Analysis Overview
SHA256
a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fff
Threat Level: Likely malicious
The file a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Enumerates connected drives
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 05:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 05:33
Reported
2024-10-26 05:35
Platform
win7-20240708-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS477DDC27\setup.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe
"C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe"
C:\Users\Admin\AppData\Local\Temp\7zS477DDC27\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS477DDC27\setup.exe --server-tracking-blob=NjljYmE5NDdjOWE4MzA1NmEzZjJmYmFmNWYyYWU1MmVmOTEzMTJlYTExZjViMjQ5YmQxZWQyYTBjMGJhNmY5YTp7ImNvdW50cnkiOiJGSSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2Jyb3dzZXJjZG4ucnUvcHIvOURMc2JWeWFxTC8yMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1wYiZ1dG1fc291cmNlPWdwdyZ1dG1fY2FtcGFpZ249OURMc2JWeWFxTCIsInRpbWVzdGFtcCI6IjE3Mjk0NTk2ODMuNzE3OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDUuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IjlETHNiVnlhcUwiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImdwdyJ9LCJ1dWlkIjoiMzdjYjY4NDgtOWQ0OC00MTg5LWI3MzktNDYzZTBiYzA4NGYzIn0=
Network
Files
C:\Users\Admin\AppData\Local\Temp\7zS477DDC27\setup.exe
| MD5 | 79cdbdcb845da2203425f8882d1eee84 |
| SHA1 | f8a82f8615308412e54c03eeea46dd4cf6bcf26a |
| SHA256 | c4e2e44e1fe4cbb1ec2883134494bf364aebe39c58fdf17e3024fdb9842db3fb |
| SHA512 | 8247a33cb2aa1286e1e000a1154a705b5ba78174de62f03505d5b03025bd1e3e1973a39fca9878dd15b3f630605b264f2c1eea3f608d6472b2c80f5a5dbf7c10 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 05:33
Reported
2024-10-26 05:35
Platform
win10v2004-20241007-en
Max time kernel
104s
Max time network
115s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 387314.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe
"C:\Users\Admin\AppData\Local\Temp\a722c27e446fa41b793d580a6d7a8dc77caaf5fdca2f3b11548352c6aafa2fffN.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe --server-tracking-blob=NjljYmE5NDdjOWE4MzA1NmEzZjJmYmFmNWYyYWU1MmVmOTEzMTJlYTExZjViMjQ5YmQxZWQyYTBjMGJhNmY5YTp7ImNvdW50cnkiOiJGSSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2Jyb3dzZXJjZG4ucnUvcHIvOURMc2JWeWFxTC8yMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1wYiZ1dG1fc291cmNlPWdwdyZ1dG1fY2FtcGFpZ249OURMc2JWeWFxTCIsInRpbWVzdGFtcCI6IjE3Mjk0NTk2ODMuNzE3OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDUuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IjlETHNiVnlhcUwiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImdwdyJ9LCJ1dWlkIjoiMzdjYjY4NDgtOWQ0OC00MTg5LWI3MzktNDYzZTBiYzA4NGYzIn0=
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.102 --initial-client-data=0x32c,0x330,0x334,0x304,0x338,0x74eafac4,0x74eafad0,0x74eafadc
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4540 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241026053356" --session-guid=d2dcd133-8023-4f2c-baaf-ea6bd394be17 --server-tracking-blob=YTAyZWJkYWMzYTUxMTY2ZDAxNWUzZDg4M2VhYzFiMTUxNjI3OWUxOWM4NjMyOTE1NGJhYjczN2Y2YWY4ZDhlNDp7ImNvdW50cnkiOiJGSSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2Jyb3dzZXJjZG4ucnUvcHIvOURMc2JWeWFxTC8yMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1wYiZ1dG1fc291cmNlPWdwdyZ1dG1fY2FtcGFpZ249OURMc2JWeWFxTCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTQ1OTY4My43MTc5IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiOURMc2JWeWFxTCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiZ3B3In0sInV1aWQiOiIzN2NiNjg0OC05ZDQ4LTQxODktYjczOS00NjNlMGJjMDg0ZjMifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=4809000000000000
