5133bef4419e439869c0721413ff3aec73eeab9f22d6ff3f8f4517342985d83e

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/02/2023, 01:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.3MB
MD5

5327e44bc162bf17137c162774cf4c72
SHA1

6753e8d69867c1e2c98732078a33492cca54195b
SHA256

5133bef4419e439869c0721413ff3aec73eeab9f22d6ff3f8f4517342985d83e
SHA512

3968f885743633b01a2b8fe2c887f72825c8949de0393359c89a389ccb36c99e8890caa4ef379bae00f358c27a8875e022c8423987ddcaab0afdb62e54a42d69
SSDEEP

98304:D0ajce7mlMqtf9HgogeLb0IwfytUP5uK5N8xuXlYlmsUC:VcxZf9HEl5uauhN

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Control Panel\International\Geo\Nation	opera.exe

Executes dropped EXE 24 IoCs

pid	Process
768	OperaGXSetup.exe
1596	_sfx.exe
1964	assistant_installer.exe
576	assistant_installer.exe
1744	installer.exe
1656	installer.exe
1608	launcher.exe
340	opera_gx_splash.exe
544	opera.exe
764	opera_crashreporter.exe
2116	opera.exe
2276	opera.exe
2492	opera.exe
2528	opera_crashreporter.exe
2708	opera.exe
2908	opera.exe
2920	opera.exe
2308	opera_autoupdate.exe
468	opera_autoupdate.exe
916	launcher.exe
2356	installer.exe
2328	opera_autoupdate.exe
2148	opera_autoupdate.exe
2736	installer.exe

Loads dropped DLL 58 IoCs

pid	Process
1720	OperaGXSetup.exe
1952	OperaGXSetup.exe
1720	OperaGXSetup.exe
768	OperaGXSetup.exe
1348	OperaGXSetup.exe
1132	OperaGXSetup.exe
1720	OperaGXSetup.exe
1720	OperaGXSetup.exe
1720	OperaGXSetup.exe
1720	OperaGXSetup.exe
1964	assistant_installer.exe
1348	OperaGXSetup.exe
1348	OperaGXSetup.exe
1348	OperaGXSetup.exe
1744	installer.exe
1656	installer.exe
1744	installer.exe
1228	Process not Found
1228	Process not Found
1228	Process not Found
1228	Process not Found
1228	Process not Found
1228	Process not Found
1228	Process not Found
1228	Process not Found
1608	launcher.exe
1608	launcher.exe
544	opera.exe
544	opera.exe
544	opera.exe
544	opera.exe
1228	Process not Found
2116	opera.exe
2276	opera.exe
2116	opera.exe
2116	opera.exe
2116	opera.exe
2116	opera.exe
2276	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2708	opera.exe
2908	opera.exe
2920	opera.exe
2708	opera.exe
2908	opera.exe
2708	opera.exe
2708	opera.exe
2708	opera.exe
2920	opera.exe
1228	Process not Found
1228	Process not Found
2492	opera.exe
916	launcher.exe
2356	installer.exe
2328	opera_autoupdate.exe
2736	installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000131aa-60.dat	upx
behavioral1/memory/1720-62-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/files/0x00070000000131aa-64.dat	upx
behavioral1/memory/1952-65-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/768-69-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1348-78-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1132-80-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1348-154-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1132-185-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1720-195-0x0000000000400000-0x00000000009C5000-memory.dmp	upx
behavioral1/memory/1952-197-0x0000000000400000-0x00000000009C5000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\CurrentVersion\Run	opera.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\D:	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	opera.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.gxanimations	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.html\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.shtml\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xht\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications\opera.exe\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.gxanimations\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\URL Protocol	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.opdownload	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.htm\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.pdf\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.htm	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\FriendlyTypeName = "Opera GX Web Document"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\DefaultIcon	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\command	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\Launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.pdf	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xhtml\OpenWithProgIDs	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec\Application\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec\Topic\	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.gxanimations\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.opdownload\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.opdownload\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.htm\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.shtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.shtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xht	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xht\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications\opera.exe\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications\opera.exe	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\shell\open\ddeexec\Topic	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.html	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.html\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.pdf\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications\opera.exe\shell\open	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\Launcher.exe\" \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Opera GXStable\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\Launcher.exe,0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xhtml	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\.xhtml\OpenWithProgIDs\Opera GXStable = "0"	installer.exe

Modifies system certificate store 2 TTPs 21 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	opera.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	opera.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	opera.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	opera.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2492	opera.exe
2492	opera.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE
Token: SeShutdownPrivilege	544	opera.exe
Token: SeShutdownPrivilege	544	opera.exe
Token: 33	340	opera_gx_splash.exe
Token: SeIncBasePriorityPrivilege	340	opera_gx_splash.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe
Token: SeShutdownPrivilege	2492	opera.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe
2492	opera.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1720	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 1952	1720	OperaGXSetup.exe	28
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 768	1720	OperaGXSetup.exe	29
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1720 wrote to memory of 1348	1720	OperaGXSetup.exe	31
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1348 wrote to memory of 1132	1348	OperaGXSetup.exe	32
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1596	1720	OperaGXSetup.exe	34
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1720 wrote to memory of 1964	1720	OperaGXSetup.exe	35
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1964 wrote to memory of 576	1964	assistant_installer.exe	36
PID 1348 wrote to memory of 1744	1348	OperaGXSetup.exe	37
PID 1348 wrote to memory of 1744	1348	OperaGXSetup.exe	37
PID 1348 wrote to memory of 1744	1348	OperaGXSetup.exe	37
PID 1348 wrote to memory of 1744	1348	OperaGXSetup.exe	37
PID 1744 wrote to memory of 1656	1744	installer.exe	38
PID 1744 wrote to memory of 1656	1744	installer.exe	38
PID 1744 wrote to memory of 1656	1744	installer.exe	38
PID 1744 wrote to memory of 1608	1744	installer.exe	40
PID 1744 wrote to memory of 1608	1744	installer.exe	40
PID 1744 wrote to memory of 1608	1744	installer.exe	40
PID 1608 wrote to memory of 340	1608	launcher.exe	41
PID 1608 wrote to memory of 340	1608	launcher.exe	41
PID 1608 wrote to memory of 340	1608	launcher.exe	41
PID 1608 wrote to memory of 544	1608	launcher.exe	43
PID 1608 wrote to memory of 544	1608	launcher.exe	43

