kinsing | hxxps://www[.]opera[.]com/computer/thanks?ni=stable&os=windows&utm_source=bing&utm_medium=pa&utm_campaign=UK+-+Search+-+EN+-+2019&utm_content=Whatsapp_Exact

Analysis

max time kernel
123s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.opera.com/computer/thanks?ni=stable&os=windows&utm_source=bing&utm_medium=pa&utm_campaign=UK+-+Search+-+EN+-+2019&utm_content=Whatsapp_Exact

Score

10^/10

kinsing loader spyware stealer upx

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

OperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeAssistant_106.0.4998.16_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
452	OperaSetup (1).exe
5392	OperaSetup (1).exe
5276	OperaSetup (1).exe
6132	OperaSetup (1).exe
4972	OperaSetup (1).exe
996	Assistant_106.0.4998.16_Setup.exe_sfx.exe
1556	assistant_installer.exe
4620	assistant_installer.exe

Loads dropped DLL 9 IoCs

Processes:

OperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeOperaSetup (1).exeassistant_installer.exeassistant_installer.exe

pid	process
452	OperaSetup (1).exe
5392	OperaSetup (1).exe
5276	OperaSetup (1).exe
6132	OperaSetup (1).exe
4972	OperaSetup (1).exe
1556	assistant_installer.exe
1556	assistant_installer.exe
4620	assistant_installer.exe
4620	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\OperaSetup (1).exe	upx
C:\Users\Admin\Downloads\OperaSetup (1).exe	upx
C:\Users\Admin\Downloads\OperaSetup (1).exe	upx
behavioral2/memory/452-350-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
C:\Users\Admin\Downloads\OperaSetup (1).exe	upx
behavioral2/memory/5392-357-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe	upx
behavioral2/memory/5276-369-0x0000000000DA0000-0x0000000001288000-memory.dmp	upx
behavioral2/memory/5276-374-0x0000000000DA0000-0x0000000001288000-memory.dmp	upx
behavioral2/memory/5392-424-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
behavioral2/memory/6132-425-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
C:\Users\Admin\Downloads\OperaSetup (1).exe	upx
behavioral2/memory/4972-427-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
behavioral2/memory/452-419-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx
behavioral2/memory/4972-508-0x00000000002F0000-0x00000000007D8000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

OperaSetup (1).exeOperaSetup (1).exe

description	ioc	process
File opened (read-only)	\??\D:	OperaSetup (1).exe
File opened (read-only)	\??\F:	OperaSetup (1).exe
File opened (read-only)	\??\D:	OperaSetup (1).exe
File opened (read-only)	\??\F:	OperaSetup (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

OperaSetup (1).exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup (1).exe

NTFS ADS 3 IoCs

Processes:

msedge.exeOperaSetup (1).exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 281257.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 453524.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe\:SmartScreen:$DATA	OperaSetup (1).exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2976	msedge.exe
2976	msedge.exe
3320	msedge.exe
3320	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

msedge.exe

pid	process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OperaSetup (1).exe

pid process

452 OperaSetup (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3320 wrote to memory of 5012	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5012	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 3152	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 2976	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 2976	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe
PID 3320 wrote to memory of 5072	3320	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.opera.com/computer/thanks?ni=stable&os=windows&utm_source=bing&utm_medium=pa&utm_campaign=UK+-+Search+-+EN+-+2019&utm_content=Whatsapp_Exact
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad91146f8,0x7ffad9114708,0x7ffad9114718
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4828 /prefetch:8
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
2⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
2⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2664 /prefetch:8
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
2⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2540

C:\Users\Admin\Downloads\OperaSetup (1).exe
"C:\Users\Admin\Downloads\OperaSetup (1).exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\Downloads\OperaSetup (1).exe
"C:\Users\Admin\Downloads\OperaSetup (1).exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=106.0.4998.66 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x75959558,0x75959564,0x75959570
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5392

