Analysis Overview
Threat Level: Likely malicious
The file https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Modifies system certificate store
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 18:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 18:31
Reported
2025-07-04 18:34
Platform
win10ltsc2021-20250610-en
Max time kernel
219s
Max time network
214s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| File opened (read-only) | \??\E: | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OperaGXSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961274819946996" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3947991112-772902407-1479079202-1000\{AAB6BC91-FB49-4620-A9D4-64F2FA18F604} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x368,0x7ffe54b9f208,0x7ffe54b9f214,0x7ffe54b9f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2032,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4276,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4196,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5356,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4640,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3448,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6772,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6240,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7868,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=744,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8036,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8044,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4376,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8148 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --server-tracking-blob=ZWZkZGU2Y2RhNWZiYjZhMmVmNjU0YjA1ZWQyNTYyNjZhNjRhMjZkNGIyYTNkYzA1MGRlMGE1MGRmZjYwOWJhMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInRpbWVzdGFtcCI6IjE3NTE2NTM4ODIuMTMxNSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMzLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0ZSX0hWUl85ODUzX1dFQl81MTkiLCJpZCI6ImY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiNjhhZjExMDMtN2VmNi00YjA3LWIzNjEtMTZjNjE0N2NlNzUwIn0=
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ffe50dcb388,0x7ffe50dcb394,0x7ffe50dcb3a0
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5240 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250704183406" --session-guid=01ee60bd-293e-4843-8959-5e0df4974237 --server-tracking-blob=MzllYzQ0YjVmMjYxMjU3Y2U5MDc2ZjU3MTNiNmFmMDZhNWEwMmUwMDBhOWUzOTc1OTVmMjg5OTI4NmFjMGE1OTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc1MTY1Mzg4Mi4xMzE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMzMuMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fRlJfSFZSXzk4NTNfV0VCXzUxOSIsImlkIjoiZjgwZjgwZWU1ZjRkNDU4YWE5OWUxOGRlNjRiNzY5ZGEiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI2OGFmMTEwMy03ZWY2LTRiMDctYjM2MS0xNmM2MTQ3Y2U3NTAifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=D008000000000000
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x2a4,0x2a8,0x2ac,0x278,0x2b0,0x7ffe4fceb388,0x7ffe4fceb394,0x7ffe4fceb3a0
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x2f4f48,0x2f4f58,0x2f4f64
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| DE | 3.69.68.200:443 | www.opera.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| DE | 3.69.68.200:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| DE | 3.69.68.200:443 | www.opera.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 2.20.12.74:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.78:443 | www.googleoptimize.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| DE | 3.69.68.200:443 | www.opera.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| DE | 3.69.68.200:443 | www.opera.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.104.208:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| GB | 142.250.129.155:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.129.155:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 11199305.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| GB | 172.217.16.226:443 | td.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | td.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | td.doubleclick.net | tcp |
