faafb6b5fc8e8eee94d0a1e8bcfae6fc9f6deda0c30807aafd26c8355b5edc8e

Resubmissions

05-03-2024 14:55

240305-sav6vshd6s 8

05-03-2024 14:37

240305-rzgt4aha9v 3

Analysis

max time kernel
1976s
max time network
1952s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images (3).jpg
Size

4KB
MD5

62891adce3954895d603ac8c4a5e5442
SHA1

6161c473d886acb064a32740936c48b623778cd1
SHA256

faafb6b5fc8e8eee94d0a1e8bcfae6fc9f6deda0c30807aafd26c8355b5edc8e
SHA512

14b07635d2fe2ddd37917b3a6a6877b459b531002cfc5796c55b7f6417633cf795bd0cf712c745916f8b4fac335593e41141f3551a2959d9f7ae05ef1dbbaea6
SSDEEP

96:FmhhZtkSmoHm7H2g80pjFAk8g88pPslYdCUsJKvBii7ifkcqktOyYye6sSZJoyHS:Fwkf7HlG88841/JaB7iscROyzFlwyHrO

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 14 IoCs

pid	Process
5616	OperaGXSetup.exe
4984	OperaGXSetup.exe
5316	OperaGXSetup.exe
3448	OperaGXSetup.exe
2380	OperaGXSetup.exe
5296	OperaGXSetup.exe
1244	OperaGXSetup.exe
4348	OperaGXSetup.exe
1784	OperaGXSetup.exe
2728	OperaGXSetup.exe
1268	OperaGXSetup.exe
3280	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5540	assistant_installer.exe
4052	assistant_installer.exe

Loads dropped DLL 11 IoCs

pid	Process
5616	OperaGXSetup.exe
4984	OperaGXSetup.exe
5316	OperaGXSetup.exe
3448	OperaGXSetup.exe
2380	OperaGXSetup.exe
5296	OperaGXSetup.exe
1244	OperaGXSetup.exe
4348	OperaGXSetup.exe
1784	OperaGXSetup.exe
2728	OperaGXSetup.exe
1268	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000002361c-951.dat	upx
behavioral1/memory/5616-964-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/files/0x0007000000023645-980.dat	upx
behavioral1/memory/5316-984-0x0000000000D90000-0x0000000001351000-memory.dmp	upx
behavioral1/memory/5316-988-0x0000000000D90000-0x0000000001351000-memory.dmp	upx
behavioral1/files/0x000700000002361c-995.dat	upx
behavioral1/files/0x000700000002361c-994.dat	upx
behavioral1/memory/2380-1000-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/files/0x000700000002361c-1006.dat	upx
behavioral1/files/0x000700000002364c-1020.dat	upx
behavioral1/memory/1784-1036-0x0000000000790000-0x0000000000D51000-memory.dmp	upx
behavioral1/memory/1784-1038-0x0000000000790000-0x0000000000D51000-memory.dmp	upx
behavioral1/memory/2380-1041-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/4348-1037-0x0000000000420000-0x00000000009E1000-memory.dmp	upx
behavioral1/memory/1244-1028-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/files/0x0007000000023650-1025.dat	upx
behavioral1/memory/5296-1002-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/3448-1054-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/5616-1061-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/4984-1062-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/2728-1071-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/1268-1078-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/2728-1085-0x0000000000F50000-0x0000000001511000-memory.dmp	upx

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{0ACC9654-265A-4881-8DA7-856F44D08B62}	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA	OperaGXSetup.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 94688.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA	OperaGXSetup.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
1188	msedge.exe
1188	msedge.exe
2912	identity_helper.exe
2912	identity_helper.exe
5132	msedge.exe
5132	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3372	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5616	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 3140	1188	msedge.exe	103
PID 1188 wrote to memory of 3140	1188	msedge.exe	103
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4940	1188	msedge.exe	105
PID 1188 wrote to memory of 4480	1188	msedge.exe	106
PID 1188 wrote to memory of 4480	1188	msedge.exe	106
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107
PID 1188 wrote to memory of 4164	1188	msedge.exe	107

