Analysis
-
max time kernel
219s -
max time network
214s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250610-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250610-enlocale:en-usos:windows10-ltsc_2021-x64system -
submitted
04/07/2025, 18:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames
Resource
win10ltsc2021-20250610-en
General
-
Target
https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames
Malware Config
Signatures
-
Downloads MZ/PE file 2 IoCs
flow pid Process 249 5240 setup.exe 112 840 msedge.exe -
Executes dropped EXE 9 IoCs
pid Process 5288 OperaGXSetup.exe 5240 setup.exe 5668 setup.exe 5368 setup.exe 4232 setup.exe 3048 setup.exe 6048 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 1712 assistant_installer.exe 3800 assistant_installer.exe -
Loads dropped DLL 5 IoCs
pid Process 5240 setup.exe 5668 setup.exe 5368 setup.exe 4232 setup.exe 3048 setup.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\E: setup.exe File opened (read-only) \??\F: setup.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp msedge.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961274819946996" msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3947991112-772902407-1479079202-1000\{AAB6BC91-FB49-4620-A9D4-64F2FA18F604} msedge.exe -
Modifies system certificate store 2 TTPs 6 IoCs
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 setup.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5868 vlc.exe -
Suspicious behavior: EnumeratesProcesses 45 IoCs
pid Process 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe 3864 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5868 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 3864 taskmgr.exe Token: SeSystemProfilePrivilege 3864 taskmgr.exe Token: SeCreateGlobalPrivilege 3864 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 1144 msedge.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 5868 vlc.exe 3864 taskmgr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5868 vlc.exe 5240 setup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1144 wrote to memory of 1000 1144 msedge.exe 81 PID 1144 wrote to memory of 1000 1144 msedge.exe 81 PID 1144 wrote to memory of 840 1144 msedge.exe 82 PID 1144 wrote to memory of 840 1144 msedge.exe 82 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 4672 1144 msedge.exe 83 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 PID 1144 wrote to memory of 880 1144 msedge.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x368,0x7ffe54b9f208,0x7ffe54b9f214,0x7ffe54b9f2202⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Downloads MZ/PE file
PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2032,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4276,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:22⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4196,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:82⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5356,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4640,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:82⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:82⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:82⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:82⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3448,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3720 /prefetch:82⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:82⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6772,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:82⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6240,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:82⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7868,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:82⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:82⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:82⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:82⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=744,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:82⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8036,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8100 /prefetch:82⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8044,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:82⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4376,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8148 /prefetch:82⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2880
