Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Shows suspicious behavior
The file Roblox Evon Exploit V4 UWP_89643474.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
Drops file in Program Files directory
Loads dropped DLL
Executes dropped EXE
Browser Information Discovery
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies registry class
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 22:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 22:52
Reported
2024-10-25 22:57
Platform
win7-20240903-en
Max time kernel
121s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.147:80 | crl.microsoft.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 22:52
Reported
2024-10-25 22:57
Platform
win10v2004-20241007-en
Max time kernel
300s
Max time network
299s
Command Line
Signatures
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743703984042125" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4 UWP_89643474.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe --silent --allusers=0 --server-tracking-blob=ZWEzNzllZDkyNzZhNDVkYjQ4NTFiMjc2MzBhZWJjYjNiM2VkMzczMzY5YTljMjAzNTg1NWQ2MTcwMTNmNDZkYTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1kZmY1ZjFkNmQ0OWQ0ZjFkYjliOTc3YjIxNzQxMDU4NCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3Mjk4OTY3NjUuODk5NiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiZGZmNWYxZDZkNDlkNGYxZGI5Yjk3N2IyMTc0MTA1ODQiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI3YWIzMjcwYS01M2JiLTQwYWUtYTI3NC0wN2VhOTAzYmQ4ZjYifQ==
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x70798c5c,0x70798c68,0x70798c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3580 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025225249" --session-guid=97b030c8-59b4-4dd1-8c7e-dc8ece5b18fb --server-tracking-blob=OThiYTdjMmEwZDFlYzYxMThiMDQ3M2MzMjY0YWVmYTczZTFjZTRhMjJlZWEzNTYwNjQ0OTA2ODJiZGRiNTUxZDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1kZmY1ZjFkNmQ0OWQ0ZjFkYjliOTc3YjIxNzQxMDU4NCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTg5Njc2NS44OTk2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJkZmY1ZjFkNmQ0OWQ0ZjFkYjliOTc3YjIxNzQxMDU4NCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjdhYjMyNzBhLTUzYmItNDBhZS1hMjc0LTA3ZWE5MDNiZDhmNiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x2fc,0x338,0x6f978c5c,0x6f978c68,0x6f978c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x384f48,0x384f58,0x384f64
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\httpa.directfiledl.comgetfileid=89643474&s=C1344FC0.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d7e0cc40,0x7ff9d7e0cc4c,0x7ff9d7e0cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5096,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6174e4698,0x7ff6174e46a4,0x7ff6174e46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4988,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4796,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5488,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3556,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4904,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3396,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5800,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5792,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5912,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5816,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5808,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5804,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4716,i,593288940249317907,8741934601899871280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5952 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| NL | 18.238.243.18:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.78.193.