Analysis Overview
SHA256
a9d59121b275f9a60963cfe0d735606cffa9a7b73231297da2162b47d79d934f
Threat Level: Likely malicious
The file var-xdnd6hs3n-40.html was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Looks up external IP address via web service
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies registry class
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
NTFS ADS
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 21:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 21:41
Reported
2024-10-27 21:44
Platform
win7-20241010-en
Max time kernel
119s
Max time network
129s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436227169" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000026c46e291acb11636298b929b233482598785d00096a70d3eec0327ce82d0158000000000e80000000020000200000000f6502ee2583494c1d8fd43ad74f44851f220acad7e836fd82a670a47b159c962000000040d1b315af0f5325f08c4a2bc4062302a804deadff38d0806f4cb3f1390d1c3540000000e6c7a083eff4d978a093f6e44d0a7ca409056a6dace3d6aa7284a061924fbb2a46ec0f82ea1b6651f725b7eb2b07abc99edfe3ef7d32a24be22cab969f495b58 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c067fc17b928db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000068405b1bceb51d47b74bcab9a95c13f26b47ebc07f0ccd381e2e367dcf3abe9b000000000e800000000200002000000031efecdce7187c320e8f8772628dd22ef8217f07f6a9e7a7cd1b43fb3807e71290000000ca82e23d1952c316a819e007b8a9323ba967e4d6c471b575d66b6fa882d4416c5cd54cde3a5d66b0b950b9243b4e4bcc14223208d15e4c73fc9898c1d5969a8976ee5265335c553ded0f4c107368074241c2c4b61c28e97d038c51a435d70f76a74330184242afb16b40b934e2cc3a7b962ae6dc88ebeada7a5e9072997aed653b609c4e0face2589c49f24fe3a55f0d400000000470dba278824ed950012d9ad5cb5a289ac9d595a60a3bc0a261e155329818e6eb8045a19136b692333a398fcb26d4fc7e9535b9376fc9cbb9d73b3e0abcb03d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40BC9811-94AC-11EF-AC67-6252F262FB8A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2032 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2032 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2032 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2032 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | utopicmobile.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d13pxqgp3ixdbh.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | locked4.com | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| US | 23.22.126.183:443 | locked4.com | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| US | 23.22.126.183:443 | locked4.com | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 2.18.190.80:80 | e6.o.lencr.org | tcp |
| GB | 2.18.190.80:80 | e6.o.lencr.org | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD453.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD454.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9186a444a95240c2b5e753055622bd3b |
| SHA1 | 74238539c1bc429803ca800539927246a96544ad |
| SHA256 | 714b1c133ba1264eea67ad6ab95b943ff412f369bd2d3c2ace73683d25312e19 |
| SHA512 | afc6dfbbb4e389e0c614b66b65575b7d305ed94a46465a511dff3dcb8e55547a2a62a30c3afda7388db55b5354456fb2d1a006a21a40e5df556f6ee4d6adaae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0a5a2139f577781c85ae42ff88283aae |
| SHA1 | 2a99fc68ac60def63e4f18007736e62f72f433aa |
| SHA256 | 47d6effe966e3ca1f209d0bacbea226c50a4c0dca6bbd512af29923d5334ffa9 |
| SHA512 | d21bcce8c48419208fb907197c3e7a1b299783f1a941c69da304524c82dc13c4c64ece482d77af7b27d7ee7d8f64675a6e9ad03d82119b95aa4f6fee367f9154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 1dbaf05269e57cecd95c103ff2e97cd5 |
| SHA1 | 228b423f002ea383448a66b387b5c8d4e3bdad00 |
| SHA256 | bebebb51cda0a80b685fbcaf6d042c621cd76ecf9e20a163439fc6b06412368d |
| SHA512 | d40d70029ead32bdda7a1aabacc71c4ff45e808916039c57d232a444c22f420ed9e6516dfef5c327975d3ab557a47e31bbcec3bf0b727899e05652a7016d5c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | f2bfbe02f3d7331e47d292374bafc577 |
| SHA1 | 70866a7b993d2d289fb5151b41d708a85bf43721 |
| SHA256 | a78fcbdb9059fe4a101ee58cd6f392650ae30919a7f5a8da8eb65e9c807f77fe |
| SHA512 | 4f675fb363276df45f32053c0384923a069a0a7b04ee7020bb8b8aadf1517aceb1b3eb79cb2e9db846dc70d57d7ac0aa2cfc1e25d00f7d75160b3387219ddfb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2336d249bb2271a30fb62d733dcc96d |
| SHA1 | 2163d08bbcc58327fb7ff01eb9963d9f06119921 |
| SHA256 | a72bb33a21bf5e90fbbef9b36a25a2553624e9b5cb65e8cf65ad5b7a174be40a |
| SHA512 | c5c449a07f90297ead2069d3a8382006d0d2a5dd40d343be6e182d31125daf97ac537ffd0086b213da331c2572587c5df536b6a5638250899d8ae8e19672b9e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_97769FA94627046053C91C794A3C7311
| MD5 | c1bd77262f852d471364ec25356b6cae |
| SHA1 | 9a54f6ced676a617a796cacc57ccfe3700f6b22f |
| SHA256 | 5cda60860f5ba0f7b0e7c1c204f39f4bad91b745c81609681632c90a88256744 |
| SHA512 | 0fa99c4fb84b507c61201b80122b29e8e6fbd9421bc6920f06c7e0d271eab01a24c22e3e8512996515316bdeaf11e40c4268b0144e4e9fc8cbdec85bf2a2470b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d12704f19f43952511b9759c41381d90 |
| SHA1 | a5566e26a0bb2fbd64496e68f308af34e0006913 |
| SHA256 | 00fbedfb487eaf26820bd561186ae547ae1a85da423395eed35a945cfd04cc8c |
| SHA512 | 89dffa72f8f39ff2d397d614bb3166ad62c81eca6b23096d394537bb6d73177d1b3bcc5a66f45f6668a7121f0b20a33bf6c1734d33a2ce96581c91b0791abfa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | ebaac85d5a25163462faf7cf52481c5b |
| SHA1 | 3dd7d41e1bddc4abecdc9dd3bd04cad8b94b4391 |
| SHA256 | 6110d46a07273df78a4b1df7a7ed86d5cba3cbbf14d9bacfb60c2e73160b58d1 |
| SHA512 | 0a6da59c182566b154256e093ef5ce24c952055442adf05a9e51b8e3e8c1e237363ce2d68544dc5d5e9e15a1967ff1825d275a002c526643a66aaf80a2f43a16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b427c0cf5a130fa06e2c2746e0b25d1b |
