84 |
| SHA256 | 870ef333f1342a90fc181ab4c9ae751b3aa1d6b26e2040c6567f1d978e062a54 |
| SHA512 | 570070ed5fb76eb9e8142a7bff549bd5676ad11f70e1022dbe76af26bd47b35222a36c94af1258108679dc47b827f93078f5767349839fd4b52bb86cf9aa832f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 8eaaa1ea8e7cd255482e9076b6a84fd6 |
| SHA1 | 55c6d9e03ede1d15559a9f80636c2319c8c5c20a |
| SHA256 | bfd892ad976b64c1a932ec4e5e7e45f1c247068abfcfbde434eb9bfd7faeadc7 |
| SHA512 | 3e8926aea20fde3bd1b5deb03f8076f09282595b7e51a4fe14e3054d10b734ca5e7a52fac73970d08e44f4b9d7dfa1b7f75d3a2d478fe3b2225ef18995832530 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501111546271\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 098fdf8fe25a95a13d1b7af9a7d06724 |
| SHA1 | 94926c543956b7e7f0e8aa159ac2585d4589bb1b |
| SHA256 | 94da5170cba4a49803b39502328c3905908533bd633b9ffbb46544975b02487c |
| SHA512 | bd79294ea9f6765d994becb8af81baf11f295097e9a593dfb68b8f05fada1f2567a64aefa6a10ac34b2e51f1e44f6d2c4be9271a019fdac02d8f01c45a1114e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | d0e139c1a07bc95bfaaa9d38968e344c |
| SHA1 | 010f2e791807a87e1baa3c57c71ea7afd6b5e846 |
| SHA256 | a56f591156670ee2f5a8e67ab16b75ede349ab78214cab07520d0565497892f6 |
| SHA512 | d5945d062032e459a6f1114b2f76a10d272e3ed434aac9cb05589789c3bd5ce222cdc517aff2f71992859fe370795b5522ae793816ba9b53fcdc77a9595861b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 67816f1c7795be69fcb337cb63adc542 |
| SHA1 | 711c0d22435f4e34dd26b5c462f708cf26ca192f |
| SHA256 | 7aa39de6f0c8cf0c21b13e3c045f100012dd1064f7f6de8ebeb9592338545d6b |
| SHA512 | 62edf4b2e6f23085a6b96af7fc24c4d5f0d7348fa3cf04d7dc8bff5076ce84aeadb3bcb053ad4584db9b80aa66558c8facc040fb402184717ef08838bf2116e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6ec7e11f376c48a87103d1837de1e177 |
| SHA1 | ab9c0e774ada7034e9112296cbabcc9b99cd386f |
| SHA256 | cf68e179964b811d67c74d534170670102bbe9a692e269f71d7c39b7b69f26c6 |
| SHA512 | 72a1b840eb94d776c56e57e4fd06342761ecbcb6d2d130eb40049bb1a17e63649aa99d53389e4906d18516a946efce1e264e064e02305e9ded1c6f3454445aac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5e3f227c12464015d8cee8756dc4478 |
| SHA1 | 7c519143eb2cf577f6e37795a83498db1c5368ce |
| SHA256 | d364df6e257b47739ad8e9e31c8f68e9344b4ed674f391c4b4fd347907fc5740 |
| SHA512 | 377fc2bb213e6d8ff0497f1a36985f176bd808d26d37fba393d097871ffc3d4602764789fd03520c96a0e9e93e067a9c303b6871b585e3b29aedd658d0607224 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2fabb5e3966b1bdb217f5acb849484ef |
| SHA1 | 45816e1efede99f713631327ebbff32c6bc2291c |
| SHA256 | d619a07bbee9d4f98d40026e31e3b9f1264cd55a654cff08780b589cf58b62fb |
| SHA512 | 86a090470a0c2b3cdc73cd9d90cc635442150d8a8b097e4696affe363c706212fbd0a9d7b237d2d824449b78aaa1f8ed66c0ae97f6ae046c88011974774e9b97 |
C:\Users\Admin\Downloads\Unconfirmed 709902.crdownload
| MD5 | fe537a3346590c04d81d357e3c4be6e8 |
| SHA1 | b1285f1d8618292e17e490857d1bdf0a79104837 |
