03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ReShadePreset_by_GamboHub.ini
Size

31KB
MD5

753ffc0af0fc2bb5dcd1dd978c2f0f52
SHA1

13fc43c0d9ae481a4462a3e15be2b41b2b7ba39f
SHA256

03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80
SHA512

24bf5ce5b842395178b8137d827af72a289f14b524220c2056e23ab225854dce742c7c72464644a50c4b5ba56da16417a422e51df46599cf168c9e8c6bb40052
SSDEEP

768:Eq8x58pWIcRU1ytawZwzZmQcpZJ6V0h2WkXW:EjrDtaIH6V0QWkm

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
4348	OperaGXSetup.exe
948	OperaGXSetup.exe
3596	OperaGXSetup.exe
1236	OperaGXSetup.exe
3780	OperaGXSetup.exe
4856	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4944	assistant_installer.exe
4248	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
4348	OperaGXSetup.exe
948	OperaGXSetup.exe
3596	OperaGXSetup.exe
1236	OperaGXSetup.exe
3780	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000232ec-679.dat	upx
behavioral2/memory/4348-710-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx
behavioral2/memory/948-719-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx
behavioral2/memory/3596-731-0x0000000000980000-0x0000000000F41000-memory.dmp	upx
behavioral2/memory/3596-732-0x0000000000980000-0x0000000000F41000-memory.dmp	upx
behavioral2/files/0x00070000000232ec-750.dat	upx
behavioral2/memory/1236-754-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx
behavioral2/memory/4348-779-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx
behavioral2/memory/1236-798-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx
behavioral2/memory/3780-799-0x00000000007E0000-0x0000000000DA1000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{BC48797A-6F45-409D-9232-8F8CA6D5C496}	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 651940.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 397057.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA	OperaGXSetup.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3400	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
3884	msedge.exe
3884	msedge.exe
840	identity_helper.exe
840	identity_helper.exe
936	msedge.exe
936	msedge.exe
1416	msedge.exe
1416	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4348	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 3724	3884	msedge.exe	96
PID 3884 wrote to memory of 3724	3884	msedge.exe	96
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 4924	3884	msedge.exe	98
PID 3884 wrote to memory of 2320	3884	msedge.exe	97
PID 3884 wrote to memory of 2320	3884	msedge.exe	97
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99
PID 3884 wrote to memory of 4008	3884	msedge.exe	99

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\ReShadePreset_by_GamboHub.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa33ea46f8,0x7ffa33ea4708,0x7ffa33ea4718
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:4348
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x74f961e4,0x74f961f0,0x74f961fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3596
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4348 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240228215023" --session-guid=8368075a-3f70-42b4-8ffb-cd7a0549a020 --server-tracking-blob=NTk3MWQzMTlmMWU2MWU5ODM1OWY2YjFkNzY2MWI0ODlmM2U4YzBiMGNiMWM4OTFmZThiZDUxY2RkNGRmZWIyYjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1iaW5nJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPU9HWF9HQl9TZWFyY2hfRU5fVDNfQnJvd3Nlci1HZW5lcmljX1YyX21zYWRzJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1faWQlM0QlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fc291cmNlJTNEYmluZyUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9TZWFyY2hfRU5fVDNfQnJvd3Nlci1HZW5lcmljX1YyX21zYWRzJTI2bXNjbGtpZCUzRGE2NTVjOTI3YzE1YTFjZGUzMDcwYWNmODZiMzUzMTliJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0mZGxfdG9rZW49NTE5Mzk4NDciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDkxNTcwMTMuNjE4MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0dCX1NlYXJjaF9FTl9UM19Ccm93c2VyLUdlbmVyaWNfVjJfbXNhZHMiLCJpZCI6IiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6ImJpbmcifSwidXVpZCI6Ijk3M2NmNWEwLTY1ZGQtNDg2MC1hZDkwLWNhODc4NGUzZmQxOCJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C09000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:1236
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2fc,0x723b61e4,0x723b61f0,0x723b61fc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3780
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x374f48,0x374f58,0x374f64
      4⤵
      Executes dropped EXE
      PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11279449950049320116,18191238020450499001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D93BCDBB00BD67AA36946A4CACDACE4C

Filesize
727B

MD5
9d22dc1bbf4f869b1af861221df946c5

SHA1
749a67ffc415314b97dfc8c467ed1c6dbf159c54

SHA256
50914a49e778828a1377d3176b59015f7d78708208863533a9dbdc6627d10586

SHA512
a74a7784368583325d5b26469606a0d8f186a0639bdb5fc219435061ebfbc1960f12dbecbbe3181702df0a561db762fcd5c08ffee9af42e264abc26ab5787616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D93BCDBB00BD67AA36946A4CACDACE4C