| SHA1 | 3a8d8972f61cc57bf5f00cc59e1e2c0e80cbcf4e |
| SHA256 | 4e59df5c36112b7e28728e55894611bf994fff3e689c64a2fd8ff4ff445fac49 |
| SHA512 | 830b9bc77e6bfd1854a08467e96c2170c24ec28f1b152a40de96ad90af8f879eaca3b001f813a2ab99fbe47ae9a2267bf5178d7708a9344fe1fa5e5dd9c919f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be3bcac6aa83b829f795aecb7ddef36e |
| SHA1 | f176b4dc0109ead7c980d1d5c381cb62250e4304 |
| SHA256 | 6e9295b1a7a0214c7a94d60d4f4f30f2f56a18dbae62a5174cfd6b907ad12595 |
| SHA512 | c0d726878bccf1495bd31536cee75904bdbe5cadc63afe4e4b124c023b69c50bd60e14d05c5bbe6c7b28310e78a292fb5265d13f2e8930d08c1f2847a3b2f2bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e39ce3dab723067bdd1c8e640a1a4c7e |
| SHA1 | f1472664d9ec4d1effaad6441aac0b4f4920fb5d |
| SHA256 | cd71f4533540e88669e169308e5459a25ac0852f026ea73126cf68b639cf6f3e |
| SHA512 | 43a6e827f68a8b22e417bb224159b94ed874ea4da7b7d3662c12a6fa26f675dad01c4f51fb0d360e29a7aa0c89aa9cc968f18ddfdbb97038d4958ab5077d9ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d65d2cced7db4f24e8c8fa61755ada5 |
| SHA1 | 0e11e2a9493e6c7c2718e5b4cd62cede973b3df4 |
| SHA256 | d19fd016e8c69bab6ea4e831349364da388d50e9557e369647f41ee4d173fc7e |
| SHA512 | be18ce5c6af5bd1a4656f1572cd47064a886d7e43ce6e1a8ea012d4419c2d20f6deb5b94c76513a05ac36dfd8b2f683fb695e71fe78baf039009365f38d08568 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46415e60daf59bde8ea3cee460e668bd |
| SHA1 | ab07326d67a2b74fb7ad2fbdf9738d1348166f3c |
| SHA256 | 205c219e2657de9f9850fa510a0d8cb2bfe12a36f79456b1443151ef895aa4b7 |
| SHA512 | 534807b22c8f612cb47832be8e1e69de43f5ec3fbdbff42390df803b2f09a9b4070bb6029b745810d35adf1c87c4ce844d5ae00832c76bfbed416ef6d63d74b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2ad3302b0b26a99ea7866ad13ce5108 |
| SHA1 | 9c5be8f47c4918a390f20f32fc1a0ae42ba41103 |
| SHA256 | f5853cff98c91bc0c21fdf1de323b9a38f19fe82cdf3bcad61a08f73755484be |
| SHA512 | 476a05aca93dc1332c58ed97814e5f21860c6702782f5a24ce47487ceb165090bf771553cd8f1b51bab911d89aa158f2b202d28a1971fa11ce63fcb3697f1d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2e4017bd51e0eeffc824b6705c29714 |
| SHA1 | 16d4a87bd25e209f109eee232d44c4ad34067023 |
| SHA256 | 9196d1e921a06a7beed9e0959fbf97fc748e15abf3a64bf59391b8559b1abbc3 |
| SHA512 | 14da0a28a6efe4bf2b11774cb88d03b00df0afa7e4d12039bca430f04534c800e20283fc686b9199d8ecca1f3d41e48d991d8ef35fbc1326c040b9ef0e5b1393 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29cc2e6787a4b2e448734c6e07e76354 |
| SHA1 | 591f0988adf1a56b667cbf5765589a17ce063bb9 |
| SHA256 | 5c8577eab08f5277bdf0bbddceaa3259d93d7cac98349cf91d62afe9703c04af |
| SHA512 | 2fb3be02059bb922123808bb5e6010f989c3e08d015fb31028a1f2babe8b60d75c3cdf6c667d739550f1cb2798bff6da506c292c72f4ba185715c54400c31ed3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0342edad10d5dc739d3a806401a232cb |
| SHA1 | 25e620423632470d720ae6351424adc72498ae36 |
| SHA256 | c24966f347f737cbbc544c4cb5e6267a7175ec7e09c66792c725fd0c3a6c85f5 |
| SHA512 | 0c252f5167952e9078f5377ec78ba6c8c154b6d458fd3d8b3dc0a2c66240fa7be8f1cff507e6c0d2f3385f9ddc971ee3fb208120db4549335d7832d2d3be1a50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e9291517ee4e78d9431f3e9b296bcd9 |
| SHA1 | 951f045b776ed00ebb457bec78ee604b6888b279 |
| SHA256 | bf7ba2a0ace5eea2a17738c75eab4654eb18b967dde646166756551752464382 |
| SHA512 | 80e2652fc8652fbb84aacd1de10b6d5b559d9d55347617fbf1ba786dc9127a12d91882aae9a064c1981b7d07adeb22852a7d4f5c8524628bdcc4ee1a963a7352 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db915650b63a61c193a5e0c6bada28f8 |
| SHA1 | c829b480b69312eea76767f3bbc2b9e0fd1ec102 |
| SHA256 | 84ebff8e000f4f3ea9c487f1d1336660a128524ae8e13791f4a5fa404ef5f0a5 |
| SHA512 | 210b8171e7d14e7eeed00c8e837a145c88085b3ea6ebf9e17736badeaafd5db8e1fb59398547aa5ea64ea0eb2f1df83719854526b83273cd5135389d39849e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e74723e9467092af3220a2fe80e1a2b5 |
| SHA1 | 2714e2b160fabea03d09679b2b59c4921a3d5059 |
| SHA256 | f1b9459ec0298aabbe260df678895822d4cdb383ca33b5c18226b3ca6b1931c7 |
| SHA512 | 3e8b3dd71583965cb5deb425235a3d5d471a5edf1a41919d711b77b409b1044b8e766c5915dc44296467cde55b578265dd755f6b50e53c1977d1fb0b40b485ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39d4a69f50b9fbbaddaea5f52faa1e44 |
| SHA1 | 443b9322986a6b61165fc34cc6545c4bd5deaba5 |
| SHA256 | 96266e59f3d5aed93184ba43e6e958d9c2aae066d517b7439297d78ebe53dd77 |
| SHA512 | f781a24d309c6ae2554be7f7dbfa12ee275e4c94db90659260dc64ae6901f90346bcefa81ab4b4b7df086c835edc77af3021c236b7923918bd3d4a4120089a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fa2923ba557848cfd8046e1879aafad |
| SHA1 | bd2f4725d18c4f5452ee329f556d2b7b79fd4dac |
| SHA256 | e0a757cacb192eb3d6186efe316183612e825bd8a24c2c04e936d7dd09d19a82 |
| SHA512 | 53bd3f560b24a7e221a63aed7796a334be53f4b06b8af9ddac6cc53c5faa6b9fb71f7271abff5480afaa21c6f5a729b3cebed8089f51fccfff0e11fe4ce04e0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89514893cf1ada1ef48cb685b70c74dd |
| SHA1 | a290f60d68e747d59e2d7a4b1da390b90dd373c8 |
| SHA256 | 04019462edb11252efd1a1c80e937a883e0fc9e7b363f1b4217b3d8acd0b88b0 |
| SHA512 | d400adf32f7a7a7cd92f6e0ae3bb56c563241210d068732338006179f2f15619245aa167d0debe1d5cf05216b57f21131370309cb4e9634b6cc6b581401974aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac61596bfe5f6d2054c79aadb6f1e216 |
| SHA1 | 0b0a0c952955d72f35f9afbb91de31604eef352c |
| SHA256 | 8732df1744618f8b81caeebd9b0b3fc7d9690c085f4650b2e21b413054376677 |
| SHA512 | 1359f917771d7415ff7ff7a82937e884af029ad150cbf3bd2fbea2797cc485d332910c18700ae3fc7756903b023bb63df488f3011eff57f9e84f8c763f271cab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbebff787468f0d4f410c39102a3bc6 |
| SHA1 | e864f0ac3cce805bb1cad6b8e1fcba5f384024a9 |