| SHA256 | bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a |
| SHA512 | 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c521bc4a6a9e308afa3fa02602ae3b0 |
| SHA1 | dfb40c943f836c3702ca6a8c5e330386b65b24c3 |
| SHA256 | e611f985707b40d7fcd6a4704de1f6667bfdf3b2cf24c522d4c635fa033d38f3 |
| SHA512 | b84a84631b1f7851619fd0ad8883dfe1f42a91583b261c0778ad1faf85bdffa8ea6d36e03dd5710e6539bc09c3a0557be5148b53f0ccf59491a26fe197d20349 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93344ac931cb8e466d338cbbf178f626 |
| SHA1 | 8f175eda2b18e3c9ee063abbaf632e532c55e7b7 |
| SHA256 | dbc71e665ff288967a39379d3212275b53642f54c65d52334ee0369a55381764 |
| SHA512 | 26ef8aff20a415ddfb74f27c94c917aa4948234283a6a191acdd2114b6f5971da003071820d56562a1142f8c9de27a929b091e8780154a220bc76c562494f113 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdfa547a0b8a9d72e7139f7634d12a7f |
| SHA1 | 02ed635033bd98a55a003df1dcb17f151c599c33 |
| SHA256 | 09bf0fa2d19584ddf4931d9d642ed4799c092bed1af56bce1657ac1ac6291221 |
| SHA512 | 49e982dde153e55ed1ed50d49e13c5d4f86572e5aa1a44313f66263ad3dec114943cd78a7968331bfee91115d93fc98be2887f42665228f4326eadebf892ad9e |
C:\Users\Admin\Downloads\Unconfirmed 525084.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
memory/388-1168-0x000000001BE60000-0x000000001C32E000-memory.dmp
memory/388-1169-0x000000001C3E0000-0x000000001C486000-memory.dmp
memory/388-1170-0x000000001C5B0000-0x000000001C612000-memory.dmp
memory/5596-1172-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b72ecebd4172bf666f868f5b953efb7 |
| SHA1 | 835dbd99d82bdc812f0a772f6ea7374cf073f408 |
| SHA256 | 2ae5c57ffc95ca07c0c19d151a8784070f71bd3f03aaf4b18a5529f3123c7072 |
| SHA512 | 28e6e0561da5c6d9406b5c8174b830647c1b09101c7ea3d186b11992417ea1cf05cb725d1c9695f9f2dd8d71461137d0c962d19422754d134d209b84c9c0af48 |
memory/3172-1195-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 502984a8e7a0925ac8f79ef407382140 |
| SHA1 | 0e047aa443d2101eb33ac4742720cb528d9d9dba |
| SHA256 | d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c |
| SHA512 | 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17 |
memory/2332-1205-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload
| MD5 | cce284cab135d9c0a2a64a7caec09107 |
| SHA1 | e4b8f4b6cab18b9748f83e9fffd275ef5276199e |
| SHA256 | 18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9 |
| SHA512 | c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f |
C:\Users\Admin\Downloads\Unconfirmed 841922.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acee68eb11cd1120d72b1adb66892259 |
| SHA1 | 4e7cede05bced46f1fa406dfead8b77e23376d6e |
| SHA256 | 2a9ece5bcb96e91ad7cbdb7937ed9fd44efc0759b119b5b50750aa74d032f226 |
| SHA512 | 3401e657cefcabfae5131dfd0659628901bc1f1d68205060d87c9f580480214c0551bf7f09f7748bd64ec515b9c934539da68891d9bba347552b7618a9ccf1ce |
C:\ProgramData\svchost\vcredist2012_x86_0_vcRuntimeMinimum_x86.ico
| MD5 | fde1b01ca49aa70922404cdfcf32a643 |