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.19:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.19:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.118:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 117.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | rentry.co | udp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| GB | 172.217.169.46:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 16.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | static.vidazoo.com | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 178.33.18.104.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.206:443 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.46:443 | img.youtube.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
Files
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | 3dd3644e8800b1b2e698b6408ce6c92b |
| SHA1 | 288c6a6d1ae1acb5ccbee4939353d0f7cefa7127 |
| SHA256 | 00be9a0447c4498c4d7c11a3c41d977664fbc2f9e309177d231ccf095b512663 |
| SHA512 | 358f60bbf2c1f5a02680a447186c6f11430cf568caf5c7acff5f5d66ee1df6de8171420dfd9f6c189b7cbde66cc5445fc7df99fc988ad053c9bd840226e77217 |
C:\Users\Admin\AppData\Local\Temp\7zS41D52BB7\setup.exe
| MD5 | a910474aad1eea96921d359e1763d2fd |
| SHA1 | 8f663c05861ce93a1418607bd208c21dc7263237 |
| SHA256 | 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e |
| SHA512 | 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4 |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | f76f3b69c4f67c5c98cbfd068b9b77c4 |
| SHA1 | be389ad0624365f7900c8ab6e9715594338742eb |
| SHA256 | 316c8378c46f47ce0499d95de81fd918c0fe266737e668f2bd1739a530d288cb |
| SHA512 | 0a82da40c406cca0e36917593a4cc9c374a98157eed15d6984fd1c4433795283098d62f05d7d3cd08e1d5414cf673fa496d6a544e611d5ab8b9b9b285ca18471 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410252252475133580.dll
| MD5 | 94a99783bf5a9aeb8a0c8adcbb144ac8 |
| SHA1 | f5682606d1a3774a44d58a42391533899578897b |
| SHA256 | 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9 |
| SHA512 | f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 671881b970c1f088a8e7da42ec9a4880 |
| SHA1 | 4c2fca6714a0d563ff234c78635357b946fff5e2 |
| SHA256 | a58536b95e2a16d16f427a1fb711d0c7c39126f6b85cdce48e7239dc2970b242 |
| SHA512 | 701974bf1ad58f80978a4b62b762e67cc9e98ba656b5bb0419d9f8faf186326ccce6a9edd7525fee9076f061e043e388fc50c85d99e38cc7a8c6b6cf314f25c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | b1b6790b720cf47fe6d5afb921ca9f32 |
| SHA1 | 314c657a764fb1c7de643e37bb8a65423148b166 |
| SHA256 | e4134cc162dbad2fb4ab8f609c2fa059f8087fad1dbb1212d54ef9509830ec59 |
| SHA512 | ca5cbcedcbfc5792c914941033c9af15fcbf3c561595ad963fa8e86e2f1c03ec1a17c2e8d693b3f7cc2c257381b99e70d7fd0c338921c98a79e8a66bd72bf9d4 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | a81c6ef32148ac7daf215f2bef4048f2 |
| SHA1 | 720c0bdcd269288007ebad01d9e1cdda8856e4b0 |
| SHA256 | 1670bd82662ba847f33e2ce005cc3134986ee341173d818000f4d012d5d0b23d |
| SHA512 | ea033754a97daf2c295512f525fe13ca54291c97c712f4b42cfa97ad21efea814c04a0cc3e2d995b7914f32c9c70e803e58dac896921d179d0d526950f05f090 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252252491\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | e0d1eaa5f1ff8dab9c278e5b9460e99e |
| SHA1 | 578e8b3d0e02c54c9195ceae197dd986ac969ac8 |
| SHA256 | e1e8f0de5bf6e265fc77bd098290e963b05395d8590e22cc4300b75bdc76bd32 |
| SHA512 | 46a7cb28869586b7b33a66aedc6b4966cd3e383b7704d7056d26aa48bf2de3dea7c6d738cd3b74f8841eb56381071bbef16b23159407d99816758856121b52f9 |