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5868
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4740
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4336
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:3672
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4596
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:5664
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:3780
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:5064
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:2692
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:904
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4056
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:1872
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:3096
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4388
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:2124
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:2620
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:4732
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:976
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:3056
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:1912
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"1⤵PID:2528
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5288 -
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --server-tracking-blob=ZWZkZGU2Y2RhNWZiYjZhMmVmNjU0YjA1ZWQyNTYyNjZhNjRhMjZkNGIyYTNkYzA1MGRlMGE1MGRmZjYwOWJhMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInRpbWVzdGFtcCI6IjE3NTE2NTM4ODIuMTMxNSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMzLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0ZSX0hWUl85ODUzX1dFQl81MTkiLCJpZCI6ImY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiNjhhZjExMDMtN2VmNi00YjA3LWIzNjEtMTZjNjE0N2NlNzUwIn0=2⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:5240 -
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ffe50dcb388,0x7ffe50dcb394,0x7ffe50dcb3a03⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5668
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5368
-
-
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5240 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250704183406" --session-guid=01ee60bd-293e-4843-8959-5e0df4974237 --server-tracking-blob=MzllYzQ0YjVmMjYxMjU3Y2U5MDc2ZjU3MTNiNmFmMDZhNWEwMmUwMDBhOWUzOTc1OTVmMjg5OTI4NmFjMGE1OTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc1MTY1Mzg4Mi4xMzE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMzMuMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fRlJfSFZSXzk4NTNfV0VCXzUxOSIsImlkIjoiZjgwZjgwZWU1ZjRkNDU4YWE5OWUxOGRlNjRiNzY5ZGEiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI2OGFmMTEwMy03ZWY2LTRiMDctYjM2MS0xNmM2MTQ3Y2U3NTAifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=D0080000000000003⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:4232 -
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x2a4,0x2a8,0x2ac,0x278,0x2b0,0x7ffe4fceb388,0x7ffe4fceb394,0x7ffe4fceb3a04⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3048
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6048
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --version3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1712 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x2f4f48,0x2f4f58,0x2f4f644⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3800
-
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3864
Network
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD52ca8d39c3bc99de17bed5a0fe47679b6
SHA1a9d29377d4d7f316746f898e3cae2c6fd2d1bdc2
SHA2561553a198ae11d60e77f8fff26d5ea7cdc1c266d81b11186fd06e0ed4e975ec90
SHA512490d655f3c1f39cc318e83b5a296a043fdbe8718a364b84cb7a8ed9bdccf2f49023e378f1b02ea50f4cd8e5ed7efc50222b5a8393f9842a592ab0de4e69599aa
-
Filesize
280B
MD5fcf9727aec0ce7fddb01548ba240c0d1
SHA1e38b97b14aebc563cf0478ff505700aa02c0a165
SHA256c893e53590a42abb839aba47c36ba866d98f4b37ea9fa591a2fecfb896bda1f4
SHA512fc9b869640aa7c5e452af55e6a387653a351d88b9271b2301def6a0b62e3ce9f5f08a615499f96ae7b9ffe791a10427eaad4b717fdda34f85c8823abfcdb5f35
-
Filesize
280B
MD5fbf5e7a78ebadaa63c94c01646f506d0
SHA155e94d7c8658a02fd4795958f4a61fc88a21b253
SHA256a661a0029f3004f352361e056a93b367fef88d947177dce909097680aaf418a1