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5276

C:\Users\Admin\Downloads\OperaSetup (1).exe
"C:\Users\Admin\Downloads\OperaSetup (1).exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=452 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240125160047" --session-guid=598c14ca-7862-48cc-925d-3a86e85b2853 --server-tracking-blob="ZmFhZWZiNGRkODlhN2U3ZGUxMjA4MmMyNGViYTY1MzZkYWQ0MGUxMzhmNWI2M2E5OTFmZTk0NWI3M2FkOTUyMjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWJpbmcmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249VUslMkItJTJCU2VhcmNoJTJCLSUyQkVOJTJCLSUyQjIwMTkmdXRtX2NvbnRlbnQ9V2hhdHNhcHBfRXhhY3QmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZkbF90b2tlbj0yNDgyNzIxMyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcwNjE5ODQzOS40Mjk0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJVSystK1NlYXJjaCstK0VOKy0rMjAxOSIsImNvbnRlbnQiOiJXaGF0c2FwcF9FeGFjdCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6ImJpbmcifSwidXVpZCI6ImYxNTM5OTM5LTEzNmQtNDQyNy1iYWYzLTA1NDNkNzg4ODA1NSJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C09000000000000
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:6132

C:\Users\Admin\Downloads\OperaSetup (1).exe
"C:\Users\Admin\Downloads\OperaSetup (1).exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=106.0.4998.66 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x72fd9558,0x72fd9564,0x72fd9570
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4972

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\Assistant_106.0.4998.16_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\Assistant_106.0.4998.16_Setup.exe_sfx.exe"
3⤵
- Executes dropped EXE
PID:996

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1556

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=106.0.4998.16 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x752614,0x752620,0x75262c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2049714177363900086,11324124793859012073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
471B

MD5
79ec5fb0291fc15ad408c878da9ab1da

SHA1
1305cb1f4336de6e1bb9181f86e7a4e1baf9f77c

SHA256
a561dbd184f971b7ff03fead6318023d1e5bdc6795c3d83a41961629e05387d1

SHA512
b873c68f0e54c63177bb463503386c517c2c7ef7992762f70aa46a8bc0c167cdbd48a075e2af5b49f66dda5eaa35b77d41c59f3c3e3092a0255792baeae168a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0343D08A98AFAA7CAA7068BD558BE887
Filesize
727B

MD5
f89d179e38d93e400e85c48c6333c552

SHA1
b1a1036b7838d38ede77538df835b1e5a560de4c

SHA256
adac08c5084641f32849e07f197a6b358e38e77bf4d8d6c8dc4a5b4afe2bf9be

SHA512
08e97d992ba0024c58ac277f4d619ddad0cfd6bcc3203ac432e95e1935cbbe260ed65539c08f2613e8169af139c387a6a10777c443ce983a855c666b5cf3da35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
727B

MD5
83f7a9ba0cd90b1451fe6c94aa293a3c

SHA1
b74cf3cca1fe42eb33f3ef5374419a5acef9fcc6

SHA256
34a1244b39e22d2b1b93324b6801575e5bc2f919c87702e0f8dd16b449ba974a

SHA512
59887574da9b2f1c3fd235cca90800560d5e7add78fd07184aa499cb688ab4f48b7e79317e760bda113ec5f2a5d3c1bdac8fa5ea925949f0855f493534d858cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
55e01dfbf910c0fc51d56bc038b22c8c

SHA1
2e23d043ec910254fceae20985023828bc3b270f

SHA256
f9e3ad1d0d339b731344bbe4c028577850735a53b5cfd6b2d62ba1136e99bbda

SHA512
c15da5d4da3e29a5f4e5795d29efd41e699052847e351a39642d7ea6e70764ba1d02ce56f239cde681d5d5c882c47d12bfbfe4c1ee2466b0e82038c3962daa44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
400B

MD5
1f1a0179e49decc89a5b6efebaa8d2a1

SHA1
4e3c413bfba06e0166ec72143495327bf60e7604

SHA256
28088279d8593c2052b7a4c814c384fe7f71c0e143634ae62a9c57b8b6d872bd

SHA512
d7c737403e413c49052e65a3e5d8dd58a57e7cdacca627d976d58b0bfb7e1d5014a1758a807f9d02bb5a84596b5c55113548736137d7921f44f2c28aefa4ddaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
290B