| GB | 142.250.200.6:443 | 11199305.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.6:443 | 11199305.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 192.178.223.104:443 | www.google.com | udp |
| GB | 142.251.30.157:443 | googleads.g.doubleclick.net | udp |
| GB | 142.251.30.94:443 | www.google.co.uk | udp |
| US | 192.178.223.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.6:443 | 11199305.fls.doubleclick.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.251.30.156:443 | googleads.g.doubleclick.net | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.251.30.94:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 82.145.216.47:443 | autoupdate.opera.com | tcp |
| NL | 82.145.216.47:443 | autoupdate.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| NL | 185.26.182.106:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbf5e7a78ebadaa63c94c01646f506d0 |
| SHA1 | 55e94d7c8658a02fd4795958f4a61fc88a21b253 |
| SHA256 | a661a0029f3004f352361e056a93b367fef88d947177dce909097680aaf418a1 |
| SHA512 | cc8234e4f110b4303b1208f8e339b65dec25e9a114dbd366bbb9173d3cfd59c659c32d0186785b82102dad7d8f04729100cdd3125c5221c37a35f1f1c22ba65e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abc6da64b12bbacdf6f435996e5601a2 |
| SHA1 | aa8df20ba63fff12f65e0c14472603880f5317e9 |
| SHA256 | 6d63b8c820d5c9a303de068dac3769ec916dbbfe8b959bf5fffa8d4d4b07a701 |
| SHA512 | cc06943988d3b2b13cd0342f940a18fa0598988b5769bd2bf0132d6733c96a470385df112602fc9b03a86b0cfc238a624016283194a688e72b36cbec6db919af |
\??\pipe\crashpad_1144_OKPRKRVIDRIPLRSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 033955023524ebb1b3b4090265ac01f2 |
| SHA1 | 1f1c4f3c0299fb802ef7dbe53913f518edbec53e |
| SHA256 | 5a6200eec310aea7d91ad94ecf296082d9f691815c5cdce2f0518f6d8c394021 |
| SHA512 | 3002efb56fa0332aebfdbd226ebcee2591c891196860aa325416c1835fa91378d8ebd7c391c1606b9ce230289c7039df57675b019a8ce01d6929d5ecb887da28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fcf9727aec0ce7fddb01548ba240c0d1 |
| SHA1 | e38b97b14aebc563cf0478ff505700aa02c0a165 |
| SHA256 | c893e53590a42abb839aba47c36ba866d98f4b37ea9fa591a2fecfb896bda1f4 |
| SHA512 | fc9b869640aa7c5e452af55e6a387653a351d88b9271b2301def6a0b62e3ce9f5f08a615499f96ae7b9ffe791a10427eaad4b717fdda34f85c8823abfcdb5f35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce0b5664-2034-47e2-bacf-15e71ce5933e.tmp
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 845749761ce8b166abefc92a9eaf144c |
| SHA1 | 90a8058e04b23cdc3aa097f13306969c3196a5d8 |
| SHA256 | a8af361cd67f08726f0090a045ef6dfdaa40fcd5d76355199fdcfdaf01e586c7 |
| SHA512 | 4ee75619ef08a79227bd8aa124990e439b860fdce6dd67cd144f1d1d5669f82e66eec2eb9f604d5525df1621f0b9c184d66e8e71cb0ca9fd7b4620b93669f69c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 5838f7ad6bf1f8e9da9fb0056530bd2f |
| SHA1 | 54c1bd4c4994c25fcb7426920132ff90b5d6043c |
| SHA256 | b8c27b2f0b69ca43de7f40b3feb751071d787cd84fedc9da9094318ebb6e1ff6 |
| SHA512 | 54e048f3491b3811944b05ada6534c19f821334803d8976906df2bef175b2e112f833ff58b5160b48f02066a4aa7c43da1bcdd574748bbbffed828e0391ba0dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\b3a554cf-6164-4f74-846a-ce4ad5cd6b7d.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0f84e40cdaf77baf502f382b580e2f9 |
| SHA1 | 4609705be39b32d447aa6dc4bb0b11874c15ba12 |
| SHA256 | 66222ba0cd2ea2c93f72201b42609109d17edaa126814606e4e5827dfa9d8f2d |
| SHA512 | 6e70f19e49c1e1cf991b0a3f4a40b7b321b9cdc6377482965faa1a19559d63258769e402792bf0c6742fadf8eca96fb152523e12cc2af0498af12220ce15f78d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 21fddb328c83f7dedc7ac5c2de3f806b |
| SHA1 | 2709527c199f63b5a490c949a468cdf0c8f4d60e |