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=87.0.4390.56 --initial-client-data=0x198,0x19c,0x1a0,0x16c,0x1a4,0x74c79ee0,0x74c79ef0,0x74c79efc
  2⤵
  - Loads dropped DLL
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:768
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --initial-pid=1720 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20230205022924" --session-guid=56650edc-be5a-46e1-b0cf-5e01f9bb7f6c --server-tracking-blob="NGI5MjRkOGI3NWUzOWEyNzhiYjQ4ODJkYWRmNDFlNjZkMzI4MWRhNGE2MDQ0NWY0MTY1NTc0ODQwMDJkNGExNzp7ImNvdW50cnkiOiJITiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3RyeWFnYWluPXllcyZ1dG1fc291cmNlPWJpbmdfdmlhX29wZXJhX2NvbSZ1dG1fbWVkaXVtPWJhX29zZSZ1dG1fY2FtcGFpZ249V29ybGR3aWRlJTI1MjAtJTI1MjBCcmFuZCUyNTIwLSUyNTIwRU5fdmlhX29wZXJhX2NvbV9odHRwcyZ1dG1fY29udGVudD1CcmFuZGVkJTI1MjAtJTI1MjBFeGFjdCZ1dG1faWQ9bXNjbGtpZF84NGNhZTFiNzA4NDExYmIzMTZjYzgzMTVhMjNmZDAzZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3LmJpbmcuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSYmdXRtX2xhc3RwYWdlPW9wZXJhLmNvbS9neCZkbF90b2tlbj04MDQ3MzA4MSIsInRpbWVzdGFtcCI6IjE2NTQ4Mjc3MDQuNDI5OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC41MDA1LjYzIFNhZmFyaS81MzcuMzYgRWRnLzEwMi4wLjEyNDUuMzkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJXb3JsZHdpZGUlMjAtJTIwQnJhbmQlMjAtJTIwRU5fdmlhX29wZXJhX2NvbV9odHRwcyIsImNvbnRlbnQiOiJCcmFuZGVkJTIwLSUyMEV4YWN0IiwiaWQiOiJtc2Nsa2lkXzg0Y2FlMWI3MDg0MTFiYjMxNmNjODMxNWEyM2ZkMDNmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJiYV9vc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiYmluZ192aWFfb3BlcmFfY29tIiwidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjU0ZjlkMWViLTNjZmYtNDUyZS05NDUyLTZkZjQ2MzljNTAxZSJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=5804000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of WriteProcessMemory
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
    C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=87.0.4390.56 --initial-client-data=0x1a4,0x1a8,0x1ac,0x16c,0x1b0,0x73499ee0,0x73499ef0,0x73499efc
    3⤵
    - Loads dropped DLL
    PID:1132
- - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe" --backend --initial-pid=1720 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241" --session-guid=56650edc-be5a-46e1-b0cf-5e01f9bb7f6c --server-tracking-blob="NGI5MjRkOGI3NWUzOWEyNzhiYjQ4ODJkYWRmNDFlNjZkMzI4MWRhNGE2MDQ0NWY0MTY1NTc0ODQwMDJkNGExNzp7ImNvdW50cnkiOiJITiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3RyeWFnYWluPXllcyZ1dG1fc291cmNlPWJpbmdfdmlhX29wZXJhX2NvbSZ1dG1fbWVkaXVtPWJhX29zZSZ1dG1fY2FtcGFpZ249V29ybGR3aWRlJTI1MjAtJTI1MjBCcmFuZCUyNTIwLSUyNTIwRU5fdmlhX29wZXJhX2NvbV9odHRwcyZ1dG1fY29udGVudD1CcmFuZGVkJTI1MjAtJTI1MjBFeGFjdCZ1dG1faWQ9bXNjbGtpZF84NGNhZTFiNzA4NDExYmIzMTZjYzgzMTVhMjNmZDAzZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3LmJpbmcuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSYmdXRtX2xhc3RwYWdlPW9wZXJhLmNvbS9neCZkbF90b2tlbj04MDQ3MzA4MSIsInRpbWVzdGFtcCI6IjE2NTQ4Mjc3MDQuNDI5OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC41MDA1LjYzIFNhZmFyaS81MzcuMzYgRWRnLzEwMi4wLjEyNDUuMzkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJXb3JsZHdpZGUlMjAtJTIwQnJhbmQlMjAtJTIwRU5fdmlhX29wZXJhX2NvbV9odHRwcyIsImNvbnRlbnQiOiJCcmFuZGVkJTIwLSUyMEV4YWN0IiwiaWQiOiJtc2Nsa2lkXzg0Y2FlMWI3MDg0MTFiYjMxNmNjODMxNWEyM2ZkMDNmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJiYV9vc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiYmluZ192aWFfb3BlcmFfY29tIiwidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjU0ZjlkMWViLTNjZmYtNDUyZS05NDUyLTZkZjQ2MzljNTAxZSJ9 " --desktopshortcut=1 --install-subfolder=94.0.4606.96
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=94.0.4606.96 --initial-client-data=0x184,0x188,0x18c,0x158,0x190,0x7fef654acb8,0x7fef654acc8,0x7fef654acd8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1656
  - - C:\Users\Admin\AppData\Local\Programs\Opera GX\launcher.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1608
    - - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_gx_splash.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_gx_splash.exe" --instance-name=0603c28fa4a788d681a330bade7a1273
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:340
    - - C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0603c28fa4a788d681a330bade7a1273 --splash-handle=556
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Suspicious use of AdjustPrivilegeToken
        