MD5
dd09134b24ca3e8df626f598a31dd0e6

SHA1
230e0a05737686a2a0cbc98e51a48d9506dc5a85

SHA256
47e6519588a7d9bd3a7bf04e3758736522d4c08337bb34d1b9934f18419b07cb

SHA512
affd62378551a4e00b906af15ae477db02c8a7636d8370bf9ae76d41408b65cbc4ddc48c3b43866bc5921f40ee68e771487c6295eeeee289466f718c6c389d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0343D08A98AFAA7CAA7068BD558BE887
Filesize
404B

MD5
40225abc66324db5c84e23226b58d607

SHA1
7c03e9d6013c521db25d264958f453b852f7f2f1

SHA256
8c9907fe2b7a6bbc73ac519aeb249b44b528208cea44d4d413b1059833ad9396

SHA512
adf512e8113517a5659be45fc61b7784a10f698066a325b789bcc38452be2dc66d5cd5f4004b9b9feaed3ee5fb9ce5802b3dd72882af5b8b2382555adba5f03d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
412B

MD5
7bed1ff2c286110929de6fd0932c1a6f

SHA1
25963225bb238ded370bdead6439d4655a0ca18d

SHA256
400870e4b880e63ae194b43cda18a67259ad59094dd9da22ecb5ca1871772160

SHA512
19e0c596d4eacb4ca5e6b1ce6faf9764b77545e7e8f52f7b3fd0a1760c62ac93e062bc2041eaab438a71dad954886566cf56fd5c114498d2cd317c31c4b9446b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
46cb848ec9aecbed02e974fa186a4259

SHA1
ad21de769b4af512908f6143b8e4c75be7b37700

SHA256
32485daa0d2252a461ea62b7116d61a079d35d29e55a2b518dd1f4d924423b26

SHA512
6b2c69ed13aa4d40004f2a26f9321e8aef27cc31d1fa31137611a49bbe3b13889e723281b4ec0a8f3b6025af35b69eae72931c3847bb8b3cf74332e7b82a6bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
47ca454e869565fc2b7fa731778b10c0

SHA1
998aea681084f35ea66f69efc93770a1f45b6613

SHA256
2a2a8df777c2dfd207975eafcf7d2867c186f0be72d0bd0b4225972e77203a3e

SHA512
e6da00e1209b3e06e310626cef8c45c22b0ac1ec9e8dfec857a6c0abffb5ff344a3603b7688be2e1198a1f4785708c6406ba05d4d56cc1ee47d2e52439adc66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
491bfab9506df554983eadb332dedd9f

SHA1
eb430c7ea8bee5cf2a87cb4d16014090b80c5dee

SHA256
bb570681d6d27d574259ccb502b5ead0acce465b24ece6ae76caded76af006db

SHA512
d916e1923bd3f6558d34c249cf605eae023ead9159fb726e87404558dec628beca4ac1961aa8aff550079033da74f024066a27f66c3ec31b4b4f598b1ec667f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
795e29537916c2f986b5b91db03b1ba6

SHA1
cb0c9bdcf3046b89a34588ed421d3c45bfa8d19f

SHA256
6d0382d55db8cf30e5747ad9e53e89fd6b1156536c3fa3f517669e9321c7dcde

SHA512
32553dd25de2070a4a3fa743d04e7089adac88a3f103a51e49c8342e223b27b5e079f02d1940de077b5741f39457322f9c47db4d7cd20b60b59fdf973fa28217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
16a224a58736907a339746051b174af3

SHA1
75db1ab5542bfe564d3f5dd87bd045cdeea02c69

SHA256
31555fa3b00c90ba289cfeaf0fea62c7aa0332de4fe7ad2ecdf5359b8055ea3a

SHA512
dcd96161fbabe17861e214c95dccd2b3405184f93720f64c2b8cb8072502ac0defae65844826c1ac3b0f6e1f7826c1c5cf8cef70a5320b77b00d2163e21733ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
8db3e03648b91a5952cb0880a049ca14

SHA1
fd6245cb22c3d44cb2a749d1673f153f183c9f2f

SHA256
3ae8b5decea99afb0cb71df8eddbd6bb928aebf8ba1821e48acf8f24c1f4d5b3

SHA512
0747215d8da726b7b7b58f7a770c6756e47bc0170c1412c375f2af8b668c22dba6e46450e4161d6d2c0dd4f9201546e12cca0742f8adffe53e620049114a5922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b221af8564785b0d87855a35aba380af