| SHA256 | 3abd179d525261873fbc5582cfb74fa24d7d4bc6487d8884748587ad19a0ea28 |
| SHA512 | 9b817faba9487a87581ad65f6a0d219e264c3cbcb8fa2262367d040f96a7b81f6b354ffc363213f94bbece597ea0f27643e5abf8eaacaf2704ce0d67473bdcb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c31b25cf34117bdde0df18464053ac9 |
| SHA1 | 501548effbd74922506a1171fe2bde1d6fc58ef2 |
| SHA256 | 6c608df186848726f7c07e330e48de615c4dad211fa1a77fc374f421b155caa1 |
| SHA512 | b5774d2bc37cb25446e3651ad75fe0492811c7acc163e7e4c0456cdd5a6c6177f28e428ad0182f7c62888f86355334825de604c94403191a251aac6ba332462a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a383db1c220a9d7aa650fd554f72bb04 |
| SHA1 | fc3405030ca01bdfe52bced6e266b85e94ba5fa6 |
| SHA256 | e588849b68088d68610975efd80519b797240ec9fe72999868ebf3ee08b6b085 |
| SHA512 | ddc9f84b1b712ffdd03f79bb07920ac71dd32233d8545525a005b955e34ea67d4971efa87e922ae445182205e79e9747a78fbdc83673fe6dfc4d429695ab7488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a7ed6730d5ed905187be044cbfeb5b |
| SHA1 | e71d69540192b88312dd457fe40dadc5432be0da |
| SHA256 | 45c46a54d76ba8871d517b98f99b9f0bde0372681341cd560062222cb9f93f63 |
| SHA512 | e1de8a9d01e481ee9be93f0da7b367d7b623b10428fb4b9720e700bd0f1756e2a83375e6633e6b70ebeb718bbf6cc1f97a94577ec343c3676f4ae3f34d3dbe38 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 21:41
Reported
2024-10-27 21:48
Platform
win10v2004-20241007-en
Max time kernel
436s
Max time network
438s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "157" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 346745.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 967441.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\var-xdnd6hs3n-40.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x330,0x334,0x338,0x2f4,0x33c,0x74e28c5c,0x74e28c68,0x74e28c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==
C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS09F5665A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x72678c5c,0x72678c68,0x72678c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x11b4f48,0x11b4f58,0x11b4f64
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==
C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS026662FA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x71a38c5c,0x71a38c68,0x71a38c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe --server-tracking-blob=ODJmN2MwNWQyMGNhMDQ0NmJiZjVjMjdhMTE2Y2Q0N2ViMjc3NWViNzlhOTJmNDFhNmExYWQyODU1NjI1MjM1Mzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInRpbWVzdGFtcCI6IjE3MzAwNjU0NzIuOTM4OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0xWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI5NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjYzZjZmVjNy02OWI2LTRhZGItOTc2OC04OWQxMDU2MmI5MzYifQ==
C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC47BEEBA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x71a38c5c,0x71a38c68,0x71a38c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1608 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027214451" --session-guid=a2ff8f8d-21be-496d-a2dc-956ca434d53b --server-tracking-blob=OTVlZTJmNzUwMTNhOGI5YmNkNzNhNDQyZWI3NGFiOWI3Yjc2ZGM1MjMxYWU1OTFjZDJiYzFjMjFkNzE4M2U0ODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9MVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0xWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NDllZDg1NzhmOTc0MjY2OTc3ZTYzOWJjZmFlYzRhZiZkbF90b2tlbj02MzU4ODMyOSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDA2NTQ3Mi45Mzg4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfTFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6Ijk0OWVkODU3OGY5NzQyNjY5NzdlNjM5YmNmYWVjNGFmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImNjNmNmZWM3LTY5YjYtNGFkYi05NzY4LTg5ZDEwNTYyYjkzNiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=CC0A000000000000
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x33c,0x304,0x340,0x71a38c5c,0x71a38c68,0x71a38c74
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,754919348121094679,17518460196653551977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa388d855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.227:445 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | utopicmobile.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | d13pxqgp3ixdbh.cloudfront.net | udp |
| US | 8.8.8.8:53 | locked4.com | udp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| DE | 18.173.226.217:443 | d13pxqgp3ixdbh.cloudfront.net | tcp |
| US | 23.22.126.183:443 | locked4.com | tcp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| US | 172.67.160.78:443 | utopicmobile.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.226.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.126.22.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.187.227:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:445 | s10.histats.com | tcp |
| US | 172.66.132.114:445 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get-free-9950-robux.blogspot.com | udp |
| GB | 172.217.16.225:443 | get-free-9950-robux.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locked4.com | udp |
| US | 23.22.126.183:443 | locked4.com | tcp |
| US | 8.8.8.8:53 | sdk.lockertools.ai | udp |
| US | 8.8.8.8:53 | cdn.synthient.com | udp |
| US | 8.8.8.8:53 | cdn.locked4.com | udp |
| US | 104.21.35.145:443 | cdn.synthient.com | tcp |
| DE | 18.66.248.104:443 | cdn.locked4.com | tcp |
| DE | 18.66.248.60:443 | sdk.lockertools.ai | tcp |
| US | 8.8.8.8:53 | 145.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.248.66.18.in-addr.arpa | udp |
| US | 104.21.35.145:443 | cdn.synthient.com | tcp |
| US | 8.8.8.8:53 | ws-mt1.pusher.com | udp |
| US | 18.233.61.187:443 | ws-mt1.pusher.com | tcp |
| US | 8.8.8.8:53 | 187.61.233.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sockjs-mt1.pusher.com | udp |
