Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Shows suspicious behavior
The file Luna Exploit_42878198.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Enumerates connected drives
Looks up external IP address via web service
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Reads user/profile data of web browsers
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Modifies system certificate store
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Opens file in notepad (likely ransom note)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 16:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 16:30
Reported
2024-11-12 16:33
Platform
win11-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Setup\Scripts\ErrorHandler.cmd | C:\Users\Admin\Downloads\Solara\lua.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Solara\lua.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Solara\lua.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe
"C:\Users\Admin\AppData\Local\Temp\Luna Exploit_42878198.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe --silent --allusers=0 --server-tracking-blob=ZTJjN2MwNzg1ZDM1NDBkOTYwZjRmYjYzMjJhMWYyNmNiYzc2MDY1YmNhMDY2YThkOTY2YTA2NDliNThkMzFhYTp7ImNvdW50cnkiOiJOTCIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX05MX1BCNV8zNTc1JnV0bV9pZD01YjE2YjcwODJjMDk0NTk3YTFiYjcyMjJlMjZkZDVmOCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzE0MjkwNjAuNTc0OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9OTF9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiNWIxNmI3MDgyYzA5NDU5N2ExYmI3MjIyZTI2ZGQ1ZjgiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlYjY1ODQ2My0wOWVhLTQ1ODUtYWRmOC03N2QwY2FiZWYzZWIifQ==
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x338,0x33c,0x340,0x318,0x344,0x71518c5c,0x71518c68,0x71518c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=540 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241112163102" --session-guid=48baac75-04ff-457d-b899-2355cfe8b40f --server-tracking-blob=NmVhNWE0MDJjNjEzYmUyOGM1NmI1YjFlNGJjOTZhNzIwYTMzMzFiYWY3ZmU5MjYyNzAxYzcyMWY1ODFkZTg0Mjp7ImNvdW50cnkiOiJOTCIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX05MX1BCNV8zNTc1JnV0bV9pZD01YjE2YjcwODJjMDk0NTk3YTFiYjcyMjJlMjZkZDVmOCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTQyOTA2MC41NzQ4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX05MX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI1YjE2YjcwODJjMDk0NTk3YTFiYjcyMjJlMjZkZDVmOCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImViNjU4NDYzLTA5ZWEtNDU4NS1hZGY4LTc3ZDBjYWJlZjNlYiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C06000000000000
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x705d8c5c,0x705d8c68,0x705d8c74
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8005a3cb8,0x7ff8005a3cc8,0x7ff8005a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe" --version
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x8c4f48,0x8c4f58,0x8c4f64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Application.bat" "
C:\Users\Admin\Downloads\Solara\lua.exe
lua.exe cache.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Application.bat" "
C:\Users\Admin\Downloads\Solara\lua.exe
lua.exe cache.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,17181930747494027486,14558320462028501833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Application.bat" "
C:\Users\Admin\Downloads\Solara\lua.exe
lua.exe cache.txt
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Solara\Application.bat"
C:\Users\Admin\Downloads\Solara\lua.exe
lua.exe cache.txt
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc daily /st 11:13 /f /tn WindowsErrorRecovery_ODA3 /tr ""C:\Users\Admin\AppData\Local\ODA3\ODA3.exe" "C:\Users\Admin\AppData\Local\ODA3\cache.txt""
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc daily /st 11:13 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Application.bat" "
C:\Users\Admin\Downloads\Solara\lua.exe
lua.exe cache.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| DE | 18.155.153.49:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 71.180.230.54.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | 17.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:49910 | tcp | |
| N/A | 127.0.0.1:49913 | tcp | |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.22.249.200:443 | download3.operacdn.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| US | 104.21.95.19:443 | getsolara.app | tcp |