SHA1
c4a4b06bc264fbfa7d116167b2d03863165b54b6

SHA256
85193f8b0ddddceb10d88be3d6b2efa965b8705fb3ee692bd97968ab30012c23

SHA512
f872451cded208f86f62e429ffe4110675cf8bd893f3a8c7dc9bd6a52ecac06ab7962e9bf7778c03d9073e55f3a93a3cd962ed79e8cde8b27c551170ae9bf57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f1a6bc6daffadc87dc3a57e5c89296c1

SHA1
96eed73d667eb1a51cb92a910c1ddb53e6419daf

SHA256
653dd171a17c2fdfd87d23cc35244455436efb6e58ef907d77e28ff5cf930709

SHA512
aa17cac46c11be8f9760146460869c520a400f94b3d74975ca4c7e66390487f8cb2aa98da442013f448a5a42e259bc2724a3fb513385edddacf5478c114421a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
98f831f6f7fcfda2a2ddb1c40427d922

SHA1
6e2b94ba7508092246ad317b9f4daf594e7e552a

SHA256
422e379871c2c810377c07ebb28c5bf528836967efa08c59bb2f8be3b3fdeed9

SHA512
9422e6199c0b8dc65c0bd187e6fff581c417c626f5468438fb8eb2b84d0de6ca45a1d8a9b6ad30e4bf50ebe22990f559dc61d43b461bf04c553212e36b7c8ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
50b10630e9d18b319d6433473e1f9e74

SHA1
ea2a7dcbd4514034b11bd27c406046c6c5d7827c

SHA256
7e5ee9289bca22e815b5beb65852d656a4988bc2e1592e0085a092b89e693c6b

SHA512
798e159e1cf24d54b505ff9a755ef3f8ef0728fb8ad9b6a3a5adb27280d746ed0995ad5dc9e5b3d3782b9e5710e7824db04b86e4fa97fea9ce39eabec7b43a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
1c8a82623c643614fcef6dc6c778e8ca

SHA1
34d414b13d37c2ae486a80a3a3975b867073ebb6

SHA256
7378fe6593b6f2cad1719d677133aa8ab9bf354869c6acac0f7ea4450136f69b

SHA512
9c29b58441edf2e504bb765ff4f352f6cab8ddb1baa9ebd96ed0a179d9dcc6593c8ead81999317209e432864d80c5d78ca67c170e3c8b2e33fe6bd74b814777a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
b791edf7a55dca064e32e1846d8205a8

SHA1
d098a23b2f1e819c1fc784c63c4511b7a1086074

SHA256
8bfa048fb4363a29bb24b49bcc034f6b1854e4443838294b38ea8b678160a290

SHA512
6bd910e70e52e45846580140021d2c7200fb0c914f8137ddc8535fcda678ffaa1d130a243538ec5f018ac7d5680650fd49c5f5e88a3f4f329a900ab7c5136237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
d0dcea994cd5198fe7903aba3290ee43

SHA1
85727eae2bcaa3af5818834c615c17bc6df2de92

SHA256
682d85874c00bed55d50c14785ea30a223d288bcb59ad45677de6fe537087fcc

SHA512
3fa3f41a41c076d9bbc93f92776e74d4aaac35bc2b0657a4cd1fa10c41b351b9d8e9f96db64c4904776004304a4434e642910d286d460de2debcd0d54c09d396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c738.TMP
Filesize
2KB

MD5
074f4cce294b7abe062486484bcda7af

SHA1
187f973b0f6138948cabcdf204c1ea216f248dd5

SHA256
d6fa85980b2127fe5d608d4680c1791c3dc2977d4637be930a622590f4a7d5eb

SHA512
d0e5085d7172d87740583132ce9e56c31464825f02c31f91a0afad2760a67730a4fa37791d592855674b5ae304f9280b2e4fa1f4ceecd0f43894b0e1605e3c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb349781-7738-4a2e-ba7a-757ce29f2077.tmp
Filesize
10KB