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.102 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x7258fac4,0x7258fad0,0x7258fadc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc182446f8,0x7ffc18244708,0x7ffc18244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10238536198899821539,6191578649885529328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.19:443 | autoupdate.opera.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.16:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 96.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.78.59.119:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 119.59.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.217.199.23.in-addr.arpa | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.18.27.87:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.27.18.2.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| DE | 3.78.59.119:443 | www.opera.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zSC2EEEBB7\setup.exe
| MD5 | 79cdbdcb845da2203425f8882d1eee84 |
| SHA1 | f8a82f8615308412e54c03eeea46dd4cf6bcf26a |
| SHA256 | c4e2e44e1fe4cbb1ec2883134494bf364aebe39c58fdf17e3024fdb9842db3fb |
| SHA512 | 8247a33cb2aa1286e1e000a1154a705b5ba78174de62f03505d5b03025bd1e3e1973a39fca9878dd15b3f630605b264f2c1eea3f608d6472b2c80f5a5dbf7c10 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410260533557504540.dll
| MD5 | e02681fc3b1bacea505a9808f42ac8ad |
| SHA1 | 7ec6adbca2f5c3aa3d240a0c7501800861e1faba |
| SHA256 | b5f2eee0d29c94dd418f7053fa4132386af6ca66158a2608a3084199084516d9 |
| SHA512 | a942642cbc83f580d957b0b30afbc0bd5a38296021dea5c85f9f3b62e08f8753b4a9f521451d4b7f1ebaa71d89ad2ccf74d018877ffcbb55617ce0abd1b9ab97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 423e40e8ddca8e206bdf9a3dbbe429a2 |
| SHA1 | 933fef8cb3de44b2a6ffde4092949427db0b7cc5 |
| SHA256 | 8c8ba318f62d65eceb2787300100f59fe34536904c17473d0774658dceec0170 |
| SHA512 | 959819578b8290d68c7ff45622e114f6bfdcab9f0a7cf91519367504253b47e1dd10f0b61eeb1c3bc08c41078f2f9dfe4034940438b3766424fe5a16f1bfe177 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
\??\pipe\LOCAL\crashpad_2344_KAMXTAQSLCAWFVOG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18dcd5aeb937d85fe369867c56381d4d |
| SHA1 | 213ff20bf82aa179c660dd334d5a881f1d246644 |
| SHA256 | 0065dfce5681846f39beb6e32673bc6a61a3a37617ad9076f88cd4d29bafdc0c |
| SHA512 | d5733f11f67468e318f640a13f7063321940c62aa66bad591563698314497106e1b1a3a4f44f18977e576b8bce7c98ebaa1b185bda19b902fd5765a51281ac6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 1530f44c083c6fc824ae17edf60ae227 |
| SHA1 | 3ecbb549fc6856095c2f589807f38a3d4a7d7393 |
| SHA256 | 7eed8feca10477d09a905e4c2e33f0d8edba9811d6586972f262799660298593 |
| SHA512 | 3b16a91b21b0ef1bcdcc9d26a1d30d48aca22347843f0b133ca868de3271ec0a449b1fc31596a2c24eba023f0c6b49e647b38313927b229804b5bd76af8fc60a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | e986113905ef03ad759d961ebab20980 |
| SHA1 | 1717fe5f399e40e080d752014fe76cad8e2a92ed |
| SHA256 | 96c62a5980b5763a609d05dad6a6041f165982749ebf0828a7178f003b4b1a4e |
| SHA512 | 64c177fac0ab1d0b8c98cf9f3476f5d7ea55a4fe3a9feaa5a3ba97ac7a5424c7644d6dae27850230bb727e9f6d40da1771613ca7315e5d901008216918d65f79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 927261cc9b150ade6a9a941a4d15df37 |
| SHA1 | ea1b30589015a47186911ee8900997f341570d0c |
| SHA256 | 5a082e7f80fcd2fd92df20a1458b3d7dc3d233b48d2524b797d6a10236ef8b86 |
| SHA512 | 936394c0e36153daba17e5f6cdcf53ab58aaa94f40f4d5e5eea2f2dbe8eba775128eeb8bca6f1beaab33b4e2dfd389b2ce40b4764071910b4c61ea8164e17fbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d642d5a3e8d96183ff853dac44999740 |
| SHA1 | 4476b63a05df7c26b29517d66934ccd5ca091214 |
| SHA256 | 7b5bb57220e211a662465bcf7ad7953ffd9f1241d48c0691a8ceb03efce8027f |