| US | 104.21.95.19:443 | getsolara.app | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 2.23.205.233:443 | www.microsoft.com | tcp |
| RU | 89.169.13.169:80 | 89.169.13.169 | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
Files
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | db7e7acc37891f8c85aa6a4686747a75 |
| SHA1 | 62c03e4c52e44e319767f08b2806194daa85bcab |
| SHA256 | 44d75cf7b71338fb2866e87454c3db39a088fd17b48080a397402eedb779c1c1 |
| SHA512 | ec738e2704537fa3cbd0cda12338b5606b945c0ad8f9a4231624f2287eba90020c5e3c6431fe3b388a989020e68b8dd4f40c058c541be145f0ada02c91407f40 |
C:\Users\Admin\AppData\Local\Temp\7zSC93144E7\setup.exe
| MD5 | dcc0d15e77a7872758e65deb0bfc6745 |
| SHA1 | 1efb89e143bf5edd34d46ae8370ecc13d4c3339f |
| SHA256 | 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64 |
| SHA512 | 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_241112163101246540.dll
| MD5 | 1b07ce60bc1c77f0cadf13c2e62b1383 |
| SHA1 | ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d |
| SHA256 | e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f |
| SHA512 | 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 4006712b9d168b75d177aa15c45bd221 |
| SHA1 | 7482e6ac9fe9c24370aa3261bcf4abd55d191bc7 |
| SHA256 | 717841a5a367ae2c4e550054414da0cc8f1f087c7bfd5cd76c6191150e1d9310 |
| SHA512 | c87044db02f9db57f7ec75ba56e4d05a150f6c9592add6d29728296a8e8dec9e77bcede0f686cb398f1b8da1ad999774d6c020f9012ec48fa2df664be1987f84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 4021ab035fb7f8a95c0b897c032583d0 |
| SHA1 | e2cac16922455250f721a33078359a5cd100ef6b |
| SHA256 | d273f6c6479d8a2e44aacc0183e51b946752c0d9a8ec5511c720f6c0b19c3f94 |
| SHA512 | ff5fc7f55369ea93e585a70204e4c896a613f268c562a099b62b76ee7757ceaeccc4b50da4bb0b00b7c6f84cfd861a97f9524a1ffb1041606885b272baf51665 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | efe6825760cd7936cdc6386c5d2c2d87 |
| SHA1 | 2e63e0d7bc372a942ac1ad59eeba0611fd3d9f7e |
| SHA256 | 6094cd767609ae4ba7718ef898f258c72b20010bec1ddff426bcce8a1b32c97a |
| SHA512 | 23febb78de969d6b1e4e896df507a6b8f6b914e1fa52b7fcad7dc66db8a16b521cd351d6f79bf22f1438f6869cc164dc3db0d706323a1c419bf205fbbd40bd0a |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | bf6eed6cdc17a0130189a33a55ef5209 |
| SHA1 | e337f5a0931f69c464f162385f1330b4d27b372f |
| SHA256 | ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168 |
| SHA512 | 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | 68b329da9893e34099c7d8ad5cb9c940 |
| SHA1 | adc83b19e793491b1c6ea0fd8b46cd9f32e592fc |
| SHA256 | 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b |
| SHA512 | be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d91478312beae099b8ed57e547611ba2 |
| SHA1 | 4b927559aedbde267a6193e3e480fb18e75c43d7 |
| SHA256 | df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043 |
| SHA512 | 4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96 |
\??\pipe\LOCAL\crashpad_3728_TNPLMSWJVJSWFSUJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7145ec3fa29a4f2df900d1418974538 |
| SHA1 | 1368d579635ba1a53d7af0ed89bf0b001f149f9d |
| SHA256 | efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59 |
| SHA512 | 5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7353d95265545fed9e47d556433d47eb |
| SHA1 | 8b7cf47f322ba93cafe35e69bf5768f7724a7f1e |
| SHA256 | b4ac539137721cb308bf3cc6dbad5345f69e335dbde5321610eace9c1552f792 |
| SHA512 | a99ffb7244edb9bbc169b0ab9764e373139af1ee8fdc98cbb3df66a090fa3b905eb4c75622a2840783a94159e6845e7a0e08aad27679d2a2a31ad371e1d9cad7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8e2b94a338f9397c65e9a742a0fa477 |
| SHA1 | f541dd3c6005035c55824fd09c3bb027a77c17e7 |
| SHA256 | 9a168aee96ceec5a059c2c96aea6e8fc3c6c6dbad0c0911401c07ee2730d67f5 |
| SHA512 | ccddd2cbffbf7e526aeb6a55b09daddb9081fc75055f200059ab966612baaf573744683e0dfbab59911b12296ee38da1413533d4422c197538797dd7b39aaa4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6309b57ab87cdad23693d8197ee7c149 |
| SHA1 | c05d285a3e408ec0b44a851c52ad5fb62b3e1418 |
| SHA256 | 5258f91a697bdf2f512fd47cb2690aea12024d245583e856886d0c1a7519432b |
| SHA512 | 6427bc7778a52fbea166e4a9096c60a1853024af77294a709bfa5efbcc9f2c6b074173abcb266b0b114ff573ecf73f864c7019b972873931a3a0e97d3a308415 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121631021\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | cbd0ea565393fed844bb50eb4333a351 |