| SHA256 | 77413af89a21d36234b1248e28a6e09a98269b188d8ec7477530bc03efe4e308 |
| SHA512 | c8e5662c8411c0fbc595a3951cb2a2139714674de2285bc5c141091ec28458f995a520b0836f1100c03ec09e12ee379d50c0f6476486f2c8ab281b5d97dc2d1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24fe5be28af886f6d2f514a53fa390b5 |
| SHA1 | 4038a594f5f0ad93b98f4450c143b320cb9710a3 |
| SHA256 | 762fd48c5eaa522d519f9355aa5a2d9204884e656487da5d310b9340a2208c8d |
| SHA512 | 1c5ccfc388bc589747034ea57454b7378ea0ca842bbafa14f7d69cae77d4387cc15bccc33226dcc33d0a3e56ff2c9386447e489e9ce3af5105acc24e655aa698 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist
| MD5 | 2ca8d39c3bc99de17bed5a0fe47679b6 |
| SHA1 | a9d29377d4d7f316746f898e3cae2c6fd2d1bdc2 |
| SHA256 | 1553a198ae11d60e77f8fff26d5ea7cdc1c266d81b11186fd06e0ed4e975ec90 |
| SHA512 | 490d655f3c1f39cc318e83b5a296a043fdbe8718a364b84cb7a8ed9bdccf2f49023e378f1b02ea50f4cd8e5ed7efc50222b5a8393f9842a592ab0de4e69599aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a82f96d04a23ac5c0105642e37727ee |
| SHA1 | bcc246abd7c0d142223e6dd16b339395422772b4 |
| SHA256 | 0eadf008b5817cd56c9d74d276e7b54c2d4a74e6885aa8a2dbb08afeb7e73a2e |
| SHA512 | 8fe5fc1c5a4c92062e25179af34aa713f04e8524fe487108c910a784eea42703972255e7231f357b58f44f0ebbc5cdd0a7b0a8a045402f191e0acc3647e19311 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 509e1842852c54bbe88f3e85fcb62d3a |
| SHA1 | fc548f502f57985a61c7486a05951664b7733f60 |
| SHA256 | c9f9c888109c68eb0837eb01d8330a5c3b726b58b19c6bcd2d2de9b083d7457f |
| SHA512 | 39b88182338b030ff48070e3fce46bd9f71eb551229144d6c8addc2d0111c840f2b4e7c4f96c25fa51845fa5ccb1155c86016a23a0e956bb7237661320713e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 92136d662357d3eec791fd6bb126633f |
| SHA1 | 08ee5df5bd3301a23d9b602fe590f6e6cd34296a |
| SHA256 | 22d9a5f8d97d54f94f2164595de97fc3936b6c8594f4585984763c2d6d8a9454 |
| SHA512 | 915737b715b8833d83af080f0d820648c51900890990a71076ade3fc74874b43668ed864db12665a0699318a2ef5d81669af0c6ea5a6f333b573acc5be3e58db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b5a4.TMP
| MD5 | bba0682be2dc477c243ba22f2244069c |
| SHA1 | 2af8f51f0df24fbe90624c46aedc559574a36758 |
| SHA256 | 7ebf3fb538b09987e9a96a60842506b78306c1928bd3c332038cb67a0440c98f |
| SHA512 | 0032b7dd6172fddb6be6c1ad1f18c317e9d02d8586b44a9a57abf0222b10a7e7fbf5175a0a7f9209770f4f11aec7b236851cfe4dcc5a8cac58bdb55472b862be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1122270fcd57044f90a9c8d281fbd30d |
| SHA1 | e23d8d9268ad3ea23b87998473adc43191972bb2 |
| SHA256 | 5c91fdfab626eb9f56e59d980229e64a208e2e7d1869dccb985c5d03b6930186 |
| SHA512 | 45cf4040bc7df13c9a6ea11c4dd7dc1fb835216579f339b569c049a291d04aecf92d1a681d947fbdae9aa60af5eb752a5c376743a658b88bf5417a3de8c9ffb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c803.TMP
| MD5 | db7b40732ce3c83aa31b6e3cad197251 |
| SHA1 | 2ade2ef21e42a16b5e75e32e9bdedb4a32153aaf |
| SHA256 | adaa1c26c5050e6df777b1cde57b18553d398425f5ae611f08855223114c9bfe |
| SHA512 | 05b9690715ce7e98db1e7e20dd652aa47f0f5fde066484e117d5bde094e249d6de7350cac309974aa565a498c1c04b2e734161f8060828800ac0feebbbab5955 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1144_238367307\CRX_INSTALL\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6c60b0334ef1592f2635cbeb78cae82c |
| SHA1 | 4c3b6f9f341872e305e7858c86eda91d55ba1dff |
| SHA256 | 95831214ee2ccc4fa70efbe31fd9c105f9b2bba57779ec2da3318c6e5bf4c303 |
| SHA512 | f383a64cf9eaa32d792544cbf2f609bccaf8b61e27fd4407a863574e2b322bf284a592e3fe97c418d90ddb27f7edbb9272ae539dec432dfa52ef2d826fd0b0e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6852ca8c907bc9ccbfae3d317732551a |
| SHA1 | 1635ece55515c9e6f2d771864134fc97e4e4ede0 |
| SHA256 | 4987c2468406c4f0642df131db727982d3740b556924d4f0288eb66c45824047 |
| SHA512 | ebcdf581bf55be6a5dfc617acc463938babc740f03cbe522edd50f371a775339d98bc6c21abb32f3335963ccec1808f84bb3fc875dfd2f18a21a09b89572f59d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f59a6c32ed81682b40daf27fbe4afdd |