MD5
eff129ab57ec80d0d7d2260f52686783

SHA1
bc0e143aa88c6ddc718f3959b23b49fd2c70e36f

SHA256
e191fe175c06fcc187744444d32838fec8a8b0de1c9fc7f34c96778afb5b6fff

SHA512
e56f201d2166bce64dc3c98ee8b977819139d72085198e807d73d49367a4771805d9e87df0a1309f6ebbd20519cab34018c00714da06eeee8e970de8d9e9494e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cd66289da1d11623515949f3d7ff4f3d

SHA1
580e3e3e497a13cd68d711ac770e842bb701d54f

SHA256
97abaa97f40bd72c612ff35580208abec0d791c75e27ce69b618cdb334a1c0b5

SHA512
3aae0622d0eb98e2a04bc6af2543c0f65053c724f64ee4375ce444c997ac9d9e9ef516008783576dabcd02edcdd615f93c0704438ed7bcb6d328e9e7bccabb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c72edf30ca4a876c86c92d7e6a11a621

SHA1
847ff3ca816ac78b948794ecf2bc3ca82f1b91fb

SHA256
d992f30029657db4d9ae8a7c514bf4aa955ddef9e28bfe22e5f7d1348bfa043a

SHA512
1445e40df256530298800e5a5346f4c3ea8db22ff2e81c92885ce4e691f87380530fb8153cfd270087ea5106da7eb2e1a260b0f32fd38382e637dd83539d6945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
aefabf650eb0d2f45105b32e769e1a6b

SHA1
32ea954a87086785dc63f5cbf584af0172a3f047

SHA256
b3410ec8983cbb448b20e3e61f6697120f05fe09de30ee8dd96e776045f64a3c

SHA512
b259814024ccf7cf4d9030be4a4108168a8c10e882b47f1857f4460ce70feeec36126f67d1f2a20bb23d5c562e5ce85cda62c70433ae8caa3a42b9f1a0e17a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
b1db6088b8abf2c6fb12e779b1e856b1

SHA1
ab86406ff573a1fa5a6c834ba71dfe64f353e11b

SHA256
a4963d9eb440c3089854a3b4b5c08338218f466f135fcb41a3efdf7729f36da8

SHA512
38ca2c4fbeb995b56c2722e32f68139c503a8bf97cad8bd0a6bc17c919fc752e9709d0e8ef5388096427ca6fdd78eb1cf72cbd14e9a37e83b0a6b06a21280c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\abf9867a-2557-4602-85ce-aaf68e214892.tmp
Filesize
10KB

MD5
47c838b9fe0a50eb4bf1c62eede18015

SHA1
5275d6c527f9caf435c10db33ad38b725ce3fe7d

SHA256
e026cee62c504a2a4636688c6261a7fc85027ecbfacbf0b4c7883ea7939af58d

SHA512
1ea560aa84d2ac2857baff60001118d7a611b11459e42be31de3ab246aab544f0313e9ca707febc18e6567c2b48bda70059d4cd40f00708ce653277f09585b5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe
Filesize
46KB

MD5
043a9a3b31cd8dffe14fef5c6bd6dfea

SHA1
d45494e53d2619f7001d9a967e68f5da375ecd93

SHA256
7ed809f8347947659b5fcb906cea07568df488fcbc4e03bb1b6b4a9d093adf3e

SHA512
db04f67e4065fb3c95f04c63e067d83aac295bbe34c5fdeb0c86d3aa6a969ba68855429bce662cc4a8dd7f9cac707fe0a6e044544f1f305a9e1256aba26be8c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup (1).exe
Filesize
114KB

MD5
d1b43305ebdf455951f97adc9ac7530b

SHA1
b75aa422627df84f8680057aa5ce7c6b656c0320

SHA256
9f8bcd8f5bddb4485583a2e234047d29d3ac881ff97c9843ae97d9b26d292646

SHA512
70a82bce77b42d0ee738ad020f759aa3fdeb9f0a59937db8ed6f1a688a5d4be07dc611a1d35bd7cdeda1e76d19c1cb5405217b275f7f66f698e7bc19512999dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\additional_file0.tmp
Filesize
2.3MB