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\images (3).jpg"
1⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb4e8146f8,0x7ffb4e814708,0x7ffb4e814718
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,6719189219343638339,17840755298899935905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6036
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:5616
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x74cc61e4,0x74cc61f0,0x74cc61fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5316
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5616 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240305151139" --session-guid=a9b524ed-7227-49f2-ab00-265c4defd018 --server-tracking-blob=NDliNzM0NGU4ZDBlNzRiNjZhNmY5YTYwMGE3Y2RhZmQwMzhhNDE0NTdkZmVhMmU2NjI5YzMwNDhkNGI4ODY1YTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1iaW5nJnV0bV9tZWRpdW09YmFfb3NlJnV0bV9jYW1wYWlnbj1PR1hfR0JfU2VhcmNoX0VOX1QxX0JyYW5kX1YyX21zYWRzJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glMkZneC1icm93c2VyJTNGdXRtX2lkJTNEJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX3NvdXJjZSUzRGJpbmclMjZ1dG1fY2FtcGFpZ24lM0RPR1hfR0JfU2VhcmNoX0VOX1QxX0JyYW5kX1YyX21zYWRzJTI2bXNjbGtpZCUzRGI5ODlkOTgzODhlMjE3YWMxMTRkYmM2NGJjMjIxZTJjJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZ1dG1faWQ9JmRsX3Rva2VuPTEzOTk0MzQ0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NjUxMTUxLjE5NzgiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6Ik9HWF9HQl9TZWFyY2hfRU5fVDFfQnJhbmRfVjJfbXNhZHMiLCJpZCI6IiIsImxhc3RwYWdlIjoib3BlcmEuY29tL2d4LWJyb3dzZXIiLCJtZWRpdW0iOiJiYV9vc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiYmluZyJ9LCJ1dWlkIjoiYmMxMTczYzktYjk0NC00MDU2LWE1NmItZWNmZjQ4M2UwMTIyIn0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=C407000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:2728
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x723f61e4,0x723f61f0,0x723f61fc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1268
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xe24f48,0xe24f58,0xe24f64
      4⤵
      Executes dropped EXE
      PID:4052
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:3448
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x723f61e4,0x723f61f0,0x723f61fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5296
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4348
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:2380
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x71e261e4,0x71e261f0,0x71e261fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1244
- - C:\Users\Admin\Downloads\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x380
1⤵
PID:1528

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5768

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
acd3f8bcdca044e4382c0bb6246b0234

SHA1
1c83d89a3c40835a82f06e6bea0af86f52901bc5

SHA256
cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25

SHA512
3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
ae6fba4a8a4923ae8fb23bbe54365bb4

SHA1
fb04d11d5f8433a5149dbbf05323cdbcbdfaf3c5

SHA256
d3effbeee1babe87697c39dab95237973aef8f4755a273b3a04b6585d927f7f3

SHA512
275b997c5819b5c360b1f5f1a8239e6f7e1631a0c75677a4d428c8a25e03400314e8eca58f54af524fb93c3b609b7c47e60ae05a7ba874651ed58b54281a2ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5b734867866f05c4b924d9abc21cd2ed

SHA1
727bed7ae0bfd8730a240e7e28bddadb231c99d9

SHA256
d7e0b9c8d79b4cb6ca1011ac3c93eb2bc65b6b341a4447f6c7406c52a24f2706

SHA512
8c9b3c2fe646912aa70c27802a36adaed8d11a377df540e2a7bb6771de66ca4b95603f9062d96dc81f515bc282c9baa5372882de5168b8c73098a0d2b527dad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e86132fc2e93a41e4524a92fc848175f

SHA1
3acea717cd114e10f90618d4732f925833c236c4

SHA256
8778c9b55dd79a1fafba34225f26daa40866db333c3348a208d8b64ba1241f27

SHA512
10e1938fe20158af25259e483ce28acefe0e8ce835b59f1356e869ff8af3b744437cab5f6710e63fce1f817964c30c9b94247b0329b6445fbf18310eee4729c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
5a68dd45ddaa5dc767d7e38a35785449