| SHA1 | 0180a9009987b4884b51c41cf42cab12707b3636 |
| SHA256 | e3fbfff4690645d881c36630e8b48b59b165f2b40138622e76351d7deb596520 |
| SHA512 | 768dd95b98aa708b38712bafc129e17803dca13304a9cd0dc9a6c7120a665db21eab62844e36764fbc64cf6b47c7655f2ff64bbaba7f7c3e53b01b8357bbe902 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 98a58c8962031fddbfa010017ca8ae64 |
| SHA1 | 9ea5dc0c19c67e430240aeab11e8d734b45cd486 |
| SHA256 | bb51734159f2eca76e257f54f31396bf469fe9bf6704a90597f8c6fd0650bc51 |
| SHA512 | 97e5b2ac35b6044262e58dabe538cfa9fc6e94968a1e51b14f47e0a7ffca702071c1af555fbdd80efdc2714486ff73b626e877867a11f27ea542340a8adf5bd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59c45ec74e35c2f29898548c933f3080 |
| SHA1 | 5576bcab0ba449536e240d76fdd7d51aee929189 |
| SHA256 | 8ce225df6ee70da6d09d3cdb81a362fcbe5db50b1294c87e608d5f896510857f |
| SHA512 | c7495c0fb0c776fd573bcf884abbf754ce0c7a365c585dee1e6bf73f8473ec3105896f8c4529b1968d6d8f948c899a14a568791ec14d03be728a6117f73f7fec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1
| MD5 | 2961ade833b91dbbccc9785d58a62e64 |
| SHA1 | ad8e5acf8a89180e28efbd9eb7e2293931345265 |
| SHA256 | 649597a3cf3f183f4f0e39c501be30b685f0d2995b33937e782c18a350fdd363 |
| SHA512 | 97315ee3c4984b2192cd9608aac9a889ee3369b9819a98de484463a390d406ead9317c5649965d8934c1331ea6a1744b3eb36f9150b17467fcc5b912265cb49d |
memory/4336-888-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/4740-899-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/4740-891-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/3672-905-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/3672-902-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/3672-900-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/4596-910-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/4596-911-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/4596-908-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/4596-907-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/4596-906-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/4596-909-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/4740-893-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/4336-896-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/4336-895-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/4740-892-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/3672-904-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/3672-903-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/3672-901-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/4336-889-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/4740-898-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/4740-897-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/4336-894-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/4336-890-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/5664-912-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/5664-917-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/5664-916-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/5664-915-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/5664-914-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/5664-913-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/3780-923-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/3780-928-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/5064-946-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/5064-943-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/5064-944-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/5064-942-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/5064-941-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/2692-940-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/2692-939-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/2692-937-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/2692-936-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/2692-930-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/5064-945-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/2692-938-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/3780-925-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/3780-927-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/3780-926-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/3780-924-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/904-952-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 0be1d7ab6531c54c33b6f2e947e19362 |