MD5
c0fda03372ae2e7db57616dfd3cb3680

SHA1
59e0c4a92122c8823c1d5fa13a701140ac0a0149

SHA256
b3a48ff577ef09a8fd3b87bb1b36f70ff0078e9e8b1c9e3d34ecb296014d1cdd

SHA512
ff54edccc76b242357b4b81250f0eb7f84d3385b8b2ba0ecfbc179b298ce69cab045c616dca6477fe0c0213d7c6fe851ea1215d05b8c6887d10a0c1645f0e94c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\Assistant_106.0.4998.16_Setup.exe_sfx.exe
Filesize
2.1MB

MD5
a5ac5d0e124a3f320580a3d1921b4494

SHA1
51b52a49f58586861bcde88a8ae042c877525a19

SHA256
5560000f928b58e4072ad2649d46b3e0f997f5c1ac8a28264fddbdea5bc7096c

SHA512
a3b8a7bfba700e4b1d2a4f2f2db1b4e9051bd31641d15dafd0ad854ff4355d28eabf36081851876a2fed91a41461846541fd09e5c71cdef64628727de575697a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe
Filesize
984KB

MD5
ebe07ff5dcaa177e7d0248b9eb9f3887

SHA1
2397b7e2f0cb2ecc486b8f730503cc040e19880d

SHA256
c031f0438fd0ba735abdabf5308b66377814335eb13fef3ae6ded5cde403d933

SHA512
862f2830cf2e321913a4177bcc2726d0487715456b0513b336c8f0f7c2d2e765aab9cd01c341245d7cb9f2b12ba37f1f0e42d7cadbd0d8be3265586e537193fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe
Filesize
1.4MB

MD5
74d6f2e6b2a37915657cec033ace5019

SHA1
5e74a8382d36ff701b870dd4fd38d73ac70e2e21

SHA256
01ae7f3b5582d3ece6b89f7724dcc6c02fe8f99cc148b684d37cac12113b0b81

SHA512
44a60fc331cb6b1efe2dc17efe94706c5a774e8293f46c9a93ab2e1f97565f13a09aa999861e8fc7c00163982928b89464d4036aab092fc5a21d6f8cf3769878

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\assistant_installer.exe
Filesize
984KB

MD5
eb3d7410c8931ae04442c91280fb4677

SHA1
1a86777ea5b221d78180013b456f66874bf08b58

SHA256
757b381589b12d62cd005f1c19609c51da4a610b95456ebdd86e1ff3d202bbf5

SHA512
a81fb5287069038bf57940c152726d0a43468e3f3e78327391844aa8fc065f7bbaed409b4277890de2a2f7d9dd313e307071fbac323f164378fdcc9313cc81ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\dbgcore.DLL
Filesize
166KB

MD5
a59b6c6d04bac536cc7fafe92f0d1bda

SHA1
6d5bbdfafbe2ea65e3aa9abc088e0fc6e20be8a1

SHA256
c2d92d6e9a3ea40f38d275499bef7ba899802f131160ce1a2f76314b87b531ac

SHA512
49e748676c54482f7de089fb6eaa45b5cb3e59a1b9125d90619371678749a0b80cf8ef8c7cf75c8486d20b89639a8b679c23a671a2c3b6dff1f86ea9cb1a7f5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\dbghelp.dll
Filesize
1.2MB

MD5
a4a545b19161d115688dfcd7035e12de

SHA1
796d349ae418ac9189d6179ec6a8df131bb0af86

SHA256
c2fa917efb6bb59eced2a1205ea922cf9a7d4006ef547a1162aa1c5afd5ebbe1

SHA512
5f7b492907a54be0a5330e471353941c0bf2db66fd22bab7c0323a20759deac3f0e39b3822cc03bfaa6f82298fa5d7b3863d4411eff04e6fb298b1f15e4a10e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\dbghelp.dll
Filesize
1.1MB

MD5
215dd170304c40658f301d2ebd94a4cf

SHA1
c39bbf78b974a41efdd3425b730691f45db55a94

SHA256
cf0d1e3292a7fa66bb465893fefb284b203a6a017f743515e669505b9fa96479

SHA512
13977768f4117ba1df1c25806452c84313e4f76e0a5a605adca81b75fd17b58d1e941fee5bba5a6f34160b9764cec03990e94dcceab9df2ee5a62ae6fe59dfb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\assistant\dbghelp.dll
Filesize
1.1MB