| US | 52.55.106.120:443 | sockjs-mt1.pusher.com | tcp |
| US | 8.8.8.8:53 | api.synthient.com | udp |
| US | 8.8.8.8:53 | stats.pusher.com | udp |
| US | 54.163.133.251:443 | stats.pusher.com | tcp |
| US | 8.8.8.8:53 | 120.106.55.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.133.163.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 23.22.126.183:443 | locked4.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.rdrclk.com | udp |
| IE | 34.253.72.70:443 | go.rdrclk.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| DE | 18.154.63.32:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | mr.macgsapptrck.com | udp |
| NL | 34.141.179.97:443 | mr.macgsapptrck.com | tcp |
| US | 8.8.8.8:53 | get-gx.com | udp |
| US | 3.234.128.252:443 | get-gx.com | tcp |
| US | 8.8.8.8:53 | 70.72.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.141.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 52.59.128.198:443 | www.opera.com | tcp |
| DE | 52.59.128.198:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.128.234.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 198.128.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.217.199.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| DE | 52.59.128.198:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11199305.fls.doubleclick.net | udp |
| GB | 216.58.212.196:443 | www.google.com | udp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.230:443 | 11199305.fls.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 172.217.16.230:443 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| DE | 52.59.128.198:443 | www.opera.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 2.18.190.136:443 | snap.licdn.com | tcp |
| DE | 18.66.248.106:443 | static.hotjar.com | tcp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| DE | 108.157.4.122:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 122.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | udp |
| GB | 172.217.16.230:443 | 11199305.fls.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.19:443 | autoupdate.opera.com | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.69:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.201.89:443 | steamunlocked.net | tcp |
| US | 104.27.201.89:443 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | 89.201.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamunlocked-com.disqus.com | udp |
| US | 199.232.192.134:443 | steamunlocked-com.disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| BE | 18.239.208.63:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| BE | 18.239.208.63:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| BE | 18.239.208.63:443 | c.disquscdn.com | tcp |
| BE | 18.239.208.63:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 63.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 8.8.8.8:53 | a.disquscdn.com | udp |
| US | 52.5.112.135:443 | realtime.services.disqus.com | tcp |
| US | 199.232.198.49:443 | a.disquscdn.com | tcp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | 49.198.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.112.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | 18.82.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | kinarilyhukelpfulin.com | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | ordinghology.com | udp |
| US | 8.8.8.8:53 | ukankingwithea.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 104.21.80.165:443 | kinarilyhukelpfulin.com | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| GB | 18.244.164.40:443 | ordinghology.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | d1vy7td57198sq.cloudfront.net | udp |
| NL | 13.227.211.2:443 | d1vy7td57198sq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| GB | 54.192.137.82:443 | loaksandtheir.info | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 165.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.164.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.211.227.13.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 82.137.192.54.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| GB | 54.192.137.82:443 | loaksandtheir.info | tcp |
| US | 8.8.8.8:53 | vpnbest.cc | udp |
| DE | 207.154.213.139:443 | vpnbest.cc | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.savinist.com | udp |
| US | 104.21.77.171:443 | www.savinist.com | tcp |
| US | 8.8.8.8:53 | 139.213.154.207.in-addr.arpa | udp |
| DE | 52.59.128.198:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 171.77.21.104.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | download131.uploadhaven.com | udp |
| US | 169.197.82.27:443 | download131.uploadhaven.com | tcp |
| US | 8.8.8.8:53 | 27.82.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_1808_WYPFPGKRYAWECZPH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 294b6d4142095b2a2cb38cd99c566ea2 |
| SHA1 | b0678371307e9269d26a176daea47a031cc6096a |
| SHA256 | 34e818189c373c37b768fea2f089d05a7f6234379b0bc26ca7db44f475ba3b9e |
| SHA512 | 695e47ed8b6e694e954a2dd0ed799b487bd54b29550870a1c13fd0a21cf5f6692cd9b3cf916eb5d1a1d8c603e0512ee8c3f86f73f6fdf6d563a04e8986c23a41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 707e84c7767a731ac5e27663e661cd6e |
| SHA1 | 369d8946fd36a3bab92bc743cedc080b7a6c7f2b |
| SHA256 | 53f1504f37b51c835563cbc6504ff82c1bfff663a0f079faacca42ac86e60d84 |
| SHA512 | 306bf070851fc6f6fb5516b409e88406f771315657f470392ec0ecabc6721a5f5b9ab71f3fa7e7ecc1067d75fa9ac7944d3b987b24708be504b206b7431ea557 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf0e5eb1fdd9b564246dfd5988d64ba9 |
| SHA1 | 6dcd1eee13cb0391966f6b2fa64d2e5dcf383ec3 |
| SHA256 | 9c84db5651de53e3e7f168ec828dce216d67f7cc358d0e2e070b22dd54e45aa3 |