| SHA1 | 655ef8cab888a40e56772c088b7918197d094e1e |
| SHA256 | 28cecc8bf892bf34a4158e9455fd614d02d4c670945a5bb26c6c7149294fb5fb |
| SHA512 | 2ca592d7f649eb4ab151466f351dc61ad4414a4774ae72b248565f5d830b489430a0be96137b421f81b1c226415e5723e553214c0997a010cf93b09a327347d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c974ecae028cf9ce2502bf9083fc362 |
| SHA1 | 27df1a2cd916e86d64ebad120ea2040258b6ce5b |
| SHA256 | 762a3a9c7a9d4a732bcacbfe1669fa8c9a7861fb42b4d5d09439efbac90ce419 |
| SHA512 | 58a961b97cbf5abc24935e8501fe0e3ed5a8b40195ee4f5d25d870dc236b7d7df49f2a1ef6cc14db84dd136a64784a6bbe382319c7e2a03289de92dd5e6cd98e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | d3b5587eef9a555e6dbf0b6def0d1d83 |
| SHA1 | cb6586d9f5945cc4b834c3ecc6c6fe8b8a1ce4c1 |
| SHA256 | 1168f56d9432f44ab7bbc870e2f9f94ac7bfb545bdac2a7de99779c84b0c08af |
| SHA512 | bf11a93a9f1e4342003f0eba6a46a7646b50a5927f5f0b7e8f359100cfc5566d7125f27d20afd496cb8ef09be49e281bbb7a234638761bc03c3dd660f3134e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 843abbd0e643bf8bd6009550daae5648 |
| SHA1 | fb6e5cb83c1be8de913e1da7668fd15ada29d8f7 |
| SHA256 | 0ddcd2caeee9428a8139199ab2bfbff84eec2d2d8a6f8c44c3faed84b68f45d3 |
| SHA512 | fe23a0e8657a30b475df884e92afa8fef6c167dbde6c881fae96e2593da00c9b0a56beb017afb0e330f9d415dcaf38c0568ef146f0f41c180f1297ba8e8cd97d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d925.TMP
| MD5 | 0dedb27b8bbf8c889bb698b7df1f2c1e |
| SHA1 | 44c1e0d0fe266339c8da5e91579c73c1952cd9be |
| SHA256 | 3b965cd768c861a9998832d3208803688a0b2bfcef7cdcde9dea9038b84e72d3 |
| SHA512 | 38e29756cf1e303ec61f5a947abea8d4555db374484870e04d3f287b95ed3ddf53246ff8005e96ebb1ee49815cdda59866e00267fa80918f7037f053bcba5154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b4acf0eb3228f91ff79101e2ec94abc |
| SHA1 | 4b383d681770f8a849a8c5024b2489f7c2f8f32e |
| SHA256 | 1d6a74563f5656596e5b08c32e9f8046b1e32f7a3583d7ae9c107d2cf9e7e8ef |
| SHA512 | bc27f788bff86d347b07430b4d408c81171f0ffd60d6d41b128e1f02162032fb5025be309a2c8d0186bd5c887df4052437ca9412a41f448358d9f9eb62959780 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 38cc4e47fb5baf3e0ec81caad919a214 |
| SHA1 | 7863f89ddd6b6ac6fea6a55c24687977e1b2be2a |
| SHA256 | 51a97d22354c673f11d5d63590b5ebee2af474f5363f0c756fe9a59caf1d9244 |
| SHA512 | 9aa3370fd9aaa54d2f15047a1505d5aa765a310971174fcfe0fd6d69750d32fa7c902d35d4147656eec1f68569ca780db32906690d89061200102e762bc478e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 786a2a29cc128960a3be691b9ff76c98 |
| SHA1 | 5ce2fe1387cabf1c001401b8f7596259cd9299cc |
| SHA256 | 16e9283a10f631bdc1cb1a5acfc348691520bbf3a03a6098c088f5aa0874c84c |
| SHA512 | e2ebe6737eaef3805c31b0a638c64855c6aaafe1506a616c43697103365bc975ae3d3d5cdc8e1b4ee4de1f4252aaf8074225698656a3c22839bfc2d44adb57de |
C:\Users\Admin\Downloads\Solara.zip
| MD5 | 2eb41b95f55cedda9d33f429c4b4d293 |
| SHA1 | 7faeb44c4c501a7cb801b0939058af4a4539705a |
| SHA256 | 85852663982c4048086d26e264b9ffc9fc73abea026cfb4c1be5721747f5e259 |
| SHA512 | 309b4d741086783ea4c2bf33e1586589faef97b584a674bda748acee347f604736ec078a9ec674ff6956516fb9ad18fa64bb8810aef450a22ac2aa79962c7ea7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c22087253081d9beda84ca67c3150568 |
| SHA1 | f9b39c750bf88b6bafbd3cc71d4fe12b155fd2c4 |
| SHA256 | 13a4fcd165a316426abcc31ead6413379fd11f40af80faeb45d74cf4adde0b2f |
| SHA512 | 7980fb4d888eedc1c620bf564f7583ad9a1d0f35b25d5309b31080fdc6f5948850a4405744c4d8c61a2fb1745101990b98d29f622c4db9c4982d37e86270b92f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c593d424e16e1a40a0a8a74abe859bc6 |
| SHA1 | a6ee8ef4649328601781e365d311d0dfc07fdf3c |
| SHA256 | ab4359319c838bc1e8d7ef8661cb1b41cdcef45bd6df7b77d3c4d1670ac66244 |
| SHA512 | 124af47d207601816e83cd5d0bba9deb21a1274ef1d4feefd88ff8c24330cd5e59cee0bd3f5f0b7b821a90a8e2b751d4bc0ab02e431fb481acc9d1e0cccc31cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c96736fa88606f2f30882c551cb68fc |
| SHA1 | c435cf16880991aaec76bf95f6d3bb96098d60f3 |
| SHA256 | 397ce1dc2cbebc68180963f3f5f339cc65f523ef44f8f13258fdbadf7b374548 |
| SHA512 | 8d64ab6cc263cadcefb9293a559b2a2327621c3e2af5f781c0b01c6c8baaa5813a1f2d01363881d87b01325c6c6c2cb2ecc6ef85f2aca269b90d68f5bf58cd67 |