\??\pipe\crashpad_4600_XWVVSCEMVNTWYOWS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d53c92b01fa16c615bccc7cb97e76c41 |
| SHA1 | a11f7e53f34cde23c45ffddb536edb066289bd5c |
| SHA256 | 048a10a46d7970049b6ac7409d13497fa39d2ead6bc56d8693da92507416e9e2 |
| SHA512 | ce77e4fe5536449a3b306b5371d87ff53ab7d717c5f84fb4f9202c9b995b4fbafd54bf3ee46bf181e24eca8683d936e8d8b1fe384b5367d22673572d4ce3a49f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9740be12bb0b48954fb52c3e277f8d36 |
| SHA1 | 9fe079abb624eb1ba494ba686138cfe85fc0a680 |
| SHA256 | d2d49e1b65f078271b93849eb77852c6a0551336af298a9b127df8f24fe64077 |
| SHA512 | 8f3a38c299eb4db6d65744f7c5d6d4dcfc77247a78fcf08a2f24abe42af3fdf8549eedca1dfaa45fe954b2cf00fc4189815e8722b76e0b4b4be9af7ae709fb17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4d191c1aa3d5c9eab5c8b3b9c732d59 |
| SHA1 | c8041547c7d6d7fe720ec218e9de6570e52bf2ab |
| SHA256 | f1ec92e8ad0c1a3772eb7cb2a7cabb451a9573d62f9061c9cd137da0d97a206a |
| SHA512 | ba82266496a11b0b1d4c941b5082b1200b580ab5fcc6fdeca5749cb125108343a61e106608bec4308a63ecb118c36aee7a039b4deac95f42be9508bab1ddc867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a4080abc6dd528fc8849999af8130765 |
| SHA1 | 5919748a5053ce7274833005e61596412c44c341 |
| SHA256 | e3740f6bbea9b4e92a1573b7a3917f175a5fc3133db379b1acb94abeb7cda679 |
| SHA512 | 42eefacf167b215d022ba6ca48ecda2263f78f304541428e82f8bdbc3f35620e39c72355196e35c7d9bcc940020607b055a7f1d6b99ede54da936f0aabdb30c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 31f4eb6582412ad8887cebd662bc1ee4 |
| SHA1 | cb82afdac4538eb1690f4b38a2c00f2c01ee2485 |
| SHA256 | 799c1ba965c86f267ec5421feb994c15fdaaf39522893a33a78c144f39e31d29 |
| SHA512 | cd324d7c79aa828b3ad065405e0ca78afd2fdf0e9510122b6576db96188c933447f7a12ea5fc06fc280637093acd8ee1961719145d26b8984d7ff05fa1e50e06 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b4010a2c968cb294c610cc008210f12 |
| SHA1 | 62cb11e1aa0f55e3bdf07747816cf035f1f3c097 |
| SHA256 | 8a54932cbbe2bc44cd577c63d381bed31f05149b31686f564219e989b695a991 |
| SHA512 | 0d7b7e8735c52a043886ccd949b33143f0f3fb4a82a84cdb0ab5bcb421b29f62565c8c24fd5577984cad1c31b30e47c7dbc0f5ebe80e182f248a82e1d7a57554 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 166bfd47e5849ef42b5db9807786bc61 |
| SHA1 | e2fd381f518bb65d07eb9f722d58b44e7b748621 |
| SHA256 | a2e7476263890e48e8266636dba43b990a9737057c19df83e2bde7db5f941f20 |
| SHA512 | d17474c81b1d1d3dae9ac6a4c119bf171e6e99466092e94af097444c5addcb8be3c4180209672691b0ae0f577157076ee5a4126c04a661bc001d1ddcc062bb1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1c0e066ca752940d7b15a5af37db9161 |
| SHA1 | eb6580967981f3e809f8446178f189b114ea5361 |
| SHA256 | 84ff12bfd4aba472fae16c12b7a3628b4615fdc95054fb2abb1ecffaaaaa549b |
| SHA512 | 8c8a5a64f914a1356a1b45932cdb2e97709da3bc2309df760c2ebc6da7bb34e654f600a16b6baaf9f97dddb8232eda33532e71ab084b1f9601762e7ea7f32a39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f2e7234123922d524db9cbf1d137825 |
| SHA1 | dcaf02351cea5dc1d1e792ff6c72c2176ddd5958 |
| SHA256 | 90ef2f5f1a643a688a022b5dffdb8c1e825aaf16732ea784ae5a123bd8aa73bb |
| SHA512 | 37be288c87064e13f36f279a447737aff0041043ac5ffe8e06d412d42d430aed0a1afb19547080f12131af13cf1a42e79e34de59a8caabbd44d2283873f5fd61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 980ac4a5d9f1def38fd060c3cddae464 |
| SHA1 | f7c2830ecf2a1f7a5329f786f64f7baa5dd67409 |
| SHA256 | c8b87b96db7c7bfdb07c49eedb66ed7d7f69560994672c95769117419b1eebba |