| SHA512 | 8c7535353ba8c8627adde3886dfe399fe9b6edd14a5dd5e4efd9be9f1e9fb1ad32b252ce9696f5346606a357e1dae558ba393f1796b73da58215d92dd501ae73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dfde047840c35bde76340ba387241ebc |
| SHA1 | d45833b8ed86890c69055bced8c1dbdce79e3b56 |
| SHA256 | 600f94c32262308e9e609159b202934cb57d59750b9e5204991901974874844a |
| SHA512 | ad36fbfba2a6a287c094588a5d9ef6c0c22d6a9879afe362a5a4198e9640a1114e381b19acbdeb3369b944e4b72f50945ea8d5920c1fe76888d579f5d78a834b |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6599cc825dfa1d6f9bed80342df15f04 |
| SHA1 | 8e0551a54057ab86e4e499b33d58ced7048ce854 |
| SHA256 | b0b0212159bd324ab42b0214a5566a71b6fa6c5d2e7885e6d1fe5ddc0d00dc74 |
| SHA512 | bd08bcd3a71ee4fa92eaedbe868a14e125e71169b9616bc035a71da8289a43fbeb852f81d1f2ac29754d2246ce6f4d290f0ad5f87df036211a1b9963246daa57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c89b280e7060234c25bab48698346ed2 |
| SHA1 | 83a26fa8bedd71527ef822b2a35b3ce1d5628fe6 |
| SHA256 | 2a7014454f1545a7b71842c4349d041f5db7ff0e4ccd4e099070d6e838a084a1 |
| SHA512 | 350121113c3aed8e210f33daaa9130febedea21778121f9a54d1ac938beb2149c63396ef262cc8b05d7f62c8ff4d69da21b42183293e4ca7cf90f6e9a1ee94f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 160f403baa1edf74cbd96712d75597c3 |
| SHA1 | 1c70e526bfaf1666329743868f5c8e70cf16f0ff |
| SHA256 | 743640cf70a224857885769bbd4efc033b02e92daa8acea5c8d523f8de50a6a3 |
| SHA512 | 96403abd1ff6887ecb5a4b75bc57ea6f9fefccc90494097accf6c5917d2844e8d222ec2abcb68f292417e7dfae165a9a84548a453b561c8c23a690fcfd65523a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591dfe.TMP
| MD5 | 76eba5d9f1989e2a927c2ba7f529e17c |
| SHA1 | 72252e0c32cd6ec0561cf35f8c01a3e766fd8698 |
| SHA256 | 1072493b20a0bdf84685dca6dd25e0e2dd7bcd80862bf886cfb4770a12f146bc |
| SHA512 | 2d21969c95cf1a23e019378f3e0be91ddcad81e9e2b38acba3f83ab5d96932f0b88fc1a918738a5d54587b604922af5b676a4bb3a10b5386efaf1ba67946ddda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2166b9c3805992de2637dfebde11b54e |
| SHA1 | e8310fa76b6ad211a4967c820682f0a117377dbd |
| SHA256 | 0386fba0165e954a60b2f9e9732eee8bc82f8c89b3fa9117dfdf658eaf244c97 |
| SHA512 | 88c582c1668c804254e32ee7dedb2d5f5fdb71220e561d5ccd467f610c72f19ad62afbdb524f998bc0571b641c7020fba2d057ac9bd5bc5fde7bb43a8dba328c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ba97f0dea15b440355648a7cc4009ef |
| SHA1 | a5edc56a2df502f9b3d6316f7023a5c355ef755d |
| SHA256 | 4cfaa6621994353d9ece6863c4e4b577d3b51adf3024056d9e5989eec0fd3687 |
| SHA512 | 8eee2f87b94f8e8b16cd16c55e3a476d7266a5f7159ff8e01dd335329f2c4a6a119f85f8af6d163293fcfddee567f628c3a5522aa664ecd57606d61729b6d608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b1bed0983c74bd82294b7718dc58095 |
| SHA1 | c9407f9c1b2f2b71ed510f12411bc1bedded00a4 |
| SHA256 | 2ebefdfa7a243b844e3cff8ddf1754b2a74e62e004748e9108532539a2273bda |
| SHA512 | 494e3537cf5395e0161bdd98a12478ae91be9eb7256cf4e9878fca8d39b4f368c5ea8a26f2c09ae0ed5e0fda33bcf37354d901fb9ff52dc48c74fc240057a78d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e4c5d98358636c726fb83dc81300616 |
| SHA1 | a7cbb83f58b175775c0884ccb2e33bae842dced6 |
| SHA256 | f4257adb8017e4e8769e754e7065fb697f78852ef8ce1e9ed23e09e95cfba3cd |
| SHA512 | 735b3faa646dbf9a813fc86f04624b454189fca5404aff2e365722650909a018f6a16714d6ed99655df09e487b2395a60ea4c7fb69c7d98c90ca8cae166c39e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55bc4ced8f08ab544f65f0fec67a1d66 |
| SHA1 | 2b7ff099eaf2f74791b81a4aa3585c63dadc19db |
| SHA256 | 5a68957418e57fdf0b7c6870806446be081cc6eaaf96adb24655749fe15600b4 |
| SHA512 | a8ac307127c83896abf9384ff3f687236eeefcde424edf2695170d1a128e3bb1abf527890c9650cbaddf3ae6009aa5d995bd100e47f0c22f1fff05cfd8a1e8f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 31d22f287dee0bcfa3267005073860c3 |
| SHA1 | e8e9d2366195a96e8c0ae64b92e2958e087d346a |
| SHA256 | fbd719294726c6789b6816f852e307d75028e8296f555426fe257d8cf2f738c3 |
| SHA512 | 1a1782b3fd0ba627eed17e26f8d914ae7d080675aa342e480f693c029985b1ec8db90503cef01305b08a8b38c535048569f8ef1a2365c4bf840511ca66ffbddc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596ff6.TMP
| MD5 | 1aa0dbff6e543104c9ff3fb0922f8ba8 |
| SHA1 | 4f0cbdd953f927de4c0dc83065143ef6465e98a0 |
| SHA256 | 22fae3889409afd12c629ecf2214e3f5c7cb9115170a084f855e962ae152a4fa |
| SHA512 | 2994366e13900460f1f1b1f60cd95891388ceaf755dcf5163531a18c51a76949fd3795c5628650f92b8cf001775d264943f46ee4e695d4eb1cb54466f4288f6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09d0adccd5880c2861ed425d2a8ea6dd |
| SHA1 | c879761df0317b37560f8b3d81653a3454fe3c84 |
| SHA256 | 659f027b09190376c06ef7ad42ebd90820132b93905d175488b4a21d140b50e9 |
| SHA512 | 220d8ead522e2336cdca8997f87e1294d26e0ba5abd410118f05e51a909c1494171bdae9bb335af940e9cf1aa58d4ed7ecb8cb8d18fb2709c16e83cd61ca6c68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d18d75041def9792ea050ce6a4bba23 |
| SHA1 | a8b55993a0e6bc6658b715e6d3e015c3df25b5b5 |
| SHA256 | 01e6692c2aa16f175b62033265b0a8263ee8045f25967b7dcbc39b9b5d9f16be |
| SHA512 | fbc6fd3528af5066a03681c20b5c3ad27b1cb96bb27e12531a9aa6b047e3706a441c5adf9f96569d0a6c04c96a567382290068591c496eb642c671212fc5daa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8a9d675-6959-4fce-b000-81364347b73f.tmp
| MD5 | 358c395887a2d512a0c943e7f3177aac |
| SHA1 | 9e2c1712b878acf399128e2804af1930666debb1 |
| SHA256 | 02eb46e2b4c007847e148d147eb8014bcbcf1352f975e0ec60d6881e52d926c7 |
| SHA512 | d14720277cccfbfcc5f4174ffa2b1b69c243983b1d880399c4b040b9e5521e035e51aa3fa352e74b74a0c6a301b49942c3713e0a76016064a1aa2575c4e29635 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1c5f8f753b472d1ae7d212a9253ce973 |
| SHA1 | 21e17e0408895e478decc8fceb8a590c485bdafd |
| SHA256 | 48d0632435a089231b5160acc1442fbe0ace06be023bb5fa31ed9d905727aa6e |