MD5
73d7682ec2cff4f6f39455e9ebc59693

SHA1
dcb8eaf623f83b3ee69c244f7f2e386c43410728

SHA256
4374776e45a6f992d6573ea0753b682e7850048e573f0c1663d25cbc83639209

SHA512
36a34a77fb5130c65a7de66109fe2270544de307c22774082d274dc71c996ce424c911bd017ac7ffd71b1fb5a9601d6b5347925780c873135437ee7549e3e44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202401251600471\opera_package
Filesize
25.5MB

MD5
515003df53ad7ad054c8d5fdb7215972

SHA1
25d745f87b101526684a32d9ba2eb06446ed1916

SHA256
bda75fa3974c29726a6adab62477eaa8e4a89b22672962e7e02efd1eea8c7029

SHA512
f2d754c5639fbb8b60a556ad87832950c065e58297141b7b5af59a2e0f8d993020518a362ae692fff7acd0542972080134ce70909baa2e2745737c1450c382ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240125160045678452.dll
Filesize
1.2MB

MD5
c2bc99c7925c2c39581737ff30966308

SHA1
2f73adb1cd64f40cc0ab9f8866b2a32b0818bfbd

SHA256
f9dc1477ed127025b2f9adb1aa2b4c990dff3ba84d6491087a13a0fc472578f6

SHA512
f8f8f19d75292c4eb09a1776ede6fc9d7cdbd2b5256c3477648719d0db869491270b80a65018db6853b0d340f779baf99b2f4909041274b35cbca5c1ae86fa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2401251600460735392.dll
Filesize
359KB

MD5
ff0c30f29be353bbda567441a4669a09

SHA1
e116cf88484e5b40cc19a16cac22b3bd843a68ba

SHA256
78d795ba780387393e92a25c534286b48fa2972c63672287d59dd2db4a443ae1

SHA512
892ba4d135e4a5828c937b0d76ba4cec1e5fecfee5db4f5a026e31f18bff36aeb31d80c85a3357ef3bd12a5dda8269f67b6c49b00388acd8eca796eb45b197cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2401251600460735392.dll
Filesize
263KB

MD5
4244a95d63c71c75a27bebfd4cb95245

SHA1
2dadc16f01458c1f096558132fe6c8f72d34f65a

SHA256
f9ac72cb6ef1e1b3cd93b41b09f90be428fe39ab6dae61242f0622bf199a5b74

SHA512
85c2e36cdb571646f5d67cbbf48c878dba740eec63e672adcef9dbaea56aa74aa627454a7bd380a69c033afa828c4d458061ffb2214659021344a5c36238eeaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2401251600466445276.dll
Filesize
14KB

MD5
8b6760d7cb12307171571e8e71f17fd6

SHA1
186ca6eae6732db672e2d0210dd3fb87d71fafdf

SHA256
13b75816b864d3b67ee9cdd806fc50b07c5292fb850153dda0cb1bb2d0408ea5

SHA512
81fb7c19bcb2120c9bbc3bee724b3c1ae7ad1473fa5d8405a0656524fa03abde9a1fb21a32a1ed03818de610444080e9ab66053a7754045a5eebaaf81a9b64e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2401251600580626132.dll
Filesize
1.5MB

MD5
4b8c21c5f1ae4310b77c66fb74f3fd3e

SHA1
45fb6c69a48db70a365e3a4a72faf13907e2a3b9

SHA256
6a51e7758834c53c6163f2bc4ddebd295405b1b4107aadb01ac39ac560814291

SHA512
5250e69452f69af83bf60e06d87eb6277d16448dd49706c0e6545691241fa570f91196fb354228b776cb56430b4e3f313ac8f2fea323c728ada10158b6cb3934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2401251601005464972.dll
Filesize
2.4MB

MD5
a06068fc5cfa15eca60983ea07a05cb8

SHA1
3c7030814ce94babf3cbe34f78c71b7e0e59d1c0

SHA256
14a2ee73fe1e68e1ba736021baf106513dc4e5187cd1d17d459a7045f76c5143

SHA512
24dc5f2f58ca8ddff6fd5bd93e0f06c350686f85c2a0ba8adc1fb2b7ff2ad3084b71e643e7097cda6173aa52db12e28422f8a4ec3a0ee4d5f7ffb7e84bad1702