SHA1
8a68bf099fc506b917498bb41fe6d0963eef364f

SHA256
48c9a010addde4c467c413c349e65a757180a3334c1c51cf8493d1e0a128b2fc

SHA512
46186f56614705d2c860bb0c3964fc182e6c2f38530e672d0bc1f0f8bb490b1a6b28783510c812e4d9610a9f28ecee4bab92ed1ff6fa95e980bdd26287f5be56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da58f00c3f367a2506693decb50e88ea

SHA1
6b0c90ea888421b37276e93bd9bbff3930a800f4

SHA256
b963256ed01b73d0657497b837e86578eee6cea1f23b228afc9a23b7d2280614

SHA512
79e41b26256839f5af8732d76e34c08bcac37ed0f1c89c702f8955e2a013e7a281a14a6d317b3dc7c2805a9c267c08d9caf98db395e53fc834da0d76f162afae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f8899870188d759a60836e9a24d1de1f

SHA1
23c2545423ae8eabb09c280de9b944c0ae54dc9d

SHA256
c8eee8363a0fd4741353384c019e37b165d1cbbfb65585a573f1cddee6bfdad4

SHA512
ba192e864320ac59b8451c6289c208d8434ae779c5e21920bc5a738baecbbbe10f8c2b39bc5c7d40fc8bef07fdc5204f7548b158aa590d821fc99cbfa703376c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f100ccb40ff28e6bd44f718713efc7f6

SHA1
213da46ee419ed99b412686e6bf32535489a41ab

SHA256
a1dc6e944a0bb2c7912f1fa34204cdb530679565efcf929f7d094de157f7c549

SHA512
2d2dfa79937a368e97eaf9576050226c8b7ebd968899e78b62800531ecde554b0d958d83b207bd9d3e61d5fdecd35d95f3e48d1e666699eec9dc3aae61bec318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e9014d9386fe16154a8433840b96c78d

SHA1
d7c582cf4db5106a81e4f85398f174e8a8f2bce6

SHA256
fbca884b45a9a1847be9de06cc14d1b781110b7338c28fb814e4f49509d82f1d

SHA512
7a57ded3475deb72b04fe7c2631c595a370147c4b11c47e01cddeb4f9af210d2f50031817ff6efe4296c54aca25cac4a56fe9fdd8a56b719490635d598fc5681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ede56e7c4e22e4661d43b49f65a8429

SHA1
3a7d905a251373581f564ab15070e02cad5fdf1e

SHA256
f6604258eff4ff4d00105fd9e11a18ef108d738418fb34f739b8e9d7b530a237

SHA512
6d060f424b0baab48bd8125fdd4009537fa7a0d61c220d596755fe33b97f986056cb146f706986e344ac2c0d6de455183d2cf09b0856521805b80823daa1790c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
275bd7b5bde74424a273d27aca89f9ff

SHA1
b07ac170e0a6aab527dd9b200ef7f11163bc5e5a

SHA256
bfa025d78916996dd9f396b2f87bb137036e57b41c2a7e1e2bba5163df4b3e4f

SHA512
c15962dc0d7e1072db160c17c8b7005eaef1263b5484d6c23b1ff7e635a0f30a0f8801de2997a8deb3524502d651e28676e9d933f9914fa8a9b6df92c91546b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d3210201b54cc4dec28b6b44097e6d5

SHA1
27d2527065495d2509ef78f6a138a61da7cd6f9f

SHA256
e4869e1c9e67c1ed29a96eaf3bd589f5b8b814858c0b0b951f36c78a0ecee12f

SHA512
58843ce8373f507d94d1dc29fe9220ffa6f0ca828efd8fc556f34894bf84b957e9075701f2a5eb8cc327a7c125fc9b84b934a0542987fa03b083d542079fd1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86bfcddc5878cfd6b17df74036e8a336

SHA1
20042f3fe52f11a7533068c35e1314c0cd0ce4fe

SHA256
eec18610fc1f48536d0e147b1f55ad81bcec21114fed19cb1a77717ece85b25f

SHA512
fa80b4256ae7daa4460b41385be5e3e198edb911d2fa9fa43e0fba4176dfb9aa23ab6ebde39f68e4bb283e1345f205f0a709757d6087735c26e79dcb1d114a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
73ac507c9d1e79bd3392896a7e1b10da