| SHA512 | 29752a7b04c15d38920d10804697a2ea25631019bc852e81676292e2d97cd4f806227ac0ae89fcd70b40ae011f4a4ede08a896513794efcf3d195752cbfec047 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 5d3e2737abee42b9158377a19e073a18 |
| SHA1 | c2ac84681ba6eff8ca8748cc0254f3fa25bdb4ab |
| SHA256 | 44e04f62b95272b42d61c49187bcf5ca4767ad1be29c2e04574e6f3a32ef37f3 |
| SHA512 | 404c7db90a638ba50588e9e494dcd907009e3eb40c373aae739c965fa0c8bc7fea844cd02ec3933ceb6b5d539a7bb7d94b6c7316efdec91b9a509ae21157b345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 5a29b8b7b2d5951121a17f39308b43fe |
| SHA1 | 71df5cb5b3dcc5bd5b1e6060d4164be93cf6952a |
| SHA256 | 5ce1acc67bcd73ff2308293361cac90edecc2a257e5bd84b6c7879d3742e2ceb |
| SHA512 | a761f4f30438ef421421ac52adda2720accfce90296477321624e0f1d6c6288ec4d4feabb730fc6cc72355c7ff29cc46b8f419648e5e3efc7475ecd7d12a33d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 027f69f1a1bd7b962e4a5307769d6bd2 |
| SHA1 | be0e91290afc3e31c3710eb3965b2269a70842c1 |
| SHA256 | 972c33d392344ec6e3ac678c766c9505a259f50dc22d06c5fa0349d29e544730 |
| SHA512 | 3754104d1d5b6aa978dd6d6cab7c43318e74df02e550a400538bd44328ae3249cbdb126a5747daaf1d0b8672f15613b9d1236bf21881933c6f6890b3fe39441c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | bdbca6cd39a21b94af5e37a7d95cd7b1 |
| SHA1 | 3bbd7a9c40294b9f26a7fda297a07cf68f4274a8 |
| SHA256 | fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50 |
| SHA512 | 930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 3f847c382a2326d5c67fe565c6f1e23c |
| SHA1 | ef180a6e03eedcac3f6a7fd4a46b89462ffce5d4 |
| SHA256 | 4f31c125937a2a07d6ed82bc9f7ddaa6c6f4d4d09c5839bbe5209c23c21097a6 |
| SHA512 | 43be979b42b9e6a434d8014d030a2f4a77c8c255841b5fe39ca7b18c71a5d4fd26bf2c51e69b88c6acc1f66a3a331e031bf1e94e78ed9c1773adc1d6b1c3e139 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe2fc74c8da2730fefd166e08ac5f560 |
| SHA1 | b85614120c9a9fe4e83330879325d6d1cb8cab0f |
| SHA256 | 598f4c5eaee9177aa2a6f60fc754d41830ed8f82c9ba662926928f87f28b687b |
| SHA512 | c435c4f370c0a97bc3e9eb56ca8ad015313fdcd82be8d0a873a707de1f5522fee9e5d534e356cebeb24acf75e884466bf432741c03eb5687a0de368201648d71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9206d7630326d051f5d0fda69dfdf72a |
| SHA1 | 03bc82a7b8985384d7816d7676039f50d9ca8e13 |
| SHA256 | 90faf5ca51ea013fa56ebeb2b564831709388020a07831a64b11f5c98020a9f5 |
| SHA512 | cf95ef42ebb82a377e14702763273e867e0d40808621439ea1d4abf1db66d511101ade66548db6fb83635934783866ee7f74db89a856cb5c20b1c2910895d756 |
C:\Users\Admin\Downloads\OperaGXSetup.exe
| MD5 | bc70b7d45b3687b6745deaaa4cdc441f |
| SHA1 | 24cc1088fdccd3a1f29930c8206e9ed93dc8a4ec |
| SHA256 | c1f67a4763e8061e95b277b9b1324738d1b02d0b7cd46ad97f179c34308c2b19 |
| SHA512 | f4c3e5f1fc4400215fcd692f7ecfc250bafa5953a8635b52ebb454d151a30e1cc11c6f7f09382c372954f3eccddc28a5181d9f99e832a3a69563128cb0b76582 |
C:\Users\Admin\AppData\Local\Temp\7zS0513346A\setup.exe
| MD5 | a910474aad1eea96921d359e1763d2fd |
| SHA1 | 8f663c05861ce93a1418607bd208c21dc7263237 |
| SHA256 | 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e |
| SHA512 | 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410272144489421608.dll
| MD5 | 94a99783bf5a9aeb8a0c8adcbb144ac8 |
| SHA1 | f5682606d1a3774a44d58a42391533899578897b |
| SHA256 | 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9 |
| SHA512 | f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea415f646c1097443fc8de18b873d225 |
| SHA1 | 27c169c3c1b1987d071c43e514256cf0e5e0f8a5 |
| SHA256 | bcba7d482d608564208b90dcaf767827efc5380fef60b8a275952f1ce151a13f |
| SHA512 | fa62e8b0e13b01f09ccc163e3274782a705255d6ea7e7a4b0a086554cf2e34500f045481f85ee10955a89e21a8b01d9049f8963547557e91f11ba1afa4be1b22 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | c4a02b40b2aa5fc24231ef00b43fe92e |
| SHA1 | 3978cda12cbcbdfb9994908d9185f5e0bb5e57fa |
| SHA256 | 6dc51f500e8b704832c44eb8b3c900130f9639b46fb44ea44cfec54e862170e2 |
| SHA512 | 220c92dc9cd2c41dc00fabd700915fba5b8be7e716379129dfe34e7ac5f77ab96a7909dcb185a74941b562bd326af19a0c5ed84057fa0071f0b5120bc67dfb76 |
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck
| MD5 | 05376348208c8aa397de220ccf4f9ad9 |
| SHA1 | ede582bd3c1005170d0540349e49106dd66643d1 |
| SHA256 | d6fdf1608d1f8ebee507044ae1898e3fdbda97b1b0debe89e16d390494319968 |
| SHA512 | 8d58fa1db8b51484d1d15ac87da8be52b6495345c70c0561c17be1e0cc919f3a685e977c4adf3f5f0e1bf034a038e8aa8ba6d1594eb24c1c58a9bde3b1167c2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a828e25ff4aad69c8eb33f6138e23b8d |
| SHA1 | 69e9c11c4da2f427179bb1ba9009119c106956b0 |
| SHA256 | 1d20d8ecf88b49d4e7dfc5818bbaa84dce95a69ed312de27a73d1959687fbaf5 |
| SHA512 | 106adbb971a7e4ce7c12d8c0ee0e91c57171cbac85e0017f6331ffd3250b6d7d92dced1383a9d3112322bdf5e6e7d0b85121654b05513119903d081aa3b82ded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | c1058115645d7ab6c530b41a6a6443bc |
| SHA1 | 0659735dec255042898a9089b2bef6321987ef88 |
| SHA256 | cc9de91916c9859561e0348317ee9b03c91ad77a25029226edd6d523e701ecab |
| SHA512 | 5e6ae203ddc8daeca29f35dccf417db800be915de1340d2a1386776b5442fb41474cb17c0e6dec30d617717f90893c4ab397582645e8849ac5e3ea285eae9604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
| MD5 | 27e7a7e68bdeed172befa3204b441289 |
| SHA1 | 87e3c12cd69166f0b71e248789b9a5f8aa8fb074 |
| SHA256 | 9b1cfb4887b8bab6f712c519b6fa4d7feb52412c4b6eee99b8e32696d6a8e4d8 |
| SHA512 | 59d8560c69633f342f52af24e7ce924fcfefed4b65cd37c51802425885464a36c358bbee9839148b765e12aa8a692146aead7dd70984a9ad66dc3bdb8a7dbf79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
| MD5 | 354cdf85d073f50ac92670a78d88b457 |
| SHA1 | 5c48d5b992815c8864cb2a386db18daa6f891db5 |
| SHA256 | e3158d8acaa4a73ec12ff31e7861272fad013695625cafc558abfc5301805887 |