| SHA512 | 5ecf8ae5fb66a6f6669adb135a84e37fde7c17b0ba4de0c9ebabd69f808c94f2d1010c3635de51d1720efed693c62bb491ce9e0c14f833563ee192aa5543d795 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdeb111b85516944c40586c490a31ccc |
| SHA1 | 63eb2556dc9c94255c7b5fa1eed1477045f0e7d6 |
| SHA256 | 57d3969deaccedd521c5b65f999ffdec2a101a272b9451fc797f6c0704a66e7d |
| SHA512 | e03600ed0152c147036244a4ee07d01ad0e88481f47acc308fc6dac9b7f9f794cdf00e760019e1f173fdc664e03bc60403730aeabf5fdfc70399ab0bd5673115 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f6a04bda6e45f5cba3fd213965d538e |
| SHA1 | 8a2faf1a063a513db41a003316fb54f2a259b964 |
| SHA256 | d78b53d2a960f192a5a1499f689ae6f7878471afa2f025ef8c8afdfd7ac6c5b0 |
| SHA512 | 4d0c684c1ed5b2e4c7bf54d3b64c8d05e62d34f7e7b11b75802062bd770a2d7aecff1ada3d3fb06b76a3e8427422a142ea924fcea797ec49a7bbf0da12e5c0d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9efb85479f3249436e34c7c6b2a32f1e |
| SHA1 | 7d32d362a7899f41e7a08511a5d2a5e9e20d2162 |
| SHA256 | ae53d457f277f98693e82c186153fe1d68e689fdf7c8ba334f7d1ed42c85941b |
| SHA512 | 6784fba9c7488d35de2f0f041e0d752cdec0e2c995559c3eb8527749d10ffb8e307e629be7853790b1174e1f04bba4dd40e2976d4f1b35e4578aab974b06e210 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
| MD5 | 2b118755fb0917cf4fcff577836dff5f |
| SHA1 | 11a72ba50ddb613bdc7c4fbaf27cc6120f41d0bb |
| SHA256 | bf1167c566221632a515a82312a94e7cd25265c9134b369e06ed7b254bdcec7c |
| SHA512 | c9bb2b3650079799baf50aaa77eb181454953fa62184be0ae0051f9d1b95b16a12e2a365c55141e3f868778128f0c1a920d5948904a82647b245195f59e1bb16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88da433cedafb8b07ac7b26cd16816b2 |
| SHA1 | e86e37c760166396aa774b7f7c254fd6f77362c2 |
| SHA256 | 2badc47530277b6ae589f004e44083f5182f3a32436721e92545caae68b0a20e |
| SHA512 | d312914a10681414cf6909f9c137481cbc2b997141f3ec529d348b43075449e02ba0179c1fe6d753b1f42365799001f1043dcee1dea601f4e5c6660910322da3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2712cb98ce5438b58b9e904507b4f7a3 |
| SHA1 | df55cc62672e391aec14822d68cd52e11d59ea81 |
| SHA256 | 54d9f25056bd82b8c4d3732c1ff061e2f0a550786187aeaecce855837da900ee |
| SHA512 | 31da4e446824bc7d2f60c911eaebc0282da6e0ce600524fa94b1f1c571992c6aedf5e234a5a351611ce8a7a238c3df674f87b0c5e02e6a9936c554d5cd7069a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 05059e41b2e183d82d593e3d4ab13042 |
| SHA1 | 120de0a75f251778d5e69076bb9791002180f205 |
| SHA256 | 6dde3ea4390973ff50659f0bb6811567464c4d13f96735630639eeb1d6d7bdbc |
| SHA512 | b0dea9a7960015b48e8c0b657f2f918f38e8c72120dc79a3a634f6fdcc99bfade39c2e0762c60c97cd484dd473e9cdccc201e94bba57109366ee3bb4389b8839 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f980f044d147fce3b6a73615b6b472ac |
| SHA1 | 232240a1500d6335d84af44c4a7c55e7b4a207d5 |
| SHA256 | 6f85be1dc041e012b3d3af8699033cfdc7fc04cdf024a83309997fcdb4c547cc |
| SHA512 | 7db2e83a78de7f3f7df734b9cf7af0595e102b047d85ae260091ce0631d50bccc8fd4aeb619505a4a81899bf4e3dba4387215de1f3db8d9d93994b45090353ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c0ccefe369fdc0053fafc81b9b0e3e4 |
| SHA1 | 4987c71ca99f4e6c5bdd657ea2b2adfdd036e626 |
| SHA256 | c187b6c78a20efba441d0b64067904ffd0a4070b05d5f7a935bb9fd4b19eb593 |
| SHA512 | fc050431c4b0ad4f3ec69036294da225a5aeae4ba5c3e514fbc4fe0a309edd4cf3d2fd23c95b985b72dc5170f46b9dc209efeb1aa8b1217c8c9337a182d501d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 98d834f8955c877068f6a92447941f8c |
| SHA1 | 0f3f1db060a0e9ef757521dd10222bb15455b3f8 |
| SHA256 | 9beafc9e8e79fc78f02d6eae83927077c76645761162ba59da50aa4427ff7b4f |
| SHA512 | 2046b56f56d55863f60bd8ea8ea948b4a228b898b76d96a388a6d747907407e3783be432a240331866114d83183e87f9414c4f62bdfb849a8c51f7cb70ffe1bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0c1385cb71af8812c4ec8a5861318b2b |