| SHA1 | b0a2002c39a37a0ccaf219d42f1075471fd8b481 |
| SHA256 | 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5 |
| SHA512 | b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78c88151718e549fe11205a2e2cb66e9 |
| SHA1 | 6c1b605761e237a3984a915c1313f5b9e1b329c2 |
| SHA256 | d141b243cbf72cd44bd460f635e04fc68d8c29b434b1fc5aa328084a8c715a6a |
| SHA512 | 6c62ea0fb7dc78ad51c6f0787349b18283cebf721fffa47851594afa841c2e0cb28e48480dc2868e613a88ad095e209dd44bc2c17a06328907f389ed04b7e18d |
C:\Users\Admin\Downloads\Unconfirmed 988489.crdownload
| MD5 | a56d479405b23976f162f3a4a74e48aa |
| SHA1 | f4f433b3f56315e1d469148bdfd835469526262f |
| SHA256 | 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23 |
| SHA512 | f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3eb2ad616108bb3e6394b896b516ff0 |
| SHA1 | a02dceb65e594eaa3f7b8cce713360faab4e3ac2 |
| SHA256 | db54580f1a1b2f2b1b7ea5f4da88fda698fbb0fea8865a884e012da0dbf74204 |
| SHA512 | f2b5be344d7ad65d64edfe6286190d1ee86f88d260e141f50d0fa829643196f8aedef76e8a809bca46d1b76cf29070996228e53ee86159bad678ffbef545c844 |
C:\Users\Admin\AppData\Local\Temp\vbc72EDE5CEA4234E81AD1052E03549E2DE.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbcEA04138EF22A4DA386E16B8FB782F959.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbcCC91158BD474ACC9E6F907422ED730.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |
C:\Users\Admin\Downloads\Unconfirmed 126400.crdownload
| MD5 | b6c78677b83c0a5b02f48648a9b8e86d |
| SHA1 | 0d90c40d2e9e8c58c1dafb528d6eab45e15fda81 |
| SHA256 | 706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822 |
| SHA512 | 302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cc079b3ff1f7e4d0cdb662903fad67e |
| SHA1 | be14c0c072f1f89b3b0f0cd1e53f7c498544e76e |
| SHA256 | 4943afb08e5193d670824439b0021991bfd30bf3b1dfd804dd5887b3abd636e2 |
| SHA512 | b62e4358e4e3d10c818e92a5549db96ec84a1d6b2d42a3b4f5328374f25e5a6dad9df4b4b05d8f5b72666ecd9efa1ef5c96ddc2a4c31cb42c29365dc22f8c538 |
memory/2336-1726-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2336-1731-0x0000000000400000-0x0000000000410000-memory.dmp
memory/4708-1733-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2172-1743-0x0000000000400000-0x0000000000410000-memory.dmp
memory/5196-1748-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2612-1749-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2612-1761-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 768a196e83631072971c1b42a083dea0 |
| SHA1 | 127c311ec6a4d4e42e1e852f2fd5ac82ba691b16 |
| SHA256 | bfdd7beb5538772945774be3b7c96a5b73edf6cd681924b20df1319dc0e89118 |
| SHA512 | 3b73b0503c5545d37433b307921b0b8f43954a9c28abbda462c2e6723e20565d4b5207f66a5347b6fb77e3e6a755f5f090e89bd65bbcdeb0225befe5ae48b2d0 |
C:\Users\Admin\Downloads\Unconfirmed 3360.crdownload
| MD5 | 4f30003916cc70fca3ce6ec3f0ff1429 |
| SHA1 | 7a12afdc041a03da58971a0f7637252ace834353 |
| SHA256 | 746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c |