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
723753b075fb38aff6ad8a4206e7639f

SHA1
a446445abb93c7c85ccc30bf4d39bdf077ffaf44

SHA256
a73088867d7859a7a2f752eb90334e87ea4ed93dcf5a8a66d229323371780052

SHA512
06c45e1ef91f63eac00c5925dfb9f2ef3090c4fe899b22befe8487bf9e6bffda5fc781554df93d23dad0d570767c2ce68afd25b24c9291ba374a44021da49188

Download Submit
C:\Users\Admin\Downloads\OperaSetup (1).exe
Filesize
2.6MB

MD5
58303666f55b0cd90658ab19b401ab07

SHA1
6d3e7169ff48480806efba294f6972eeeece01d7

SHA256
9043bba25ae94e50be1ef513e524bf036fccd204ffaf552a401f1b3b22cd596e

SHA512
cf8805f8e775b057c5e9dd2cfc6013e19d3f775d1de59b5362661f0591f2c86ea5d848e13591c168a42e14750ddb2075bc91281a16c9aab7112afc90b3c84211

Download Submit
C:\Users\Admin\Downloads\OperaSetup (1).exe
Filesize
2.2MB

MD5
1d0a6e81e51e8199a9a7e6f3f7b6b957

SHA1
9d9fe5feef8428b5fa9ef52823710bb580152929

SHA256
505f4a8261270cd14116977fa2fbef91c2662b6a49fbb9b4c0a32927c2ab15d9

SHA512
2899831478bb556ff3275225cf0f25026a1e0720090f011f1cfc95c8877774deec0f29e69b4aea2adfcf063d28f801ea711498271adc560f31857cad7eb9f976

Download Submit
C:\Users\Admin\Downloads\OperaSetup (1).exe
Filesize
1.9MB

MD5
cf9c0b5897f8b066676eb344515e4b96

SHA1
32c78fb95185a84ba3eb880c4284ba568aa501ea

SHA256
c39a65b9b29ba0e2dffd82a11d15a2a8b9e438d857b4adc795b7a3607f597c0b

SHA512
fecf01751bbd6d8040c36da1975d70178fd9fd8d5d434bbabfc4ff2a9017e8409a71e653c4b89745c651c5fa51d884d3f4847171737f7a8b6c4caca8d4c8afda

Download Submit
C:\Users\Admin\Downloads\OperaSetup (1).exe
Filesize
517KB

MD5
49f5538720b23b9966d1718547da3eba

SHA1
f20048222ca00d8c442ca45f35db3cdb43a8c8ba

SHA256
947957265bbdfdbd2d32230ea5640ec1bc323975bfb89fca363f18c8a5ad0bb3

SHA512
eb95dfe31f5272d2f459a2c6a12041fba6f636ad5dafe3da155db39e92498267c7b4eaba3b9cc6d6cc309986ebb5adefe5baed5e0b61638cfd27a82ca69826bb

Download Submit
C:\Users\Admin\Downloads\OperaSetup (1).exe
Filesize
1.1MB

MD5
f05dcc34c4cce21625a16dcb13f13e84

SHA1
baff774144c3e1e04b3c46b1a0af0484a5c4cf88

SHA256
2021ca5b3b53939084f014f60d4c5cdc7bf9b01f1d1955015e633803b1f563a2

SHA512
191f9a503cf8aef57698630bb3dd6c54219ac51ff128967eaf70ff7f66d5ccfe3b1d46cd7d71f8a7ab745bef7226f010e17c70873b998a533570325d09519ff5

Download Submit
\??\pipe\LOCAL\crashpad_3320_GRKLZZTMIMTAUYMA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/452-419-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/452-350-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/4972-427-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/4972-508-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/5276-374-0x0000000000DA0000-0x0000000001288000-memory.dmp

Filesize
4.9MB

Download
memory/5276-369-0x0000000000DA0000-0x0000000001288000-memory.dmp

Filesize
4.9MB

Download
memory/5392-424-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/5392-357-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download
memory/6132-425-0x00000000002F0000-0x00000000007D8000-memory.dmp

Filesize
4.9MB

Download