        PID:544
      - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_crashreporter.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=94.0.4606.96 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeed20890,0x7feeed208a0,0x7feeed208b0
        6⤵
        Executes dropped EXE
        
        PID:764
      - C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1412 --field-trial-handle=1192,i,16468616785953641362,1644644318740375250,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1192,i,16468616785953641362,1644644318740375250,131072 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2116
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xcd4f48,0xcd4f58,0xcd4f64
    3⤵
    - Executes dropped EXE
    PID:576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x544
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1312

C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0603c28fa4a788d681a330bade7a1273 --splash-handle=556 --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2492
- C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_crashreporter.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=94.0.4606.96 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeed20890,0x7feeed208a0,0x7feeed208b0
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1164,i,13391881205858349158,17817763402960382604,131072 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2708
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1332 --field-trial-handle=1164,i,13391881205858349158,17817763402960382604,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2908
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1952 --field-trial-handle=1164,i,13391881205858349158,17817763402960382604,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:aliexpress-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:gx-partners=off --with-feature:gx-video-to-phone=on --with-feature:logitech-led-support=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-diagnostic=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1452 --field-trial-handle=1164,i,13391881205858349158,17817763402960382604,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2920
- C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" --pipeid=oauc_pipebbf75761f34e48ef16427d916ed763c8
  2⤵
  - Executes dropped EXE
  PID:2308
- - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=94.0.4606.96 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14021bb58,0x14021bb68,0x14021bb78
    3⤵
    - Executes dropped EXE
    PID:468

C:\Windows\system32\taskeng.exe
taskeng.exe {05821CBC-BBDE-49BE-BCF0-3C70195460CE} S-1-5-21-1214520366-621468234-4062160515-1000:VDWSWJJD\Admin:Interactive:[1]
1⤵
PID:2304
- C:\Users\Admin\AppData\Local\Programs\Opera GX\launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.96 --newautoupdaterlogic
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2356
- - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe" --pipeid=oauc_task_pipec12dca2c6d0f4844aad7502765c89329 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC" --scheduledtask
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2328
  - - C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\opera_autoupdate.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=94.0.4606.96 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14021bb58,0x14021bb68,0x14021bb78
      4⤵
      Executes dropped EXE
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\94.0.4606.96.manifest

Filesize
223B

MD5
eaf6af2c7b921ec44e69da3e608ad336

SHA1
6b5714d8b27485b0b35ae0f2d46eb7fb70baddf3

SHA256
8f56ad074cadf3b2a308225d2137789809917120383d1959da9b73d743c213c9

SHA512
09c075aae4949b8619e5aeb4722bba822c385edc86394e45c8f83abc6237b1fdcfa4d3e644ae988be0b4dfaa2b48c4ba64a3c59907e4a2d46201f3e8acb97c82

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-100.png

Filesize
4KB

MD5
27d0296797021596c56aa64228fde0fa

SHA1
cb927b9c7fe0b0ce5cc17d8daecde72358abac8d

SHA256
6e8044b960dd0f5f4d5129f2ce027bb5ab6debbd2f0883e7b7dfe5b6bfa6be12

SHA512
3bfee08f608b3b1e9aec3f0b2d78bf3e3cef2b987a1fb4c6e91fac5f942f5617b92489b0bcd6cd30f365d50d8ef4f37006b6a053ed89db6b31da0e670261bf42

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-100_contrast-white.png

Filesize
3KB

MD5
e149e0d8c3942ed0dc6dee995c726be3

SHA1
8c238980f650d86841ad9a502ba814097b77c296

SHA256
94584ed758ba2be93f256f1a7acbca11c03f21051169962843247d102bdd1e2c

SHA512
79ec4873570deac526b0ef72f9565251c10fc6e85423f5c4ad471668ca8765b57614c7e923579cc90f5b4f316c8dd8cc4a56e49ad5c24eb25d067290656c95c3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-140.png

Filesize
5KB

MD5
fc67b2ba71661202c9ae461b2b878826

SHA1
6897f410dc478d05545221e12ba12765fffca7b3

SHA256
2f517d7935d188c937e68e1028705f0e86d6097ef9e05fc87ef5c4076323b16f

SHA512
c6d44b765f3f294bf5620a95eac6e1d989ae33edfc56427093e33baa29400fafc9a77a6f41659bfa516dc0490b1cfec24c6f4d6801216092dd4f50957fc908a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-140_contrast-white.png

Filesize
4KB

MD5
3c481525b3021cbe94883b43b846e79c

SHA1
39bef5dc2243ba7c99f866d911f615623d797ef1

SHA256
a2d0c3f7d66c2b077ee9f424abd431e3414f599c06a4bbe815c07e6784caf14e

SHA512
9713b12fad2413856796a67b568e17de6f6483bc2ae38f0be9974fb7637b59bfcff6330dc4b8aab8e3665470e20f7c5a9f9a6af1afe405a9ab4d5f03189b404d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-180.png

Filesize
7KB

MD5
a2f927f272e4ac96237722ca79921b7b

SHA1
1f00d539a894f035fcb39be15d177711cd421fa5

SHA256
f7630ce962159462967bdccb60649839822c024955c4e9f8652a9f178f693174

SHA512
57107d1e7347c0409f28de78c247b141cf9f07fa6b633835a23dfa64c2b78c203ccb0abf911514b1cabf0e4fc32a2cceaed05152eaf261984411dec12f7cceab