SHA1
daa1c821be82246547cc0e488708940c3d41272d

SHA256
10dfaf0f2d392509cdf1397ba5582c60bcc119d92a90a26245581a40f29ee8c7

SHA512
778ade05d34b21fde3b74d732237286bd94c89f25278509faa4072e661a514dc4917ba0d72e3b1c0d6fa55895dd25d7f2633dfd9c370e020742894840cb45f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e6bea9cca4bb30de40f0629c35c2534d

SHA1
cec0e1918e54e3caaf4de31ff07b8e61bb903028

SHA256
d404258a61fa175c639a29b5fa847339802fb5eb9902a1888d5220ef6a47f570

SHA512
6b4d9b9aee4d0e146918f3c88dc4835d4b32f1b5f7c0f9205ef9799e0e0c2b44d973cfbca11ff8997350ac56e1ba200cf6240520e5a5ce3622340a115e96bc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b18fd15b390222304892fe43e9a80d8

SHA1
0723efa0e7a3c157f76de1a0c88b5a42cb37ef4d

SHA256
4f5b4f4260e3889678533667a2d765183ead2d14ea7b16358b563a31fa04e11b

SHA512
5ac1f79cdaddcbebf475e9abaa83764769ab73d3ccc7e921e5fd9ead44a2864f230c2f06f6a6fa6b91827e78757d81e35a27d9cbf8c0c9d44b237694eb771f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fd8ca0101a3e81152b81afa6eb8ac41

SHA1
30e0d648d2e19b463b89d5a3d42b91b6c74a39d9

SHA256
ee55096f60ce6b0df3eca6449e253bb7868511ed0431e091e21900dc6d550f20

SHA512
83ce66dff831f86fb54d6455e6ea9da34021619ee0fc48f1d0c95149d8681ce113c282cbffd8eb7562a8a96022305d6e4eeb57c0d52712b70c3280b472366619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7eac7c7782efbe3cc02af1b913be5603

SHA1
923041c76450ecff3a83739e6eb9db7a9b6465e1

SHA256
3f28bedea9f32462e6e40191ae65d2a91c04f790345225252b5bc7d2399e91b8

SHA512
dafc099fff81d63d4b8bde7c712843b358e0668cd5052d122d33e6ae713f4274708d454c2eea677610a90a2afce27b4cdaefeff3eb8c5b5dc4b54bd05550f37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
faf808881d86b6f6a918e035afcc28c6

SHA1
2403e8673f45c95d025f3fc8eded7e91e5463da5

SHA256
c6e92629fbe352668b8d286644cd4c3ad91d4af5887ea08cbf2297db096c32f0

SHA512
c17f8c9a3f56f8c37dec809582f3cd111225b9d89bbde86ff6e90b4c431798a8c1d5dab0b8d308abea1d7d6b065d5b0ffcfe2c9c611769c979015d7a2fb0193b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e7947d75479e3eed5c27ba19efc1dc0a

SHA1
5bd36e35c8a76235aa374e3027871ff3108d070e

SHA256
a7879c74f6fdb848eb20ff84517c87fb60fcf1c4f16ff650fe3ec61f0e7fe480

SHA512
a873bf7dfcbe2230a2314fa54f4b7b9d3bf898f65bd715d18cb23e42d602a29cfe4ccfba717c9eec49a87af995525351f0c834e96d32f05b3d069d0ca4e70546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7edac3defc9b0f1fd6f7aa7df05332ab

SHA1
25443906b0f8f688f41da44a16c7717c40da8af3

SHA256
9009e717f306785f8f73e1f94c54bdbceb308ba810382387302b761068426391

SHA512
3eadca5f71fd89e4addf1a120fc6a5731cb688b8a4988cc37305ee979f60371b3033f9008df7cc3d6c628c323d9c373f856b7964b56a014b838f99ffceff6d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d33a35f702b7ab801aceefd4cbb26ed8