memory/4664-536-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-590-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-578-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-577-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-560-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-555-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-537-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-599-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-598-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-597-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-596-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-595-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-594-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-593-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-592-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-591-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-589-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-588-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-587-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-586-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-585-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-584-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-583-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-582-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-581-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-580-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-579-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-576-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-575-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-574-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-573-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-572-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-571-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-570-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-569-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-568-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-567-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-566-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-565-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-564-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-563-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-562-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-561-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-559-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-558-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-557-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-556-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-554-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-553-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-552-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-551-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-550-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-549-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-548-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-547-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-546-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-545-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-544-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-543-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-542-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-541-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-540-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-539-0x000000007F860000-0x000000007F870000-memory.dmp
memory/4664-538-0x000000007F860000-0x000000007F870000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e5d6358584c6cfbcc73015c99671b3a1 |
| SHA1 | 25798a42946acf2c328a6fd9352d11c19a4c562e |
| SHA256 | c7d183a43d6f80a7ec24686235c2b383ec9d119fd74b1d18f9260f4ba507a207 |
| SHA512 | 73435dcffd99cfbd6d1bfaf5b778fa2c58db6b88c58ec7d95f2d8162363e4bfd5fc5f84c9077bbfceb2942695c80257c705e50080ce428a53b099ee540d30341 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ED10DTS\json[1].json
| MD5 | 02b3ab672ff8414f937ff51e0f04dc33 |
| SHA1 | 389c25910c6a0c34759f518c72b8ea0326bc035e |
| SHA256 | f8116b98ab53ce8ec6048d864dd53a77399e5d812edc7ac18770bff5742342c7 |
| SHA512 | f8d95459d788e6af7b10c22240b643c3f811bbfffc4ded24cbb4062d3537d3300cd57b5f541ece93428374c4febec00f66b784de23aa39770dfd2f79980afb2f |