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-180_contrast-white.png

Filesize
6KB

MD5
9e544a2dcd2be80a806ebf85d70e4c8b

SHA1
28201b577257b6f51275586a607ca4705e1b435f

SHA256
abc62449d333628ad7f974c38e5eeb342a138027cb74b205ba0dba498f66d723

SHA512
88e4478aa441585d1c6459752f2ef281d55da744075a221db6004901641151648169fa6075cfa1459c962e7790609bdc800148c4b22cc7dffb87c5b419fdb8d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-80.png

Filesize
3KB

MD5
e4d78e33b7f30574676f9da48faf8314

SHA1
7d1d2db818b353b85811ace5ccbc966d47719a3c

SHA256
5eaaa1cfa8820a1c3a78dfb8dd15e440d91484c689b16ea436268fcb8a665cb0

SHA512
b6279c8d7b7e4306c99c120d0c936ddcf522f4acd78122af71aefaae4bae376781ad2693a57f88859b03c5a7a8940311417a4eae16a00cc5b116fc9223c9afd2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\150x150Logo.scale-80_contrast-white.png

Filesize
3KB

MD5
c10b2379a9e76b9b95c6faeef81d288b

SHA1
4a493cc7ee5db58d9bca8c0f17feeb6498ac0092

SHA256
168a86bc75559dd71610f9eb40e1050ecd9a49355bb1035898074dbd0d986192

SHA512
914ddca0ab83e90c2b14db77d6e19feb40b08e128bf9cbcefa3b52399959e77dfa1ac57dbd2b9b4715c26ffee8a79c03652344d190d0a98063c0341fa0ee9439

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-100.png

Filesize
3KB

MD5
0c9f624885c2400bf30bd7976f30d3d6

SHA1
0cb63ee8f43976f647a4710dec0ff4b904c197c3

SHA256
bf1d17fa6fe5145520c6aa34ba808324a92555b24f2e66fccae00726cd6d6ceb

SHA512
847fb49c17072723a17f16a67d0587b92b7e7083b563fcd3733781a8e9114bfd5255020b08d4eae9fdcc0f965b070b19f1428a0f37dec6087557a97c18b361a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-100_contrast-white.png

Filesize
2KB

MD5
90b624163fe016a196d54a46bbb3a241

SHA1
9e31928fda92d0f7835ea966e872d04baf59dbc4

SHA256
1a3acc2bd3d87d70e2666de3566b39c88f5fdb58729c73e4c30d70848f71f038

SHA512
bd74f4b28fb4a0293bc324ab18854dd2c27a046c02cb7ef90337f95ed5e886acc8fd9e9519c92a2b663017d8bde55fdd8b72f8a0edfaa68bfe6c1fe4cb1355fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-140.png

Filesize
3KB

MD5
dbcfe6460fea8bd3d4cc1c01088ae568

SHA1
09e801bd237290b59f0584fe444bcb6a3f62b34e

SHA256
6b809f28b42a29c1ddf896e7386b972ab682437f5babde8cb48b35f8483f7974

SHA512
f6097bc2a1ee00a488bd2667faba0f6e35bc9422d97ad5e4c71bf9b22a430ab40770eb02dda14aa09cc59348c38d9c3de76c10b99dd61f50ea802c2e98be2237

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-140_contrast-white.png

Filesize
3KB

MD5
5929f2d6fa77e0850b30876b5bbaea3c

SHA1
485eec8d62c0625a8bce0165903443cfa30719c6

SHA256
b26f68f4ed096fe6479487a7a6a31f9935be7320ab2e5f3814c93bad6566b1e7

SHA512
3413425b9c130c866c911176de425f437d4199570d1664e8090e12ac95767c887d39abcc0e6faee8a6a82ca3b93111a9c5847088fe2753b0dcb6d72b4c877576

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-180.png

Filesize
4KB

MD5
f4f3b6c1b808e0dc79b0b8537010e426

SHA1
b78cfc67af6277de352ca5796e2db1cb8385d164

SHA256
2a4722a9482ff6994d312d08041b48edb87f3ca37e314ca5fa47ba803e22e3a3

SHA512
359df15e519b86ee4c233e53db5f166b02934fe812eef49a75ec7f36898d67e0dbd6252147274bf5a78dcd4a4cbb4b9f8114dc9259f48e062b8e0d048b618d4d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-180_contrast-white.png

Filesize
4KB

MD5
6eda1f11b04f538fd6dac27b5795dbd4

SHA1
434a7dc05734a7843f95c769585b3fded8acd869

SHA256
ba33bd89b43f410429532f5f06c67fb742bd662e6c50333a0ba79bbc81ffb37e

SHA512
e1db99978c721d1be93c5a4365baa2f9a8e6c81794cc5a9124cac49708db9e63adb05a4bcf14ee46df7d0c1c29e139841a2ed713e3efb4ca2df7916017338f94

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-80.png

Filesize
2KB

MD5
553e1caf79a52319adc2e8836c95c5e0

SHA1
dfc50fb70134ae8aaef45ce942b7c55a4dd067aa

SHA256
a76add2c20c3e1c95833d3dd1f869996546f705076435ceb6dcd369dbaee310f

SHA512
44b62e46e8dde84f25403944180bf5fa10f38c35bc2894d038f8dbc1a9274ba250a8918b295216b530677cc3f49ec5259ec080dadf7f6e05f4e8c9c801f64f40

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\Assets\70x70Logo.scale-80_contrast-white.png