| SHA1 | 4629af242a429f42d293a1a29399b6e7ce6b6c2d |
| SHA256 | d11e7e25254b790da80811f342c6f2e6c29e387cdb0f1bf8d1b9cd6bdb814227 |
| SHA512 | 46515b9e69192e1a45e425c33f3c8e4bbc08a49f7d2a5e4920861d41fb49ed7f84f8a352ed1363dbc43fd8f5b1059c7119286199c8cc634f0866310e61701217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af435b429b0a13361f2feb57a5e373a2 |
| SHA1 | 89497616c58d915c15916ca5663c61c5babc922a |
| SHA256 | acc5e65f085c7cc88c4eeb4f9a14d764b24aedbf4b8c8ae7fe4b67d178cf8335 |
| SHA512 | c913b064a82021eb6ab2a9491c5e2662a0d0120015a9d2d37a7f99f1bfe9dde5ac93c8b92742bccdd513ddc6f62196c9815a0a04ac262d0253eac017f342af79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb4bab841ceb36c87038c497a7253bee |
| SHA1 | eefbb7887b7718a08e110c8b1a9facf81fac4c8b |
| SHA256 | 8cbd82eb58ceb3adcf43d89900d88c4284549b085467f18b38e3991f7d01cc59 |
| SHA512 | 685d3cd427639f5c5e768605d6046a55748175bdb3d97bb287d3cbc4176f9c1187d30a1bf305d5b439ec55750b6f2648e5e66828b232ed1db7769fa5b7df5c7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e987f4a180cce669cc4c4bcdb3774b3 |
| SHA1 | ca24c3f347a67401dbfb6f5fde6dfe65232260c9 |
| SHA256 | 2c3932389ecf1c7f7ae8f5c9c360b9091da00fdbd8d601f820363cf821bfa575 |
| SHA512 | 2e1c7e6ca77f5aed951ad3ed80c19d85b4a63a21b749f68735941dcf1c92a4ecc135ae5f389cdfcd47a349f9251c4bfbe483ca829f9a76bffe7c5572e019393d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed23d87f507d8be44947d426725e503a |
| SHA1 | 9d673f2da51db9f20b697190d2394dde32f78bcb |
| SHA256 | 0fbc883604d371708b89512a5c40a21c8a2aed66fc121f080026d657c7bceda9 |
| SHA512 | 07eba39668dec7d03d6561e747f03fb73d9aa67df561e4adf17bceb8c37d7c5dbdeccc636e5ab732e9e13c3463096b26988909ad9d24639fe0d19f6d02ff205c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fbab0accf5edb21e21881149e192744d |
| SHA1 | 11f86b0ea1cc79f10fb9f7addc53bb1824139a88 |
| SHA256 | 3a7fb76dc6cd2678bcdf11bba5fa2570d5eeb9a329bba30393b49476faeec1ca |
| SHA512 | b997d48b82d628d12d79666feaac8123fdfbc50f46fd18806aa0d7f2490d0392cec695c3b61b3b117a49bc8d0aa07ee1296652877e328503aa5b9396a01bc45a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b82b8aaae194c4b0fabc1256da1322c |
| SHA1 | 5b60b0cb776dd1c4476514a98121dff975ed9230 |
| SHA256 | 826b724f38d0e13252bcb59f626c5941fc5aa10e048c7d092e2a74074d4d8af7 |
| SHA512 | 86036f9e76fe6bb854e5f8c5f8966c1b55b5517fe668809de513c986bf60a2e67eb648539e28b584c097433927a732df35425cede86d3bcbf637ab4bd12aeccc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1e943ff6-b99a-457b-8679-c3e52564bfdc.tmp
| MD5 | a13e21b2a12a637ed47285741a208377 |
| SHA1 | 5e820e2ef2ccd41ca631e4c562fb6291636de69f |
| SHA256 | 2bd6c4f5463d4b3a837b85e0d2faa28039c183afbc4ce9f371e39986da6d081e |
| SHA512 | 6107cf0df2afad71cdef4c3fe9db894508144543feb3a86b08bf41eb338e2d288a52e873386cb95ca7a4b07afadbc28e12af9cdf492a29d4e99dc4764da2495c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d77be3f61799d6e8ef05b3c8a2f4fbb |
| SHA1 | 552428e744779a895d4ebe960c69a893778e8546 |
| SHA256 | 7a76fa5b0ea2dbe9a61f0d6720f3d37d6c2d4b5694fb7212b9715c4715dc693b |
| SHA512 | 049d30708b7b3256441c77e1c559ec8ffd8372d94541091a09d08c9da580af9d1b47c572378487d138c1b8c0f47e97931007d7a94ec9a5b59f5b6cc4b9fdb519 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9af9b3912ad20e02e890ea2c650c9ff |
| SHA1 | 72a1b94b9e50362e943d7258fa7138fcec757d47 |
| SHA256 | 7964f1d499b25b815fcf01adee660aea57b5fb9a2f61a0f0cecd624149be7cb2 |
| SHA512 | 9d1c53dade5672c59da0ccd07117c3bbd357be57528489f48438d72d7a502e86c858c9909dcd635e1ee20d80aa45212a31d5fe51218107add8c5c38a0243cb5e |