| SHA512 | bf97e3076409098054e89e7b4267f88570b5bfaca26ea0d277edcc2a6b7f780707704ab3c1ada52ad5cb8d6bd7a6d8df1e015fa248fcfb9cc07886590ba2fddd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 5374a99237df7a9042905d7867d9d9de |
| SHA1 | b53700bb4068cfefae2b4aff8207ae68e429d9da |
| SHA256 | 735c4c40a3fcda17583561b6250c49e457428e72befc53f14047d69f931528f6 |
| SHA512 | 9accd40a2a307f51cf290df8b156445f5789fefe7f24d898fc49fd3449db47bd1b60d41cf4358f49725c18328844e7b8ba41606f5fdd8ff418902b486c1000bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 37dccb44307e15b8bfdddd7c7d0077b8 |
| SHA1 | 51e794126ddda5a71017859b0c8824ba971a5b8c |
| SHA256 | 8e5349d0adf2b34792dc05d2a9ab36e663f10093436df611c6e06d463f86e53c |
| SHA512 | c6827e8f30024d4dd415728e55415717e2db4c20379e233cd6c918c2a07d307e2fdd87b610990ed731967e446b75e74ecdb0fbcc7c17648530cf032e3ea882f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 3e7134b804f3fce3ec20b1b2a53881d1 |
| SHA1 | b2c8acdb0c519ae005dea974398922b7cc282e0d |
| SHA256 | def306e362714ffb4d55e681546ff2e460dba6e9503aede11dca3e87232540e3 |
| SHA512 | 43644be29d9bcb4ef47e9e6fc32e2761f13ec10f1c80bbf880dd264b3b14dbbbb71f0f8e0ede97641e18b99e2491592b9965b30dfa2fe860bed413c2a0b27eb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 7db073adebe0b5eb24c7ce4bc7f65fd4 |
| SHA1 | 6f83a07cfbbad5029f63d61d1ef8a328da6beb30 |
| SHA256 | 39a1179b6e9b903addb38210ce779b3129a4a30b021f1902edc9b063526ce9ec |
| SHA512 | e95a8104053411055dd4003552ef8ddca4bd10a1e11690322609ad3802401c72c76a7b36956c53e97e52ee3e0e26bf872b737bbf9b948871a4283c7bc22d6b6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811
| MD5 | 8daf9dda90e5f3338485a4fb1f197793 |
| SHA1 | 2988e2d5cd476f08a607f23044357ddcf7de09c6 |
| SHA256 | 66cf45977f99b41ee92214297928e89c51262b0c3d17c5bec9ecb263945be77d |
| SHA512 | 06a58909c1ad43420ba5322d88c9ea574b7ea8994d8afec8269a509f3e194af75252542bf339004e0ddf384d16e90caef17ee60d746565275b1c594c3a6e5e9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811
| MD5 | 544a8cc69027c65da533cd3556a12714 |
| SHA1 | fc566e37c40564fc944347526a278a16e9554a78 |
| SHA256 | 1106c7f3717778d8a60e8cbf4db956debbdaf5abc7bb2631410f2e042caae4cd |
| SHA512 | d6ca89dd84f3e2913be432a7aa594d50a0228717fefecd808af8cc4fd978ed3181b8671c6614b97c1930c9eaa7f1e89a3e9eb1c4c6cb0d16a4073cccf204f3a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c5c34c67c623ed71da1488bd383a4bb |
| SHA1 | f6cdb7057cb2d3abd59199316830a2b18d723b9e |
| SHA256 | 58ac6dd53f52186c3ca7c43ebb10a7a2a596023b25a5328e3f85d4f8eb302a36 |
| SHA512 | f2d62f284f6b3652347ba640f1a80c9e0ac9cf9f5f21c331ffddb2c0191f5e5be08d0951bcbd292838c74d741a92b8637ab5fe146c7a385b2c34d48a2aab0c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 353773b0c4456c29338d6a08d78c8cb8 |
| SHA1 | 2ad8a9c0d52bd01c96a9f08ecdc25b05cbaf8a2e |
| SHA256 | d1b3525cd0f127017cbaa27a6c97300ecc35b3a179b6a95011e28348f118a8da |
| SHA512 | 2a5184843e65a7026ad0c4cd5e43cacf7f3de9ab2355a2dcc60bf4778a1d29138dc9160116d7ccb3f9a25231915f169f2099ef18c6f58d2a41475c681102410c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581299.TMP
| MD5 | 167c5c4a623e21abb2d22c95b0eb972a |
| SHA1 | 7eaa3660bfb950bea9a513c17a2282c776d81e7f |
| SHA256 | 8ed14aaae27f78a5e10b9d890fdf81d29b539fa2b9ea9520f1745abbe43b84ec |
| SHA512 | 979e63a39f5abcb997ab426c2439d5cdf9c9656c6fcb0c2f837e13bb64efc1ddc0f736d5e4ffd7a8e173b074feaad4b857be2265a780f7d2be2853fade5f893f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 652b585a17a96a8daa97ccd0ed8922ff |
| SHA1 | 35419432bb9180f5958b22b43d64d8711d4f13e2 |
| SHA256 | cdaa0180f9286e7d2ab77984138aa17233d593b7b7a2a801376883e0ab6478cd |
| SHA512 | 2d1f60998770b0499a09101ec43c8880a62f8f413ffddae8aa2230016de4a9825ca028a89fd1ffe513d926a0249deb7572551ee59e2360bf3e1caaf43b66b199 |