Filesize
2KB

MD5
2b8e7bf3ca166c639d67c09f2ae03114

SHA1
6bc5f3bf76fbdc9aaa76ec76937f10da71cbb0dd

SHA256
f16676decdaa7bd6901012748808b66af95502af6df18cd7f91eb2f5633af770

SHA512
669314c2084ecd1bee7a7ed08ee7749def5c6826d7ab115e817fd62116ead60d2e8f94c9b509a029208730edab64f0dc178775eb1bce0ae5b7c8a99fa3ddab61

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\CUESDK.x64_2017.dll

Filesize
474KB

MD5
42bb2a4a570006f6ec3cac4a30e2bd00

SHA1
bd2a3eb823599b4c750aa9061c93bf6a0963677e

SHA256
d946e591b2b5398fb01c68718fcc1d4e718078dd725e22fe15a7d80ab01645dd

SHA512
af2a5a442d1724414245d7c9d2bea0ca305c122aae18a107b98fb07219bb0bbb1384b3829f3d28c259ecd83c9ea95faeb3610b7c76913a9898cb7bb01f1fadbf

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\assistant_package

Filesize
1.9MB

MD5
ed620796463dfcb655d19c98ee3b1190

SHA1
ff082551e70e15265248ccc92cd656f32fa91dc1

SHA256
e4257e6545663486fb26099a8465baf4391e41af555d9ab79665f9b5f4bd0f11

SHA512
7c73d6d48193b3f2017814556739e2c35d8272de7e0d56fc2be6619b49653494febf5edac3516618075e13d7c1627365516a499faf592385472ac16c090d3d5b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\d3dcompiler_47.dll

Filesize
4.7MB

MD5
5aeb461dab4cb94af4cf5520f940e7af

SHA1
450e7cd62fa77590c1a34ab1c087bb0cefb89973

SHA256
d7e07efe90e7b1a473e3ef80db984ce06087e54a9f459eae757c9d2a0ca42be9

SHA512
2d1f2b44bf83d87e25a81ffec38964c37e535832e89a4673782590add959bd4120910c1e8002103c561f26ba465c05efdd3e8f8464620378cf67a2ffc66fc120

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\files_list

Filesize
3KB

MD5
057a7cdaf47751f4f546201afb76381c

SHA1
1fa112d90b7c6692fbc7f2eb4e8bedbea3f00faa

SHA256
28aa350791d3405d54514f4ee21156d8b75548c4850a534aef1167e8f926c71a

SHA512
e8190ca54c8d9c15fcbc25f8717c61f4ebed8286e1fbcc36c817f003642a948805beaaa1fd78807a3cf8c3e725d8deedb522270af1aa1fad0f34a696d513012f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\headless_lib_data.pak

Filesize
1.3MB

MD5
1f6b97044ef347f3c6aaa1eb989889be

SHA1
9a91b1efab4de5c97db8b8a29b4677dd9e36d4fd

SHA256
9465577f3eb19de01fb781b0f98f9daa6d064bf648e9783447dfc669415740cf

SHA512
b9a473ebbd83bddc1dd2f86267bcd407fc2afb6692aeca6f04eb48795ccded1fc6167e5bd20d0af99f226d88a75621853de0919525db2bf5d94d49503506fd9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\headless_lib_strings.pak

Filesize
2.6MB

MD5
e73ccd74bd3e9797f1f0cd90dc909096

SHA1
fc7a6e3defa41eefeee58b4991ca01250ff1b514

SHA256
2d0f743e5efe5ec3a7869a30ece6ce980eb76d12bbb5080faa064b9bb92b1151

SHA512
8e1e3c24a6574cd8fa642d57d96748c17c27fdad2aa0112b32688f1dd9b7eb543126502f9f79e0d2eea6fe6fc034e7395d23a799695e8794215da60fc73b51fe

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\icudtl.dat

Filesize
10.0MB

MD5
1b811f419a8352dc5713182ddd417542

SHA1
7867f92283e90da3678fa3ebd262092e32ec272d

SHA256
a5aca9ead99d358823bef6609ce1babde167d3f75da6e601c330b87ef870503d

SHA512
f743a7cdc29cb7cf81bb1246221a66f21d5e0eacac29f0deb46338f894af868e034c29ebff59f2de59d7dac96c58ede759300cd3d86718178a9d1101cdd71b4b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe

Filesize
6.6MB

MD5
9ef04f623d8bc803a1d2f9c60f5d2d22

SHA1
79441fed98947f8f70b71b12b5b7d53ba278832d

SHA256
cc419117bb9d30fb6cedb9673d4f6b1b4681955ac9b8b3e6e3240f785a359b88

SHA512
b329049972853c674b7a879c77985a2c49f3d8431a49f1c4d8e0c360fa6ab00cddc3931d827edc34ba2ec9aabc815cc4d42458a0268d12ef8a38fddcc0559b70

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe

Filesize
6.6MB

MD5
9ef04f623d8bc803a1d2f9c60f5d2d22

SHA1
79441fed98947f8f70b71b12b5b7d53ba278832d

SHA256
cc419117bb9d30fb6cedb9673d4f6b1b4681955ac9b8b3e6e3240f785a359b88

SHA512
b329049972853c674b7a879c77985a2c49f3d8431a49f1c4d8e0c360fa6ab00cddc3931d827edc34ba2ec9aabc815cc4d42458a0268d12ef8a38fddcc0559b70

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe

Filesize
6.6MB

MD5
9ef04f623d8bc803a1d2f9c60f5d2d22

SHA1
79441fed98947f8f70b71b12b5b7d53ba278832d

SHA256
cc419117bb9d30fb6cedb9673d4f6b1b4681955ac9b8b3e6e3240f785a359b88

SHA512
b329049972853c674b7a879c77985a2c49f3d8431a49f1c4d8e0c360fa6ab00cddc3931d827edc34ba2ec9aabc815cc4d42458a0268d12ef8a38fddcc0559b70