SHA1
86d248cee7205ae0ec8cf6deba209b5c2163663e

SHA256
c50b3c5a0e7473652899e8e29c9522f695331dce69f8edf48a9957d29db026d8

SHA512
e69a46fed4f86ad774d33d38714cedbeeb672df5f8406dcc1510b4f997e80a3ac3e5defa181c4d713231db4f380de3d2e19059528556a69e19317aa40d5010e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a454.TMP

Filesize
1KB

MD5
ff96d85c8129bd9d3228bb4e27d17db1

SHA1
177d4065e0b941fd7bb751181548de424fff97e1

SHA256
f28c9d0f93e7358929be5f5c8319741b05da86cf26e37aa2ca7572bc77bdea16

SHA512
cf7ec4e97c47f7e6a32388821c492a08aa8e9599748bf713bf11a2a4f2bdc5bfc9ea3c4f53220311ba835c4525e66189e51f76aeedfc0ba593ad20f46ae115d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aab0516212cfdcf127f5048f8ca92adb

SHA1
f9d8a723356d3c82daae1aaf4e40da8ae5f55bde

SHA256
1c3611ec1b33c2d05bfcc4b0aa2c5eb6c185ca7df345c45b376472be81e0f346

SHA512
5c17e362d29a48627f4edf2d57edd0b78b26362ea034156cc16c23eb9ababfd747d86258001c55d155818ebbc5a2fe87e30d441c955dafa58ba49504f2a06475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
45619b3ebbba567a12ee0b55207ac45d

SHA1
81412c11604c885aebd6e7346efec46cfab3bb58

SHA256
a433189aaa768d82d66dd2865217f19fc0f984eb44b4cf314c54fdd56ff0b77d

SHA512
2fae85c1b51ce28df440efc4a4ad402286cc60aa6baca5c6f3e3ac1ad82aa1851c9e6329de5dff619e4abede982bbcfad27595361f3747f3e6de225ef507289d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
2.6MB

MD5
e21cf044230b0be059545ff8d227032e

SHA1
bf90599e199bff861e55c74330f2036750477c3b

SHA256
4d10ceb7b2e9edfefd22924617092d8de735c4782f35c25f1c4d8fc17226ae94

SHA512
ae7d06dae60f56941bc4854f56a4f11353bd050bd87ecca3733b6e141b5c9816c51b45c86c4b10d6d927cca8115836f51a55413be902ca9050266897b4e6b79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
896KB

MD5
e5dc8d4cd7016f2c26ba1ec3fbc736a9

SHA1
ebaf60912a18c1a4c15049c7bf4a55c16a34c4ec

SHA256
2f7d95c3e31742310fe3b02fd253d8def8179aee464e3765df5c9827f3000c8a

SHA512
5b23db20a437a5c2a9882425b1edf2a631a03f430c4a5f90e694bbe2f5d00bea2e47389ba868f273abbb98ef27e908d53daae5b9f4b3c8f16141052ecdc58832

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403051511391\opera_package

Filesize
56.6MB

MD5
b245f8dc67f06617e0798b7fcb127d54

SHA1
66cc88d6cb98fd1a745e0a4c7d30f42167690f65

SHA256
d6722e748ed80297be2abfeb78ff3fb0bdd4a89be9301d9fbf517f695bfbb182

SHA512
61e54f4aff3c0c10836e8e8d9aecf0330bf852731b5f7b7972228cf478ae0e5cb81f77ce71876a1097f86351041290cca8ff426b0f072a137c819e62332ae893

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511371815616.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511407773448.dll

Filesize
5.0MB

MD5
d210fa482bf6b3ff1a28c74778bb46c2

SHA1
4c965c0a31aa1133bb8b02a734139fe324d41758

SHA256
0076056fd7b51b404ee881eb11618876adfa6644fc8e66a24aa1caa26b69436d

SHA512
e90958eeaa256c94dfd73c70bf9ef9f0483d377e1922cd77e148c2eada3c663d7b42efa0b0ce086ff9a3a999444394fec1f943def42e2dddce4f130b43eb5d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511412122380.dll