Filesize
404B

MD5
31380348700bf3c84b344afc097ab675

SHA1
229baf1180336ff7ee39abe9f638080c31395756

SHA256
17fbf00700a64eb3172ce8ad2337e66e2357ff53719bffe718aa7617c0888f05

SHA512
88960fd52cc5b78d1b34ee13cc312a2bbc225b5d297e4ebbab8065ae047f6451c3a89958bb015adc63b1890825efa101d6e7ec0d3b0e289c8ff97c836a0b96bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5c2636dc-1e1f-4f51-a46f-629b297c7b32.tmp

Filesize
3KB

MD5
07d6e20b6795b9658e1fbc99b78d7da5

SHA1
d4375ab9c5bd726ccf910686b35f034077bb61b1

SHA256
e44bc9f84dc99f525f745da4cd613f404433df19c6774a7c5555345b5a3273f3

SHA512
52e4a7e281c2791d8492d27fe648023864415d2a0eafc1a67758c29b21ebd8c8600e0c4645e8eb2ffdf23c4e1801b8638c18b074e7f5a831428e75b10970ff95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7244740c-3c55-4d61-a886-59e9714f25b7.tmp

Filesize
6KB

MD5
a91de22b640073dfbcda9f4a16dbfb76

SHA1
615c861add987ff9a0a1bb1b553fb30e9ac51cf7

SHA256
4a8bfb76cf7c90d83c0ed660a6a5465b935b3b0aa63b9f45562635d00ddb3bb5

SHA512
b31b2d9f711b815f5f3d0be4ca644909b59120bb5010dd49f063ae09744235aa05e8db80da4534380e22bc40c09c2f743799bc9fd5d343d17be147dbf2754783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
117KB

MD5
4d6bd53561214ae424534f918b540f2e

SHA1
3e686657a828a0144b87f96cecfebabb1270bfc7

SHA256
319fdb5ae0d59f728eafb5bbf39173bd52cf53452454bbbafd5891087db5e21c

SHA512
96ae6110027e0e5ddb0e7daf93bcc85ac03811dee0b86dc3a8813cecbd14b72c556dd6d50e30803f3f59aa2cfc220128329e38eba5c981d63cbaba4f010207d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
86KB

MD5
aeee9f1489ee2e6db4f96ce29c8de265

SHA1
3488fa753056c9ca300b75d6f6270baf7e179c5a

SHA256
c9015f051a3ddccf6bffccb3658533faa17a44f4e95f4bfb75fa51f07122750c

SHA512
69cae8f7fd00bbedcd50eecc3d5fbcde89b3cc792ade0afeabc0a248a373442de8b5225c015b641e6c541e35030dc6b35399a026f59aa493cc8a97a9f8f47733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
93KB

MD5
c47d9089c26c4397e699d712e8942606

SHA1
8e134f1b1053b678a8c47e4f72a6b1a5d49bcd77

SHA256
be008836d7b6111ad39bf3100607be82866d4eeeb65326aef3e4bb993742c7cf

SHA512
42759c6fca42891edd162bf9b87c8686fbfc9f47e23a14c9f4c673bc33d111735bc3644e2703dd6fec3be8ed970fd756eb00143492559257c3212f40e44450bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
55KB

MD5
e7dbce02ad6599084fe266d48294854e

SHA1
5c755ea9e27dac93e3c5b7ad501571c186631e8d

SHA256
09e88b8252b268138adf8c7a0123d44608f31164e3e18af63f17adcac21fc6a3

SHA512
a0abe0aec37a3ac26b09d43f6785016e0021c2b02083e8071aa4f130b7f8e17ff03feea9af7667d0251eaf54fffab794712d0a2148d88ba9e9f41d9213d5374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
16KB

MD5
b3030fb26450db919cbe281a6ef24226

SHA1
1c7c4b3576ffa9a798f6b4e08f974d5811c9bcc1

SHA256
2304aeafc903500d8bbf81a6871d60f998756a2bc3cc0efb0a37e77836f35400

SHA512
5611dfe095b2e36a3fe19ac3b600cd639b5386943557f086d9d9402709f50f82ae55f65fcd3a180137e11486d804756b940c202da128e1cf9b223df27cfbc660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
54KB

MD5
a619ceec9fdde41c9dfbc551f08ee100

SHA1
efa1b942904d93284ab37c41669bccbf1c6b1e97

SHA256
282fd3e612ed5510145cf81c236ddc6436d3e1e6e07e7f02b3334df20170ddc8

SHA512
60f5e76c898dab1e5cacf561c505ffc677013d6a813a15ac8218414682b3ad371d6ae9e5071abee479ad96a38ea0c90faf302872a3eab4ff3b8481fd6cf24821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
19KB