| SHA512 | e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
| MD5 | 155e389a330dd7d7e1b274b8e46cdda7 |
| SHA1 | 6445697a6db02e1a0e76efe69a3c87959ce2a0d8 |
| SHA256 | 6390a4374f8d00c8dd4247e271137b2fa6259e0678b7b8bd29ce957058fd8f05 |
| SHA512 | df8d78cf27e4a384371f755e6d0d7333c736067aeeb619e44cbc5d88381bdcbc09a9b8eeb8aafb764fc1aaf39680e387b3bca73021c6af5452c0b2e03f0e8091 |
memory/1292-1821-0x0000000000400000-0x0000000000486000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 300cf80b1d893263e933a7233a2111ce |
| SHA1 | 4c70715afb9dd01d95f296e6c4484c0b632af98b |
| SHA256 | 8fbc2f1abc78b47e41e0a54e025300a44eb3ceaf5c83c2257a2da10204d20448 |
| SHA512 | bfec8e55b43fcd500bdcb64b5755d3943411eaeecda3b81896d2325a7bd079e61dba2ec11d890ce15580cbcb5a40b493660c54f37893503c11d5df58cc5284fc |
memory/2828-1831-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\drivelist.txt
| MD5 | 343c6f5dcbc9f70509a2659b6dcca34e |
| SHA1 | 573ce994df7f433ba8d897a03b8beebc1a1e80b7 |
| SHA256 | 375c1af6f2d1fec8595df303bced33d9f80da01fea7d4968e24ef64dfccf78bd |
| SHA512 | 4b92a1a45c2f1d00eaa58feda3a0de94d91727824c5ec5472f0eb4ba0ee8edfcae8f05b01bacba5263e870f79e5737137f75434e009260d53853b7f86f94ba4e |
memory/804-1846-0x0000000000400000-0x0000000000486000-memory.dmp
memory/1292-1852-0x0000000000400000-0x0000000000486000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\2.mp3
| MD5 | 996867ee0cfd71ede0cda93e57789c75 |
| SHA1 | 15abbe1362ca9ae1889ea56d3ea07f793ee76665 |
| SHA256 | c3d83fa6b168c9c53b7f9f4324be6f8053e47047e63199c05665a6bad5a587ed |
| SHA512 | e4c3505e9f3c3f4469c858f08e612982e0a24b05b0c3e5aee5c63cd028b48f232c4e7470be50f3443f80b09aa74f2f9e59fc78fd8aba52777a1811033fb6cf00 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\Icon.ico
| MD5 | e4231534c2813fda3a98d6d6b5b8b3b5 |
| SHA1 | c22ac56a296756120228cfe77fcc17b9000934c9 |
| SHA256 | 143c93447046030853857088e31ee6c121d63fdfd03f10d36dfdcf6f0634ba43 |
| SHA512 | 59aa526796c7e1de9bf2074fecae7b7520f34fd0f523bbb4c1f111b1b289f0a5bb7b94dc73fd8fec6187076c10d87a56273a09c79c718e388fcbaf5f0dd676cd |
memory/804-1858-0x0000000000400000-0x0000000000486000-memory.dmp
memory/3088-1868-0x0000000000400000-0x0000000000486000-memory.dmp
memory/1108-1869-0x0000000000400000-0x0000000000486000-memory.dmp
memory/548-1879-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3088-1880-0x0000000000400000-0x0000000000486000-memory.dmp
memory/1108-1881-0x0000000000400000-0x0000000000486000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e3436e447d1c2d36134bbb61c7cab2f6 |
| SHA1 | ce1813f5a20505b8f2714d73e95f83b4219bc027 |
| SHA256 | d47c14a708ea168a6f2e0401398841b8cbec8fbcfb3818bcd0d45fc6214a8ad7 |
| SHA512 | 71cd32b0242ed03b56e52ec3cfd466395c6d6d026ea73029bb9bd52e8ba80e08b6ee03caf1d26505e111a909bd965ce471658dfc81e49a6da5f55b1f559f9576 |
memory/3088-1892-0x0000000000400000-0x0000000000486000-memory.dmp
memory/1108-1893-0x0000000000400000-0x0000000000486000-memory.dmp