| SHA1 | 6f8847bb62d76961a8fc86d602bb9915e75dfadc |
| SHA256 | 8652ef28481c8f02b08f11af0b6652e021fbfeaa40361cfef1dcddf38e0848c2 |
| SHA512 | 4d39c9dfa622b330ce1d7ede0609e3e0dc05b1eb273033e6d333d3828e5fcbb320a3ad3184d32255fa0c59cfdd6e964b07f3ffe538dc247471cadcff9cf515f8 |
memory/904-949-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/904-951-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
memory/904-950-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/904-948-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/904-947-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/1872-970-0x00007FFE63850000-0x00007FFE63861000-memory.dmp
memory/1872-969-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya5868
| MD5 | 9d2da8306f03c18abbe49c3db69b580e |
| SHA1 | 6bac7eac33f175235e89af9710ffb7bec21fbcd5 |
| SHA256 | efe26fab3cbeeb26b55e050f695afc248bf7f12e66f1d4fa05ab0b8fbea9d605 |
| SHA512 | 860507b75332742f1dd4f0ec124fbea7a5c7796726d462ee71db30cc2c8cafaeecc59dc160819b93b1fc994e3a67fc77add5a67cfef003fc1e39813dd28a7642 |
memory/3096-973-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
| MD5 | 2b7556d2b7863d0e28d1437ebe6b2d61 |
| SHA1 | 38ee23dc272a28b6d22bea86f64c267259704590 |
| SHA256 | 84137681655b3ac11a3ea20d43f7abc1347fdb60cbd1fe386b1e5e50b124dc94 |
| SHA512 | c1772a15a5e9738fb17843933cb3cb040b0a5d76e0836d6dca86989063de2db73a0c8e6dd10e2b5c6ab74ea17dac6357aceaf8d279fe486baef3414223f14f54 |
memory/3096-972-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/3096-971-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/1872-967-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp
memory/1872-968-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
memory/1872-965-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp
memory/1872-966-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp
memory/3096-974-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp
C:\Users\Admin\Downloads\OperaGXSetup.exe
| MD5 | 7a3271f838b4dc7a907a7cf0e858841f |
| SHA1 | e4cdefd663806d21de427ea626986fece43eb0d7 |
| SHA256 | 56c4c29e9fca22d3b375534660fb58f61f8e6a046028e4fdcbddec63ba18a405 |
| SHA512 | 9d3937854414e3a084048f082425779274060710e4b57651ac9276a8d9cd1cadc580560ee1eb50912f4f7f4c996757692ea1c35badd44bd9e30805bfa7cdfcf7 |
C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
| MD5 | c8422594c563a030ee1ee2e9db2ffc09 |
| SHA1 | eed83fbe6967ce8a770eef10e46caa725ead3f62 |
| SHA256 | 0a9e3d689bde8ecf85337192425bef699be7cfb736a52148a6fb027162ee319c |
| SHA512 | 0b459ed0f2017e2199c89c0998f1b25bd2177f4b69afee52ab35129b117a8bc9ac760828ba473a469f62b2c524f2fc05ac81395fa82bb81325ec60bb8a6ce889 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2507041834043765240.dll
| MD5 | 818f0a0b987eb15b4046df8d80eabfbc |
| SHA1 | 0ef6702c8b2e20a06cafabade808496e145522d8 |
| SHA256 | 44383f5919d1de84da01ab5a780c6a7381c41636ea8f17496566c85d4b20d9b3 |
| SHA512 | 914345c82ee805aac1ec6229aff65980c739c49ac5ac899e138dfddcad3e58981fdb5ae1ac6016b9a590e2fcfed76f79d976cfca92061aa9af377df0580a804f |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 58baa6642abac54c88b4253105778625 |
| SHA1 | 2591aa4bb72125cda8e2098c1ca3c65b5573e201 |
| SHA256 | abf7a4c2354234e69176d26e1c68905016a47b129313cbf6d625d5c028e2b424 |
| SHA512 | 307d5195c317d637b205b5801188603b8bcae454c51ac705e8ca5265742c58c81d32b776ec3d2e75b22358f6d6cc6d96e1d65bd61e35f4b2ffd78f28eea257fb |