MD5
651421320de5f942a6048b627fe38f9e

SHA1
21edf148140cfccad4b2f64fd93491cff578be30

SHA256
eddf6b9b64a30cd3371e73ee55ac867b65c7da580e51e79bca5f8bab8f7317c6

SHA512
34bbd7c1ebda4563d19172a16882586d8b3e03ba76e862680a90b5515186a91e811d835976cd06e5c5f1812eb1f90e38a311de40db3e43c94c2b237f21ec23db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e34ec16a5697d76abe5993d7a61ea53b

SHA1
fe89d2f72b078d3f1d8bb2e8908a058e93f5f17f

SHA256
7ae5cf4bb2ed57e2fc831d5e07c987e2a6165bc410b84a1b27d7f90e6430c54f

SHA512
9a9b97d6612e19aa5afbd5e5d9d81c9f342dbed7bfb3e1f5b5bf2434c9a2317518f3cd1e9ed29edfd0ecf0b9174a626bfa82afff1c54cb4aa019e4b49895d27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
985d2bd04203d2f98fc7ee6dacd879c3

SHA1
494265f59f292f60da678a09981f5e1b46164a77

SHA256
585240bb59a8f705b01b237b86041b3ebb86a24ee95f67d8ec19e8449dd722fb

SHA512
b19b18da46345731aaf2d96bf325a5b0a95d7f1b1bf5f7e1cb6d267a5e093d0fbb18da900b19a8a2c987ba49b388fc2bbf76bd75a8b879d8aa7c719f2977aa5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1575fda9e7bbb81fd162761b55140530

SHA1
c217e9a5d8ae6ef710ce47016e444340bb9f2bbb

SHA256
d1356371f8df4bb9ff917504036cddb38dca2c71969c4e7ea25eff4b7b499cc3

SHA512
abf565f5b88bdb69b51a9c3361e2052b197cd3d65cb20e97daebe213e549afd4c3e8d5a014ede97e921f50aceddd60881fde4684c7c18f52833663f94e8b2189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ecb2ac9107ba0a6502aa408cd678deb

SHA1
a60ef0fd94da994c7fce8211b4cae2993f6e2b84

SHA256
a4b223e39bfa4b962ddec94dbc69cd88f5daa47758cd81acb77b47200fcefcc8

SHA512
fae5743c2c4203f76908f260d79b082d46a017c2371dca76638cd6735320f24e7c644b54f0e7d300253bb7b15fb0ca6e6ee979ad70aaf19a21fb4e1401b2e3af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
069c0e7d06c1429068d924c7ec426c21

SHA1
54a6ed9e3a4f4092e7fb8292184ced4d609f9144

SHA256
00819fc1bdd236e1ef46663510b5aeae2033d396ad1d525f15da5cf41d60abb5

SHA512
9011020eae0e4c9c7c33a4b9be991069e0a9899580d3014b8aee5ad7bc28fe2b69734d52e8703dccd54b8ec746fd7ddb16ea277e61ecde105027ecf6102fd2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ec29bc7b5b1a5860422ee73a053c5cde

SHA1
3369863f6bc476612b41230d86c13fbfcc0f86cf

SHA256
0c4be486990e71bb167569a47f0d6e23b63605d7ac59a82031781a4ea12048ce

SHA512
e2be630228606f4cad284f421d96db33469c0abc91823eaca0a9862ff2efd3dced0e922d212120f1900dbb4905cd8ed9c30b38f66dce7ac058d2b6c1b6abf893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
519a6949e335b8c6efc4369d6ee7baa8

SHA1
89fa9080258ccc07619057358d09af60a6a0c6b2

SHA256
50e76f06120b7a93fdb8db90dc114cbc7e4d8f7f2c27b06d08bbead7657cc5d6

SHA512
6f0cc931fd45f50df1b1f52ed6230c5b89957dadd026232917c3dbb53db1afac113e9afb2db7806169097c7584835efed257fef7e0332b551f571d9a30ea6a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1530b697cf6e87ad0050e30fcdfbc9a0

SHA1
24d29156084d5ac334ca8ea018a3164ac7eea93b

SHA256
e544dc387259742ffa50470519a82ad0a0f6ba69db7210081809a6b9ed34e01f

SHA512
bcb1a3997fc9ba884c608fe4b4ad7a4e29846d62f8e356272b7f895cfefc5b5db2c633a662d0c73d8ed7a9eae86c0a30f05e32433115dd7648d0d612af0b9bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585985.TMP