SHA512cc8234e4f110b4303b1208f8e339b65dec25e9a114dbd366bbb9173d3cfd59c659c32d0186785b82102dad7d8f04729100cdd3125c5221c37a35f1f1c22ba65e
-
Filesize
280B
MD56852ca8c907bc9ccbfae3d317732551a
SHA11635ece55515c9e6f2d771864134fc97e4e4ede0
SHA2564987c2468406c4f0642df131db727982d3740b556924d4f0288eb66c45824047
SHA512ebcdf581bf55be6a5dfc617acc463938babc740f03cbe522edd50f371a775339d98bc6c21abb32f3335963ccec1808f84bb3fc875dfd2f18a21a09b89572f59d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD51122270fcd57044f90a9c8d281fbd30d
SHA1e23d8d9268ad3ea23b87998473adc43191972bb2
SHA2565c91fdfab626eb9f56e59d980229e64a208e2e7d1869dccb985c5d03b6930186
SHA51245cf4040bc7df13c9a6ea11c4dd7dc1fb835216579f339b569c049a291d04aecf92d1a681d947fbdae9aa60af5eb752a5c376743a658b88bf5417a3de8c9ffb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c803.TMP
Filesize3KB
MD5db7b40732ce3c83aa31b6e3cad197251
SHA12ade2ef21e42a16b5e75e32e9bdedb4a32153aaf
SHA256adaa1c26c5050e6df777b1cde57b18553d398425f5ae611f08855223114c9bfe
SHA51205b9690715ce7e98db1e7e20dd652aa47f0f5fde066484e117d5bde094e249d6de7350cac309974aa565a498c1c04b2e734161f8060828800ac0feebbbab5955
-
Filesize
264KB
MD52961ade833b91dbbccc9785d58a62e64
SHA1ad8e5acf8a89180e28efbd9eb7e2293931345265
SHA256649597a3cf3f183f4f0e39c501be30b685f0d2995b33937e782c18a350fdd363
SHA51297315ee3c4984b2192cd9608aac9a889ee3369b9819a98de484463a390d406ead9317c5649965d8934c1331ea6a1744b3eb36f9150b17467fcc5b912265cb49d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
7KB
MD598a58c8962031fddbfa010017ca8ae64
SHA19ea5dc0c19c67e430240aeab11e8d734b45cd486
SHA256bb51734159f2eca76e257f54f31396bf469fe9bf6704a90597f8c6fd0650bc51
SHA51297e5b2ac35b6044262e58dabe538cfa9fc6e94968a1e51b14f47e0a7ffca702071c1af555fbdd80efdc2714486ff73b626e877867a11f27ea542340a8adf5bd6
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD55a82f96d04a23ac5c0105642e37727ee
SHA1bcc246abd7c0d142223e6dd16b339395422772b4
SHA2560eadf008b5817cd56c9d74d276e7b54c2d4a74e6885aa8a2dbb08afeb7e73a2e
SHA5128fe5fc1c5a4c92062e25179af34aa713f04e8524fe487108c910a784eea42703972255e7231f357b58f44f0ebbc5cdd0a7b0a8a045402f191e0acc3647e19311
-
Filesize
16KB
MD559c45ec74e35c2f29898548c933f3080
SHA15576bcab0ba449536e240d76fdd7d51aee929189
SHA2568ce225df6ee70da6d09d3cdb81a362fcbe5db50b1294c87e608d5f896510857f
SHA512c7495c0fb0c776fd573bcf884abbf754ce0c7a365c585dee1e6bf73f8473ec3105896f8c4529b1968d6d8f948c899a14a568791ec14d03be728a6117f73f7fec
-
Filesize
14KB
MD524fe5be28af886f6d2f514a53fa390b5
SHA14038a594f5f0ad93b98f4450c143b320cb9710a3
SHA256762fd48c5eaa522d519f9355aa5a2d9204884e656487da5d310b9340a2208c8d
SHA5121c5ccfc388bc589747034ea57454b7378ea0ca842bbafa14f7d69cae77d4387cc15bccc33226dcc33d0a3e56ff2c9386447e489e9ce3af5105acc24e655aa698
-
Filesize
31KB
MD521fddb328c83f7dedc7ac5c2de3f806b
SHA12709527c199f63b5a490c949a468cdf0c8f4d60e
SHA25677413af89a21d36234b1248e28a6e09a98269b188d8ec7477530bc03efe4e308
SHA512c8e5662c8411c0fbc595a3951cb2a2139714674de2285bc5c141091ec28458f995a520b0836f1100c03ec09e12ee379d50c0f6476486f2c8ab281b5d97dc2d1b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD592136d662357d3eec791fd6bb126633f
SHA108ee5df5bd3301a23d9b602fe590f6e6cd34296a
SHA25622d9a5f8d97d54f94f2164595de97fc3936b6c8594f4585984763c2d6d8a9454
SHA512915737b715b8833d83af080f0d820648c51900890990a71076ade3fc74874b43668ed864db12665a0699318a2ef5d81669af0c6ea5a6f333b573acc5be3e58db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b5a4.TMP
Filesize48B
MD5bba0682be2dc477c243ba22f2244069c
SHA12af8f51f0df24fbe90624c46aedc559574a36758
SHA2567ebf3fb538b09987e9a96a60842506b78306c1928bd3c332038cb67a0440c98f
SHA5120032b7dd6172fddb6be6c1ad1f18c317e9d02d8586b44a9a57abf0222b10a7e7fbf5175a0a7f9209770f4f11aec7b236851cfe4dcc5a8cac58bdb55472b862be
-
Filesize
4KB
MD55838f7ad6bf1f8e9da9fb0056530bd2f
SHA154c1bd4c4994c25fcb7426920132ff90b5d6043c
SHA256b8c27b2f0b69ca43de7f40b3feb751071d787cd84fedc9da9094318ebb6e1ff6
SHA51254e048f3491b3811944b05ada6534c19f821334803d8976906df2bef175b2e112f833ff58b5160b48f02066a4aa7c43da1bcdd574748bbbffed828e0391ba0dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce0b5664-2034-47e2-bacf-15e71ce5933e.tmp
Filesize69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
17KB
MD5c0f84e40cdaf77baf502f382b580e2f9
SHA14609705be39b32d447aa6dc4bb0b11874c15ba12
SHA25666222ba0cd2ea2c93f72201b42609109d17edaa126814606e4e5827dfa9d8f2d