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer_helper_64.exe

Filesize
1.1MB

MD5
0faef902b898dbe6c7475d46cadbc7a5

SHA1
d45460b540ecf2169a98a14d8e4ea09b7313b4db

SHA256
73f0a815990fe18183b74674cd99e0fc0f0714ba35656568c482ced60df5ec59

SHA512
74dbb51459dbe40c86810014c1c4c335ba241619bcdd46167ec785ffc1351a07ca4dec2564a37f62015e6d258f9b53471cda533a28ee2ced30de7ba835c1fa18

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\launcher.exe

Filesize
2.4MB

MD5
7fcf904fb5ffb2ac3ef6c8be949808e6

SHA1
7daf09743c144a1c7219f5268147183bb794363f

SHA256
663ec45b1f52977dbddea446d344f9b469b05fcc4194a7ce5f7b01b7aca4579d

SHA512
5f40e3d18c22618d91bd46b17d18c3176f8f39a390d7a990c482ff5eacc751f34cd4c8fb1ccc211850d6141c1eabc0131d2d2a51532166070ab46b954f8e789e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\launcher.visualelementsmanifest.xml

Filesize
317B

MD5
e8d8eaa4c2826c083ab9243b5cbd7bf8

SHA1
534361ae03417dfd14ebd6f961b707c75a2af41a

SHA256
b3213b07f691c812425115428b9d6e0637d488159e0a1c160c8fa8f04ded11f6

SHA512
8eccd5ef54a73e915a39cdef9768837dd16e49ae27a3ae6428fb346c9c838fd9dbedc3f40a9094754c770ca2236a0d2dfde37d22289218d862af5e8bc15e85e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\libEGL.dll

Filesize
473KB

MD5
0856463ee169006fef73aac4822dbdec

SHA1
a37bac20d79b40b178f98c4329e220dcf2ec20fb

SHA256
a124418ca54b7ccb5e6987cb4ef3ba10d2e474b32c781ace2705b099a90592cf

SHA512
2a4114616b160c7643a96ef373be12a316a5b4f91a83b4ff756549612efe36daa8e3037fe1b93dca78a2a2b4cae96390466f1f8500dd1d4123962ad3295e4cad

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\libGLESv2.dll

Filesize
7.2MB

MD5
82fb955e84668ac326ce6ac6313bd01b

SHA1
4d8578a1f50bd000ce38c1eb4ede0e04007180bc

SHA256
08a51c2563d2acfffcb44baf2216ced4e2dd3b9f27888c4036ed2a1a85f98ea5

SHA512
05ac742ee7c01895ca85ef3f6da1845655222616bf0d4125a67d32fc599680abbea0e38c2edfbb51aecf6c8dea9316f13fdec1edfc6aef2dd638a6556617d40f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\localization\bg.pak

Filesize
624KB

MD5
5325d1f4223f0246a8e1e383c8c11c10

SHA1
4af9a11057f5e077a2c7303f86b94f6ceea1890e

SHA256
e035748ae678b910fc8161f2e7f6119053ab484b924473bcc6f19488e105b69a

SHA512
c8300b6c095d33053f729636d2703c016f3a6f924934da8e03871bdf5174ea23c0867f2ad1f24485a2ca661b34ff0dbbd2c638ec79cdfdbf9e7c63d2c55ad757

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\localization\bn.pak

Filesize
801KB

MD5
ffa9a722b843276e38597bc0bcd4c2b9

SHA1
ebaa5d305e700eae751da81db38dbfc15ce5db9b

SHA256
4e8d12f63dacc654f94f51f8cb7b4904a2fc18808e8664fa9bc6131c09aa7fb1

SHA512
684553bf17525d0b1bc1c1fdcf8baa3ba25fa497f5318df0a7f0fa8ea65d99f557292f081fbf6c40e3b22e6b259bcc08f72c669e9f30b580c2c798432800690b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\localization\ca.pak

Filesize
396KB

MD5
00330ec3982a9b3b0bd3f82214ad92be

SHA1
d193f6de011f3e15c573ad5466f33a1f5813bcfc

SHA256
f6b7d34e963098f4289debdf462198dc86ec3f4aeff873469f878eba85e2b708

SHA512
98b06ed1970385ee867e512d33ef76f1e0c981da7cedf039222f4714787b2c3e454cdfe37f45c144376cd6ec80a4bd553450e882980d5ae11aee5cd9237c84de

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\localization\cs.pak

Filesize
388KB

MD5
038eedf7aa73821f7fd4f838251c381a

SHA1
8eb14ffe4c2cf12ddf930acd2c9c142dcf3732c9

SHA256
911e4c9d5b74a1dc8dfe286c3b6f64e9f8df70d7510143c9eb08092a52c7d597

SHA512
52d4a91a3403548c4984b3442630a56cf71713b3f12e754a6d4f620bcd1b94191d16bbac2097f8b5913409d13daa65f74be2d64ba4b655e55b8dd0cc401507ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.3MB

MD5
5327e44bc162bf17137c162774cf4c72

SHA1
6753e8d69867c1e2c98732078a33492cca54195b

SHA256
5133bef4419e439869c0721413ff3aec73eeab9f22d6ff3f8f4517342985d83e

SHA512
3968f885743633b01a2b8fe2c887f72825c8949de0393359c89a389ccb36c99e8890caa4ef379bae00f358c27a8875e022c8423987ddcaab0afdb62e54a42d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\opera_package

Filesize
118.1MB

MD5
4c6d99528eb9cf0ec91bd180ed6ce8aa

SHA1
caf7046f286bf48612897cc8046b28991e45334d

SHA256
09bf12637a4107a46674c6ea9efa87348b80f15f74d21dcac3f6bd309248fb09

SHA512
dee5dfd4d7aa6c12f48ec5c35882db8b987ae4664129b3584e7242e6fe7dc590586c726ad748bd49b5914ffd7603f832fd189a6f4706ea4d4d575275561dd32a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3cec3940e807f7fa75b84301f25e6b8c