Filesize
2KB

MD5
275639524801219e2278513021ac149f

SHA1
ec9418037ca3162adc104d672acaeb415f330dd1

SHA256
83cf5030b976f869bc11e24f319639b28e47903b777f6726e661a487a5fb8f3a

SHA512
bf4d5213616b0e19b8d56da0c1b4254e02ec828fe9131910c6fda9dfbcf17155edb54343a563a8906cdfabcebe563a939d873bb530f5751b3cdc9be58e67f5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
17f553f0f6cf31372817fd5ae22cf146

SHA1
df7a276388a40a85241f7319351301bff59199d3

SHA256
569e67f660d4f92122590df9dd56da74f5f75973b20f7983bf2d75b44e29bb1f

SHA512
dc8f779281efb942b5b504380d8e0ccd4aa355c5eb56fadfad76844e1c220197a007a8c444ddd4884f967afe9b8a9e93b893bcbd6f7b431e0fd8f391b3f49df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
adfd620e13762073ada75847acb1ca78

SHA1
9b72339f02480be2652e25673a55709d56bd1a0d

SHA256
9a1e2c38c43a8b6c2b7c54ca224481629f5d02e3fb636b28a947bcc23835db91

SHA512
177e3b04dd86a62c8f5cfc426deaab30e4eef7a8485a5c94eabe8f8d80484ed4860946323fc21bffe0693ae4ecec7c6f7442e9e0441428c66f39f3dc525756cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282150231\opera_package

Filesize
67.1MB

MD5
bda58bb8392db87864d2df9184b54ea8

SHA1
3670665eb16d682291c6ddaaa656aabff48631c4

SHA256
d7804ca3d96de2c8c5cdb59d2e72df6432a27b0f3777dcc78565094208832097

SHA512
10dc4036a0ee095b053de3ce280b9c6e3882888ec7a3cc38ded079b4c294466662aff5789fd05094b79e2d532f93f90896c4fc26d7b546d7991eeb64c5d0a84c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282150214474348.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282150285481236.dll

Filesize
128KB

MD5
6304290841b3ddcb0f7572b9a3a0c2f0

SHA1
f4e5735d6a9517b1088bfdbcb0e752f696c91d12

SHA256
f23088e959f8e1a20104679881992d572c2714e2cc9901e6ac7aaf1dfa7a4a0f

SHA512
d5eaca784d8277eede5ca23e1c4fdd6da4d1ef855c3ff373726e9c4ec5470997c8d0c63dfddafb092aca18c40f78bd799307a6deab02033ee1e5866618fc98aa

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
d77255de030775fbba8ba74f2a7f217b

SHA1
8b710e56a0e90f30ba9102b9e42d90dba7ed1d9f

SHA256
d9ab0925c8723d32bff2946d4bcfb928115ea0d1001b35550556e1073029e0df

SHA512
6067076a9cc6d38c83facd312caedca7e845727b9d47bfe03b381cb13824c7f0367907feef8ae4fdb518e4903f0a5007fdf42b3d8426381e4ad1f4fbb9a553c6

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.4MB

MD5
05f9bfb6c570e925f0412b9b52c6a74c

SHA1
bfa3b2a52bd76d4f2b162159232058e65a6d356d

SHA256
aecfd3fd36ea715c1583c7576217384d4c85a572628dbb58bcd91e961fe973db

SHA512
170a6e70d66ecb557148b13525c0f752b8f59a9aa6b88c720a8331f052765d6fac3aa6b56e3c24b6f95c0b1d671214bbb6ff4ffa471bc0ba9c62db96a8055629

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
704KB

MD5
c772b39b410b767aa157fc4d54f2dcd4

SHA1
fa380f2a21b3a2fe680454911a3624acd56e9533

SHA256
9660ee3b106a3bac6c34ce8c5d2490d6bd44d5bdd5774f7a1438739446cb2492

SHA512
4c2a2c2e4dad9fa2082b3d565043188f2c406fe6a6154da6e1cde8e7fb32aa96bce59ad3ca6de6a22402b983bd267d973f1e3a2d96a1a6fe55fd5b7957675dbf

Download Submit
memory/948-719-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download
memory/1236-754-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download
memory/1236-798-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download
memory/3596-732-0x0000000000980000-0x0000000000F41000-memory.dmp

Filesize
5.8MB

Download
memory/3596-731-0x0000000000980000-0x0000000000F41000-memory.dmp

Filesize
5.8MB

Download
memory/3780-799-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download
memory/4348-779-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download
memory/4348-710-0x00000000007E0000-0x0000000000DA1000-memory.dmp

Filesize
5.8MB

Download