SHA5126e70f19e49c1e1cf991b0a3f4a40b7b321b9cdc6377482965faa1a19559d63258769e402792bf0c6742fadf8eca96fb152523e12cc2af0498af12220ce15f78d
-
Filesize
6KB
MD5abc6da64b12bbacdf6f435996e5601a2
SHA1aa8df20ba63fff12f65e0c14472603880f5317e9
SHA2566d63b8c820d5c9a303de068dac3769ec916dbbfe8b959bf5fffa8d4d4b07a701
SHA512cc06943988d3b2b13cd0342f940a18fa0598988b5769bd2bf0132d6733c96a470385df112602fc9b03a86b0cfc238a624016283194a688e72b36cbec6db919af
-
Filesize
34KB
MD59f59a6c32ed81682b40daf27fbe4afdd
SHA10180a9009987b4884b51c41cf42cab12707b3636
SHA256e3fbfff4690645d881c36630e8b48b59b165f2b40138622e76351d7deb596520
SHA512768dd95b98aa708b38712bafc129e17803dca13304a9cd0dc9a6c7120a665db21eab62844e36764fbc64cf6b47c7655f2ff64bbaba7f7c3e53b01b8357bbe902
-
Filesize
7KB
MD5033955023524ebb1b3b4090265ac01f2
SHA11f1c4f3c0299fb802ef7dbe53913f518edbec53e
SHA2565a6200eec310aea7d91ad94ecf296082d9f691815c5cdce2f0518f6d8c394021
SHA5123002efb56fa0332aebfdbd226ebcee2591c891196860aa325416c1835fa91378d8ebd7c391c1606b9ce230289c7039df57675b019a8ce01d6929d5ecb887da28
-
Filesize
17KB
MD5509e1842852c54bbe88f3e85fcb62d3a
SHA1fc548f502f57985a61c7486a05951664b7733f60
SHA256c9f9c888109c68eb0837eb01d8330a5c3b726b58b19c6bcd2d2de9b083d7457f
SHA51239b88182338b030ff48070e3fce46bd9f71eb551229144d6c8addc2d0111c840f2b4e7c4f96c25fa51845fa5ccb1155c86016a23a0e956bb7237661320713e2a
-
Filesize
28KB
MD56c60b0334ef1592f2635cbeb78cae82c
SHA14c3b6f9f341872e305e7858c86eda91d55ba1dff
SHA25695831214ee2ccc4fa70efbe31fd9c105f9b2bba57779ec2da3318c6e5bf4c303
SHA512f383a64cf9eaa32d792544cbf2f609bccaf8b61e27fd4407a863574e2b322bf284a592e3fe97c418d90ddb27f7edbb9272ae539dec432dfa52ef2d826fd0b0e5
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5845749761ce8b166abefc92a9eaf144c
SHA190a8058e04b23cdc3aa097f13306969c3196a5d8
SHA256a8af361cd67f08726f0090a045ef6dfdaa40fcd5d76355199fdcfdaf01e586c7
SHA5124ee75619ef08a79227bd8aa124990e439b860fdce6dd67cd144f1d1d5669f82e66eec2eb9f604d5525df1621f0b9c184d66e8e71cb0ca9fd7b4620b93669f69c
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
Filesize1.8MB
MD54c8fbed0044da34ad25f781c3d117a66
SHA18dd93340e3d09de993c3bc12db82680a8e69d653
SHA256afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481
-
Filesize
8.9MB
MD5c8422594c563a030ee1ee2e9db2ffc09
SHA1eed83fbe6967ce8a770eef10e46caa725ead3f62
SHA2560a9e3d689bde8ecf85337192425bef699be7cfb736a52148a6fb027162ee319c
SHA5120b459ed0f2017e2199c89c0998f1b25bd2177f4b69afee52ab35129b117a8bc9ac760828ba473a469f62b2c524f2fc05ac81395fa82bb81325ec60bb8a6ce889
-
Filesize
8.3MB
MD5818f0a0b987eb15b4046df8d80eabfbc
SHA10ef6702c8b2e20a06cafabade808496e145522d8
SHA25644383f5919d1de84da01ab5a780c6a7381c41636ea8f17496566c85d4b20d9b3
SHA512914345c82ee805aac1ec6229aff65980c739c49ac5ac899e138dfddcad3e58981fdb5ae1ac6016b9a590e2fcfed76f79d976cfca92061aa9af377df0580a804f
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
40B
MD558baa6642abac54c88b4253105778625
SHA12591aa4bb72125cda8e2098c1ca3c65b5573e201
SHA256abf7a4c2354234e69176d26e1c68905016a47b129313cbf6d625d5c028e2b424
SHA512307d5195c317d637b205b5801188603b8bcae454c51ac705e8ca5265742c58c81d32b776ec3d2e75b22358f6d6cc6d96e1d65bd61e35f4b2ffd78f28eea257fb
-
Filesize
77B
MD50be1d7ab6531c54c33b6f2e947e19362
SHA16f8847bb62d76961a8fc86d602bb9915e75dfadc
SHA2568652ef28481c8f02b08f11af0b6652e021fbfeaa40361cfef1dcddf38e0848c2
SHA5124d39c9dfa622b330ce1d7ede0609e3e0dc05b1eb273033e6d333d3828e5fcbb320a3ad3184d32255fa0c59cfdd6e964b07f3ffe538dc247471cadcff9cf515f8
-
Filesize
76B
MD59d2da8306f03c18abbe49c3db69b580e
SHA16bac7eac33f175235e89af9710ffb7bec21fbcd5
SHA256efe26fab3cbeeb26b55e050f695afc248bf7f12e66f1d4fa05ab0b8fbea9d605
SHA512860507b75332742f1dd4f0ec124fbea7a5c7796726d462ee71db30cc2c8cafaeecc59dc160819b93b1fc994e3a67fc77add5a67cfef003fc1e39813dd28a7642
-
Filesize
18B
MD52b7556d2b7863d0e28d1437ebe6b2d61
SHA138ee23dc272a28b6d22bea86f64c267259704590
SHA25684137681655b3ac11a3ea20d43f7abc1347fdb60cbd1fe386b1e5e50b124dc94
SHA512c1772a15a5e9738fb17843933cb3cb040b0a5d76e0836d6dca86989063de2db73a0c8e6dd10e2b5c6ab74ea17dac6357aceaf8d279fe486baef3414223f14f54
-
Filesize
4.2MB
MD57a3271f838b4dc7a907a7cf0e858841f
SHA1e4cdefd663806d21de427ea626986fece43eb0d7
SHA25656c4c29e9fca22d3b375534660fb58f61f8e6a046028e4fdcbddec63ba18a405
SHA5129d3937854414e3a084048f082425779274060710e4b57651ac9276a8d9cd1cadc580560ee1eb50912f4f7f4c996757692ea1c35badd44bd9e30805bfa7cdfcf7