Filesize
1.3MB

MD5
823b460d0f546453716a521d782be750

SHA1
ad07c7b7d1d95080bc7f80841dddfb112dbfcbb8

SHA256
d241ec9a60a70319bb7b344a78df4867c9fcbb0c993225d64a3d564823daf8d5

SHA512
03b27f3496c280e46706db965c4c6119f26b7b769bc05e5db0a7d19986533cc95863649e2aab9caabdf219ea31cfad61f2dce71037b71c5ddbcc9b5888c3233c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511413255296.dll

Filesize
3.2MB

MD5
542620e790316b4f054448dbf1e2fe46

SHA1
c8d42b6e5146ed0b1e6e6db8e5d4df7c7b415a82

SHA256
09414fe5a4b82b5e76732116be19bf96537a940733d4759a99ae3446d1620bcd

SHA512
6d576014fa96954e347ebd71d913b4903564e7d091113d3a6b258c428af9c29d546da1f568ee4225c05fb101abb1b61ea26ee670b61b8c19c11758c6192fa0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511414411244.dll

Filesize
2.9MB

MD5
568ca9aad276c77acfdbd14ca218ae3d

SHA1
deed1c85576adf9a790d6bbcfbf359af1ea804ba

SHA256
fac7b09cf47ff585f07fd51ec0cdf783b125439488e1d00461d52fd95b1d9407

SHA512
5718dc194e6d8813293ac6155d95b20d474157a62d11bcc4869582857598ae15e1544edcea3625713b9bd6008d42286e592b79a0c17828d4315266de95720e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511416234348.dll

Filesize
768KB

MD5
14c2779ad28df5ae24f2b2712c424bbc

SHA1
7348c4903b43c881c2d0f0e1694f20ee85b68f8c

SHA256
f74b842efb2625a116b7bebe80c9b1285ba56190c8762845f667a39f54f434b7

SHA512
5642881e71a826acac8b2f0fb78803965537573415a3c4bdd48b1ec679eba851fdff4fd69db33f5dbaa60e256c61a22229d90f65c80edf89a1b83d7d41f5cb9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403051511416881784.dll

Filesize
576KB

MD5
a072dbb0363ac861599709c9b869eb59

SHA1
683307c17d66856110c91a8356998dba22044dae

SHA256
b1211d866bc1a18edb90ee6a5ac394c473590424ec2a757b3e03999a7014e22a

SHA512
b58a938703554d2a7886e10b81ef0a3fca8eb003974915e64176699dc96ab92aa5e2dc8adadaf73df51b10bb855f011cb7bcb51bf5440e91fe00ccb2f475b70e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

Filesize
4B

MD5
13151c06211a8b83a99dd5473ce792c4

SHA1
1edb39d3cf3692ef01fa95148b51edb0e447375c

SHA256
133f734010e65076c25860408db2e1009dfe009df1c4964aa8fea0498514bed9

SHA512
bae611c39bf75f13b07c282535a06cdb4a1cf0087fb9b9e283747b71e4680fb7a8b64c749417ea1b286f158052d487329fd656962ee755c071258f4731e7f317

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
cf90cc96e5ec1f9267a4b39e97e3d657

SHA1
c42a0b7ec4388b8eec13c4f87bf160aecbfd6f8f

SHA256
4842808326be741c14cc595227d050dee1696b285e7d0e9444d410a6fca31348

SHA512
e6030680786f5940eec655e63aab293a08088a5d3e1f014c73e2dfc27cdb2aa794fbdb62c6c1d2b5120587e53f22caf8873964257d2b31bb488ee7636dd43ea1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
e5b5676539cc0bff266fa7df3cd585e9

SHA1
96db15c9aeb0d3c43c09394ba04ac7f87dae87a3

SHA256
cfdbf673587307baa6b4fb713aef2a6002729566196b8eb3948b9cd856d27091

SHA512
1599b586a21b4314ccd74605fff6758de32e48fbc283d2993002d24f8c88e06a3c34e876d8ed279092d7c2ee0f388970893740359f45f0f9d12d7436722b5153

Download Submit
C:\Users\Admin\Downloads\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
832KB