| SHA512 | 6527de27d7fa350d26382d384169e6bb8975686666d0c5cdbe8408ee04350c9bd0ae7cf58d31f15921399a6b1a165f716e8417f3299a5afdf545c2802a8aee1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | fb3ad0052022397d5a1c8b766288d0ec |
| SHA1 | cf5024fddad85a4d7c15336aefe9da80b7d42cda |
| SHA256 | 050e59f261304198054be1e0205f2570c07f4e51e87e2c6109e660ef3120fde9 |
| SHA512 | 59b0bd85d438a8372b05824d86521f882d2c22fd4946a9bf58c9630925714f671f45a1d0aee2f8497a1480f93c9afaa8b1d14de29f9c03e9ecc82923146496df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 806377d08116c0024475d4909b690c2a |
| SHA1 | 61bebb016d8b0c44dcf673840041faad253173c1 |
| SHA256 | 534a090ce9a0bdabce4385188f52796ca9a5193d1859538540a8d8dda8a45a2e |
| SHA512 | 33c69016f43b4539a8ef2a2e839f1a428349e7c254cf5425692df45a337306d3af43c6b825108d3f9b144e2561175efe99dece6d6058bf7fa66c4391cf86663a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | a7ace7a352ba4b229c3562e1cfb0f17a |
| SHA1 | 64b631fde52bd98bd358ae2e72274c1f2e8635d0 |
| SHA256 | 662e5b1f41d1b0e9908f0047b292548837471d9503b46060f1a2c84a678501d5 |
| SHA512 | 550d24b96618678b06961ce9b8d55cc8ac8df6dad457844302bba693abb27784e8ec0302bc7635b4e99d6c10f93d05eb651fb33279df87b552763a5dad040306 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272144511\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2c7d46c4091eeda0dcc8e98953e649e5 |
| SHA1 | 33938f6f725d1322127253fd88ba32002d1daa7b |
| SHA256 | 42f398041d3c2926f545e376f235b00727e621ac6c026e1b1647bfc1284c7b89 |
| SHA512 | f7aaf3123aa8243135a0f609a0c35cf4e8cfe46395e8e47c52f4e2d971cd4bfaa50556dbb06c9b9d40969b1afb92b93078ca62db377b03cf6042c566214d43ad |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | fb2a8ddc16ef7cf6ca23b9369bf3821d |
| SHA1 | b6701b6d24e71424178427da45d92e27d9229a9e |
| SHA256 | f084c2a7744e05adf45cf190fa01fbc3bf1c64025aaf1745c0e0eb4205fab50d |
| SHA512 | 02413b81b76dc2a6fb945405254e23b905dd23c0467b6cc8fdcf727b32a1d75ad071cde045fe35126de936bc34516621281ce8c7ebea25d85a9a61458d4dac06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d02f013d86ac16ff2d2a2a026ebf71d |
| SHA1 | 6ee68eccb1b90997b36c34704d165681f47cf5d0 |
| SHA256 | 20e38ad6f6aa9d5153962f182c2cece7c1f85cab199300b5520a21af92f312d9 |
| SHA512 | 83b2882dd99557c00e5b23363bdc7b0314334f95605392b5ed7ed7f93ac4bfa1e7734ae043814ff3f4c1e7f500125be4d726d9e3038599e4f98a5896c26bed3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a5316d49f2fc503a840339f7b6e85b68 |
| SHA1 | da794567ff977264bb5bbf9374f7c0d1f48b02bc |
| SHA256 | b290b098c983693192cf35f1df49b6fee9b04e14ce9392d4e8d68e7269ffcae0 |
| SHA512 | 9d2590ea124690a4cf9a348592804b012c1e649235293ac12ed767718d303695f4e4ba5610a514378e300b3187c1e9ac7aedd98c4a5e86cdde14b4e5fbc2aafb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34ab50ab4df560743786866e3c7eff5f |
| SHA1 | ef08fc97dc65a7cafd36d3dcc189ac06cf8d471c |
| SHA256 | 6bd23fa335cae71378703b1741bf326783b245f47760828b3ad8c1400d8043c4 |
| SHA512 | 55f0931c2d80f59b01c53bc3113cf694e03cae4812202fa95c8a84e2a5dc941bae7dea3ef5f3bbbfe4204c7f5adadf871b5648390349d546f03f8eab97bedb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c056c9ee6fabcad50e6cc38e19dffb5f |
| SHA1 | cc98b41e6d666228f58d3d9a8957295ec07093e7 |
| SHA256 | ff1f79b725553a403ad16389e19a6f0e0a0af845f3667c91b0f047c2b0f31153 |
| SHA512 | a1cb269ace76057dd7e26f91fa8ab08a367e45835015a5c060bceba8718b6c921d84c27faeaf1a527a66a1fec953defbfc86eec34a820dd0f288f99e8f8b2829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 86323d0d2ae98ec790e70646989d7fa6 |
| SHA1 | 4346823a42c4a6c464d297870771a5f9250c1f11 |
| SHA256 | 445bccd193da7198af3ddf95895e78650c51e8ea4491a7d3117f4b023d6cfcd6 |
| SHA512 | bf9634f4c6d1a694c21ad3ccebc36074d6b716861b0074ef99f55dcc6beea5b1e8f9c5165574d10dde90ae19a158651c05d104597f69456e41ab0031df2be25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadhaven.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6ff37e94297ad78150033fbc05a264bb |
| SHA1 | 1ef2f57d4af581cc8441cb5f93c0c29150a24dfc |
| SHA256 | 0a93f95460adf0a8d1e1c0bf9afe3cb3a57b20da5fdee6c586a7e18e52f6194f |
| SHA512 | 5b8f741298cbb195775a082e97e2dd4c51b4decd32908dea6225dcb83a0e0c2795dc5b0ca2f0c4c6b8117766fdb0fcd0fc0692afcae0338f42366b1de05d2129 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a42928f217a8d9dbd36596d401c29e02 |
| SHA1 | 68bc2ac8dec1ccfe8b5c2e6681deaacdb3d19642 |
| SHA256 | 39f57ec3f04a1564fedb8f794ffe17d6cce4420204fed0ddec74f3deebfdcbca |
| SHA512 | 7fc5cda8b26a44add77e891e78fabc0bc28cb8947011620a06960f4b5cf12552b65591b12b5908f2064b66dd5bd753630cadf4e67840060f5285ed96a88d1828 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 5a647a245a5dd27775e8b96f194d1536 |
| SHA1 | 29f7b2e9b0f6f7103cded844e24b9c0276e1bef9 |
| SHA256 | 8463e57c3b598ce66e87abdabbfa04ebd0c8e30bf2812d03ade7c2f1d25f67fe |
| SHA512 | c6e869b245f3a15e29d45d07f623d754ab2ea36127a80899547ed472be39d7b7d90659d83dd9305036b84779062941d2a5b72202addbc5c1686922577fe01ed8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | b55285c0cae6a9afc248b585e2c4421e |
| SHA1 | eb6758bf803f777f3ae14d0562c9882395881cf1 |
| SHA256 | 1220d49f2d75d16c4e656edee1f684ab7f35303aadda5f41760194af980d429b |
| SHA512 | 04b94a4a51113f79ea6a6953912bf5fbb0d45190338e13be4195812cd853a526c01f4aea79130d4103f2d0a20a6a64af3033ced4eda249b978cd9d4bafa1a90b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 34d998b1b76e49cd55098b9596f4a06d |
| SHA1 | 89ae79d1c147da897edd43ab8fba030711b24de2 |
| SHA256 | b187780e0492be65fd50e601a85f3bea3e5edf0e15a8563b0fcd95c66e3e4cab |
| SHA512 | 9c734490da2f67609d09e35d271a212f1ab3b5ff8cd0d0b5dcdf6ff3363943be150bb0034ad61fd0e190e0137aa10b727ed31181abb9582831ecc3ccf17dc93b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | a4fb076b682f892516df3c2782ace657 |
| SHA1 | df4286021342a8c82ac3afc9826e0c98c4eb9bd5 |
| SHA256 | 266d8a82c4dd8f53b89af71315942fe422f9bfe7c946dd21312f057933b56e41 |