SHA1
d74eb6dff823ea35419810f3506f663c8acecc3d

SHA256
944efc935245b7e2d38f12cedee7a1ab4250d89a2c1c6452556ded47338a71f8

SHA512
5a68ced9e76c49331107bfff492a3eb4da3e4bf12973465da528c6b7e57df0ecfb71174a717665ce282b9376ef96195bd8b389b1d98fbe4005fb6fb2762f06fe

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
cbb4b835d9b8db08843e342b48c48b9e

SHA1
64823d7bf3db54d6c57e9aa38d2f9d98e634d1fe

SHA256
e9130195c7d5438e3fb26c5d7129aeff9594631b6f90dd2f6e6729ca4c13951d

SHA512
ba2b06b22e34d3d30a8022fab469ee801115a4e31222a1500a5142dfc2b73adab33cbbe24fcf608ab4abc898de684c8c17df16c09c1f08c465d0d770c55cf22f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3cec3940e807f7fa75b84301f25e6b8c

SHA1
d74eb6dff823ea35419810f3506f663c8acecc3d

SHA256
944efc935245b7e2d38f12cedee7a1ab4250d89a2c1c6452556ded47338a71f8

SHA512
5a68ced9e76c49331107bfff492a3eb4da3e4bf12973465da528c6b7e57df0ecfb71174a717665ce282b9376ef96195bd8b389b1d98fbe4005fb6fb2762f06fe

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3cec3940e807f7fa75b84301f25e6b8c

SHA1
d74eb6dff823ea35419810f3506f663c8acecc3d

SHA256
944efc935245b7e2d38f12cedee7a1ab4250d89a2c1c6452556ded47338a71f8

SHA512
5a68ced9e76c49331107bfff492a3eb4da3e4bf12973465da528c6b7e57df0ecfb71174a717665ce282b9376ef96195bd8b389b1d98fbe4005fb6fb2762f06fe

Download Submit
\Users\Admin\AppData\Local\Programs\Opera GX\94.0.4606.96\installer.exe

Filesize
6.6MB

MD5
9ef04f623d8bc803a1d2f9c60f5d2d22

SHA1
79441fed98947f8f70b71b12b5b7d53ba278832d

SHA256
cc419117bb9d30fb6cedb9673d4f6b1b4681955ac9b8b3e6e3240f785a359b88

SHA512
b329049972853c674b7a879c77985a2c49f3d8431a49f1c4d8e0c360fa6ab00cddc3931d827edc34ba2ec9aabc815cc4d42458a0268d12ef8a38fddcc0559b70

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.3MB

MD5
5327e44bc162bf17137c162774cf4c72

SHA1
6753e8d69867c1e2c98732078a33492cca54195b

SHA256
5133bef4419e439869c0721413ff3aec73eeab9f22d6ff3f8f4517342985d83e

SHA512
3968f885743633b01a2b8fe2c887f72825c8949de0393359c89a389ccb36c99e8890caa4ef379bae00f358c27a8875e022c8423987ddcaab0afdb62e54a42d69

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\opera_package

Filesize
118.1MB

MD5
4c6d99528eb9cf0ec91bd180ed6ce8aa

SHA1
caf7046f286bf48612897cc8046b28991e45334d

SHA256
09bf12637a4107a46674c6ea9efa87348b80f15f74d21dcac3f6bd309248fb09

SHA512
dee5dfd4d7aa6c12f48ec5c35882db8b987ae4664129b3584e7242e6fe7dc590586c726ad748bd49b5914ffd7603f832fd189a6f4706ea4d4d575275561dd32a

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\opera_package

Filesize
118.1MB

MD5
4c6d99528eb9cf0ec91bd180ed6ce8aa

SHA1
caf7046f286bf48612897cc8046b28991e45334d

SHA256
09bf12637a4107a46674c6ea9efa87348b80f15f74d21dcac3f6bd309248fb09

SHA512
dee5dfd4d7aa6c12f48ec5c35882db8b987ae4664129b3584e7242e6fe7dc590586c726ad748bd49b5914ffd7603f832fd189a6f4706ea4d4d575275561dd32a

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\opera_package

Filesize
118.1MB

MD5
4c6d99528eb9cf0ec91bd180ed6ce8aa

SHA1
caf7046f286bf48612897cc8046b28991e45334d

SHA256
09bf12637a4107a46674c6ea9efa87348b80f15f74d21dcac3f6bd309248fb09

SHA512
dee5dfd4d7aa6c12f48ec5c35882db8b987ae4664129b3584e7242e6fe7dc590586c726ad748bd49b5914ffd7603f832fd189a6f4706ea4d4d575275561dd32a

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202302050229241\opera_package

Filesize
118.1MB

MD5
4c6d99528eb9cf0ec91bd180ed6ce8aa

SHA1
caf7046f286bf48612897cc8046b28991e45334d

SHA256
09bf12637a4107a46674c6ea9efa87348b80f15f74d21dcac3f6bd309248fb09

SHA512
dee5dfd4d7aa6c12f48ec5c35882db8b987ae4664129b3584e7242e6fe7dc590586c726ad748bd49b5914ffd7603f832fd189a6f4706ea4d4d575275561dd32a

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050229218301720.dll

Filesize
5.2MB

MD5
8c46f73c4fca7cb715ab4609c021b07c

SHA1
dbea64db33a34ac5f9ba7bf3506fef905fb0f121

SHA256
476fc55b3a2d2129a4f520162598bb3afcce14228872f151abf6ec06c1f16aa2

SHA512
aefbf5b872653234b86233fe44b252f79e994746f87c9c041ea515c7feceeeeca2b45e32d6db4fd4253be319abbc29a810ae51316e5e0c4e7923f47927e7a6ae