MD5
73a2e12ff2997da6c8a79ed062ec95bb

SHA1
1362d0fd15e6f2625364fb7bef82781d7ba48afc

SHA256
6b63494ce8c3b8c97f8838c8d4f41f18b647eb0248d9d8d4613d7c3e75dfd073

SHA512
b9a7423146e0fe6d9f16246f01b5a99852cbd0416079cb865a3e6ce59bfdb2606e3c1720d8dfa3e982ac3e5a0942477889cc55e6722931151d1b710d56f2c072

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
1.4MB

MD5
9203ab0ab7c83f85cdce983df33e4e3e

SHA1
9fb0dd3318be87f0f4fa70b2cfee0bafb6c87827

SHA256
8454b6bfb5fbf5edad6c767da13470c0ea21038ff5e82d4d8e43b2cc9d1d5c1f

SHA512
55568fbbf37ce4ecc7cc657bcfd846fba1fbc7675527f3422ea1f0cda0404cbcbbc781266edfe03c7cdcbc7e0901b2f518533e6b4ef69d023b2bafb19c42ccf5

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.4MB

MD5
899099b83e6bb5f5f613cb2f0896e7c8

SHA1
553d262a420912326a603de166abf089b67ab9ac

SHA256
20981f111c4c6a59e5f9095d34f7ce999631d4975de36967718ba91d93653b5f

SHA512
545ced52946500e92490c776f861205027871d773e388a8d2d69be76e992eca608bc91292e149aca8cef4cc20b118417a60a26ea0c74f05033b2e9fc080b9eb5

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
1.5MB

MD5
d8272c89ae46e9b5b6fa1fe04bc727f7

SHA1
d1c10f0a55f9ebcfa9120bdfd9b76de445bc8d37

SHA256
6f9170c5c19298772d4551fcb20c59008feb9173bd9e0e683e73b7de4e096220

SHA512
66168f13343bc607d1f78c9ae3afa2126a8d704de5d33c384c2936d87b96d2339de0882314cdc003cf5778af90f3fdc514c336f6fe147c97e8e66bd42b0e84d0

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
2.0MB

MD5
44ade8fc07de003f6d81a12bb1e128ad

SHA1
2f470f7fb5532334c068d60baf6aa536909b3a9a

SHA256
7728616451c4066fbf6c757f1dddbabb5b0c68af4bb15f91b0e75330878885ce

SHA512
c483e27fac70326d2036f5f5694168d7bb4e15e63f80cf6c7e8520359b293c06365f397f2a962b097bd4d3b8ae4cfe5be13ba3d967d6ab65193b731de61f911c

Download Submit
\??\pipe\LOCAL\crashpad_1188_AVUIYXCFIHUBXVKS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1244-1028-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/1268-1078-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/1784-1036-0x0000000000790000-0x0000000000D51000-memory.dmp

Filesize
5.8MB

Download
memory/1784-1038-0x0000000000790000-0x0000000000D51000-memory.dmp

Filesize
5.8MB

Download
memory/2380-1041-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/2380-1000-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/2728-1085-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/2728-1071-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/3372-515-0x000001F269F40000-0x000001F269F41000-memory.dmp

Filesize
4KB

Download
memory/3372-496-0x000001F261BB0000-0x000001F261BC0000-memory.dmp

Filesize
64KB

Download
memory/3372-514-0x000001F269F40000-0x000001F269F41000-memory.dmp

Filesize
4KB

Download
memory/3372-512-0x000001F269F20000-0x000001F269F21000-memory.dmp

Filesize
4KB

Download
memory/3372-480-0x000001F261AB0000-0x000001F261AC0000-memory.dmp

Filesize
64KB

Download
memory/3372-516-0x000001F26A060000-0x000001F26A061000-memory.dmp

Filesize
4KB

Download
memory/3448-1054-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/4348-1037-0x0000000000420000-0x00000000009E1000-memory.dmp

Filesize
5.8MB

Download
memory/4984-1062-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/5296-1002-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/5316-984-0x0000000000D90000-0x0000000001351000-memory.dmp

Filesize
5.8MB

Download
memory/5316-988-0x0000000000D90000-0x0000000001351000-memory.dmp

Filesize
5.8MB

Download
memory/5616-1061-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/5616-964-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download