| SHA512 | 6d6fc13e480216abfcd8f6a3464ad4c78e0a8cae0a7471361a68874ce6e16f42674108f96130784a109b5a60bd58d938be2608f6b482ce2cb1baf794f93162dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | b039135e511383bea6cf8b5dedc1b4e2 |
| SHA1 | 92c8ae3fca3aa645135434e5d824e82c32df5735 |
| SHA256 | ff9a5211fb2d2402fee2eda77a6d041ea7917f3fdaf24d7c3eb8c0190ed828fb |
| SHA512 | b91528a4892738724aa106e18b136cd1da58ce1a6dc5cfe0e81dcf52170d2de0cd5b8eeb32c6b2ccdc60b837c0cb26cf203b7768f3e030dabf076045526c0ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | a3f61bb0b7bf3c9b7399ebeb260b507e |
| SHA1 | 0e589a316874773d9a38b675ae31a12905f2022b |
| SHA256 | 88e13f5501f3f830373b9e7787dfe70f3bcf0c04fe3e0ace2717146b1f30dd53 |
| SHA512 | bcff87e3d0b9d91b1d5c3814046ebe37a5271db44fae98779850f6cee5b64c880b805b66fd8391f47111e65aedb40cd186470b539c61d719ca7c0b4cb5fa1767 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | b9af01fb0240f849ba92eec425ddf7d5 |
| SHA1 | 6214e1209c76f9f46d459eef3c4bc03f5431f2fa |
| SHA256 | dd2d2b3fa1236d246329ba509f520840dd6357dbc50baff741d17647d6a28a3d |
| SHA512 | 3c88d7de8ed6814c1e7a92e3cbcab7587b890d98a32d2cef75b1d6034f80e6be0bd71d7ee3a555bcae0dae29c7411824e82f831c36be0bf0576965bc66894304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 80530ba21263b5e0f581b6392aebcf63 |
| SHA1 | dd2c36c5be2306b6a66a372fea390a854e1aa1fa |
| SHA256 | 6ef50659893f0b984668c684837c2d1c403565f1febccbc1734937407a71f7de |
| SHA512 | 740d12f6c6751ed3e9c00dfd5eced413753c69644acdc7f71ca607b28855bf90b397ae249124c0650c332d0a2f1cc5cb50c790d344ed9669e518fe22af9cb10d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 869048e32015b6cd10d298c95c642285 |
| SHA1 | 006b7f8aeaf3221e284188e5a27990a7dba60807 |
| SHA256 | 9e7ca957cac9312282a92950ff571b8a8302073d0f1b2e7d674a863f683b5532 |
| SHA512 | 694aca9efc7817732fae3ed9406637799abc3e1cfb8047d2f2b7326646d9cf277f027a6882a58168b5ed4dfa86f0f40360b291aa4649529f9895d80be0cac84f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 803e8d510b7dcbfb70291ee976a2e05f |
| SHA1 | a323133d2dcca7c987886cb331082c058102fc78 |
| SHA256 | 9d48e337345ad0e6db443936a3597bc6520083cc7683dc3fb8bdac032d7774e0 |
| SHA512 | a846e4c10e0e01bbb635c4400afcfe9b2fbc09bb231a2ca192f90b8e043b6cb6c63ef84197ffb500274594de9f848e41ee4dc44d12ea5e32f95b87679b819564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4e14da6f76594462df1d3b96aa259df9 |
| SHA1 | fe48717d0664b6e1a622af862a7fa0e455cdf86b |
| SHA256 | 004954dab02d8016646c7dc0c8107afa1049906d3b532a8d5f49e489acc8f7d9 |
| SHA512 | 50ec389c3398e785a1dad4c291c1e482f720ca783b1fc014d33e26262f613528397245617c3d9da12ea13a5f2a49df4f9ccee86462b3b0f6dabab8a7ea18eeb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
| MD5 | e88d2097d81bc6d74b9a1b516408a805 |
| SHA1 | f47e07d6ff332cc38f68cf46dc310e8381a24614 |
| SHA256 | a2bc2241174c35f871de7b8a7548e34d52b008b3ef68dbe32d911e13ec91e1ec |
| SHA512 | 231884d86145bfb0610bdfb0ab906fb41d0ae09516a35732444a97457a24756d9863994b8a9920a4f2e8c94bd592d1ed342c9f4b70bac6b00eb27d3761b1e062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b28c6e5d7d068cd21c65c52f7ea948fa |
| SHA1 | b8d9dd6bce5309ed7abb2276fd15fa16e8b622de |
| SHA256 | b8653bbbf95d3356e23d5cb6acd721f0fe0f784e29c0c38163552dfe7dbefa7c |
| SHA512 | 07bafe4c4e1be86a1885ba25e10a68c02f9677ea7e305ddffbfd363615af393d7c5f5be96ecc1c7264604b5c8870f5eba0e7670e419df7d8e9cadead9b1ebc5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b9210dfcbfe409b54c0ef5ac7835fb7 |
| SHA1 | 69256e516ed5e78a35670fd6db2c03ec2d21387e |
| SHA256 | 71c97249ed4a64b80348a1bacf3a55d614cba37d24651c600bac6fb00bc5f0f9 |
| SHA512 | f8da560d8d767e218ded8ca91143890e8dd527b6dcd19a18ec00a2f49ba7e59aaf56761227cfc475d8b2cf0ddd60874e9df19d3f795332ffa38030b242839a7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 95ad70b0720495f26f4b7dc7aa152c13 |
| SHA1 | d325d177460b579980d6b36a4da2defbc709d6ce |
| SHA256 | 7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc |
| SHA512 | ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 210b56e7eefbb48ee0a12ffb9f5fe8a0 |
| SHA1 | 92efaabc11c790a179f64345dff75a38cab5ae28 |
| SHA256 | 33f3275c6284ff488f0b0a9fa2c4608e308fbcbb84365b9e9257b1b3cb3c7e7d |
| SHA512 | a4e3a58096d8499fde2dfd59ea364ef58795b3b5279080d7b57cc826278a972bbdb7b5ff3eda6138610f272ef8478fdb0b80d968a7c00e7b05823cdaf2bcf816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9e318b3693d7cf8af08549344f3116dd |
| SHA1 | 12ccc00d41739e4e4f6c594ac0f84f1e2bcdc0ad |
| SHA256 | 874556055edf98d815467cb14240a81d32029d2e75f12a0c4fae8bb1df5cf1f2 |
| SHA512 | 333aa63b039cb3b0f44f5e701ff2adc6e066271305fb41db2e8bda1fe8e6fa18cbdae2bc28305098a601860825ed1a9c7e5836249dd9be350463506f3025a324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 177199987bc6cf3af9f90349b874d499 |
| SHA1 | 49eb82d905d20c70f80dce1abe6e3d85618f953a |
| SHA256 | fab204580fd8bec2db0ce19feef9c628ed380740ba3f3e6ce2173115402d80c1 |
| SHA512 | 3b3e03319e2ccd5b3a6a9e01f34271896fdd298e81195df42467253bee56673efe5ec85a9a42588d8c26ed17d90bfcddf8b7d8b65b5ebceef1a126f01e859ae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8e85c08ac2f6d879d48eff724e519592 |
| SHA1 | c06131eee4e7b169a61b9f5333153632d8100903 |
| SHA256 | da31410cd5fa8ff91dcf3e176fd5411e4595fcc244244b2124960af8ad25811b |
| SHA512 | 20bf8317c9f53282654699a8b06da7f500321fcd18952b3a89472959d039a187fd469a03a8051895853e94b3811b93dd3a33b384852274b1ad0bc1a7185236a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 389e005aca9f05529188efeb69ae0b6a |
| SHA1 | 2edcb7cba5c48542e70dfacad7848f39af8d253d |
| SHA256 | 417dfc5de19d6e61d2dc774b22487e8d2123679d1564742bc5f5775fc8acfd02 |
| SHA512 | 3e3ae5342c7627f37da94e66c4939375ffcaaaeba825c5f958a03c62ee8ad46577eb770d62579ac553ca9078fcc908bb749765bf7b48a3136c6e046207575f10 |