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050229223841952.dll

Filesize
5.2MB

MD5
8c46f73c4fca7cb715ab4609c021b07c

SHA1
dbea64db33a34ac5f9ba7bf3506fef905fb0f121

SHA256
476fc55b3a2d2129a4f520162598bb3afcce14228872f151abf6ec06c1f16aa2

SHA512
aefbf5b872653234b86233fe44b252f79e994746f87c9c041ea515c7feceeeeca2b45e32d6db4fd4253be319abbc29a810ae51316e5e0c4e7923f47927e7a6ae

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230205022923226768.dll

Filesize
5.2MB

MD5
8c46f73c4fca7cb715ab4609c021b07c

SHA1
dbea64db33a34ac5f9ba7bf3506fef905fb0f121

SHA256
476fc55b3a2d2129a4f520162598bb3afcce14228872f151abf6ec06c1f16aa2

SHA512
aefbf5b872653234b86233fe44b252f79e994746f87c9c041ea515c7feceeeeca2b45e32d6db4fd4253be319abbc29a810ae51316e5e0c4e7923f47927e7a6ae

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050229303871348.dll

Filesize
5.2MB

MD5
8c46f73c4fca7cb715ab4609c021b07c

SHA1
dbea64db33a34ac5f9ba7bf3506fef905fb0f121

SHA256
476fc55b3a2d2129a4f520162598bb3afcce14228872f151abf6ec06c1f16aa2

SHA512
aefbf5b872653234b86233fe44b252f79e994746f87c9c041ea515c7feceeeeca2b45e32d6db4fd4253be319abbc29a810ae51316e5e0c4e7923f47927e7a6ae

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050229308701132.dll

Filesize
5.2MB

MD5
8c46f73c4fca7cb715ab4609c021b07c

SHA1
dbea64db33a34ac5f9ba7bf3506fef905fb0f121

SHA256
476fc55b3a2d2129a4f520162598bb3afcce14228872f151abf6ec06c1f16aa2

SHA512
aefbf5b872653234b86233fe44b252f79e994746f87c9c041ea515c7feceeeeca2b45e32d6db4fd4253be319abbc29a810ae51316e5e0c4e7923f47927e7a6ae

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050230370931744.dll

Filesize
5.9MB

MD5
e1ea9aada88edc64531d16fa10524def

SHA1
45fc7e7eb04a302cfca63ca5e5726a0c933d7ff3

SHA256
34b435c08000b24b59f77c04d5a1d68a33d95b3ab5d07c44ef76640e57c132e3

SHA512
173e44a7613883f760763292bed6afe6383619ec77c5d12b5392fb73f2cb5a26c06388fc37ff83101264f31ee4b7e2db5333c2a117c740eaa427a2f38ea7455f

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302050230378331656.dll

Filesize
5.9MB

MD5
e1ea9aada88edc64531d16fa10524def

SHA1
45fc7e7eb04a302cfca63ca5e5726a0c933d7ff3

SHA256
34b435c08000b24b59f77c04d5a1d68a33d95b3ab5d07c44ef76640e57c132e3

SHA512
173e44a7613883f760763292bed6afe6383619ec77c5d12b5392fb73f2cb5a26c06388fc37ff83101264f31ee4b7e2db5333c2a117c740eaa427a2f38ea7455f

Download Submit
memory/340-207-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-187-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/340-202-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-186-0x000007FE9A440000-0x000007FE9A44A000-memory.dmp

Filesize
40KB

Download
memory/340-193-0x000007FEF6240000-0x000007FEF6383000-memory.dmp

Filesize
1.3MB

Download
memory/340-205-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-196-0x000007FEF56C0000-0x000007FEF5AB1000-memory.dmp

Filesize
3.9MB

Download
memory/340-201-0x000007FEF56C0000-0x000007FEF5AB1000-memory.dmp

Filesize
3.9MB

Download
memory/340-194-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-188-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/340-203-0x000007FEF6240000-0x000007FEF6383000-memory.dmp

Filesize
1.3MB

Download
memory/340-192-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-191-0x0000000001D80000-0x0000000001D8A000-memory.dmp

Filesize
40KB

Download
memory/340-190-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/340-189-0x0000000001D50000-0x0000000001D5A000-memory.dmp

Filesize
40KB

Download
memory/544-198-0x0000000002760000-0x0000000002770000-memory.dmp

Filesize
64KB

Download
memory/768-69-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1132-80-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1132-185-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1348-154-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1348-79-0x0000000002A10000-0x0000000002FD5000-memory.dmp

Filesize
5.8MB

Download
memory/1348-78-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1720-77-0x00000000055D0000-0x0000000005B95000-memory.dmp

Filesize
5.8MB

Download
memory/1720-81-0x0000000002A50000-0x0000000003015000-memory.dmp

Filesize
5.8MB

Download
memory/1720-55-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download
memory/1720-63-0x0000000002A50000-0x0000000003015000-memory.dmp

Filesize
5.8MB

Download
memory/1720-195-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1720-62-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1720-66-0x0000000003370000-0x0000000003935000-memory.dmp

Filesize
5.8MB

Download
memory/1720-82-0x00000000055D0000-0x0000000005B95000-memory.dmp

Filesize
5.8MB

Download
memory/1744-106-0x000007FEFBDF1000-0x000007FEFBDF3000-memory.dmp

Filesize
8KB

Download
memory/1952-197-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/1952-65-0x0000000000400000-0x00000000009C5000-memory.dmp

Filesize
5.8MB

Download
memory/2920-287-0x000007FEFBDF1000-0x000007FEFBDF3000-memory.dmp

Filesize
8KB

Download