bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
Size

3.4MB
MD5

4549445a51481f7585aea2867711c7da
SHA1

644adbb7671866f24589da05285df8182b768121
SHA256

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf
SHA512

727396f8421a83faf5959b6045abe303f7e2a3f6340b303740b570957b061ccdba705912f05940b5966517a7cfefb799596fa935eaaf97fca1c73bdda0e9456b
SSDEEP

98304:pWnL1M2XNmcGCVIps5phuIMAbvbJaJNQqPAbsU8968Vum8z22:pWu2Qcvlh9vbvWobIbG3

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

pid process

2932 bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

pid	process
2932	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

Loads dropped DLL 5 IoCs

Processes:

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

pid	process
3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
4828	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
2932	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
724	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
4252	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

description	ioc	process
File opened (read-only)	\??\D:	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
File opened (read-only)	\??\F:	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
File opened (read-only)	\??\D:	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
File opened (read-only)	\??\F:	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3260-0-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/4828-7-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	upx
behavioral2/memory/2932-17-0x0000000000660000-0x0000000000C20000-memory.dmp	upx
behavioral2/memory/2932-18-0x0000000000660000-0x0000000000C20000-memory.dmp	upx
behavioral2/memory/4252-40-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/4828-46-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/3260-45-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/724-50-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/3260-64-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx
behavioral2/memory/4252-76-0x0000000000510000-0x0000000000AD0000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 838321.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 838321.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1732	msedge.exe
1732	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe
1732 msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exe

pid	process
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

pid	process
3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exebae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exemsedge.exe

description	pid	process	target process
PID 3260 wrote to memory of 4828	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 4828	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 4828	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 2932	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 2932	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 2932	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 724	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 724	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 724	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 724 wrote to memory of 4252	724	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 724 wrote to memory of 4252	724	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 724 wrote to memory of 4252	724	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
PID 3260 wrote to memory of 1732	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	msedge.exe
PID 3260 wrote to memory of 1732	3260	bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe	msedge.exe
PID 1732 wrote to memory of 2056	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 2056	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4620	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 1572	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 1572	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe
PID 1732 wrote to memory of 4800	1732	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
"C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
  C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.86 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2f0,0x300,0x7553626c,0x75536278,0x75536284
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4828
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2932
- C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
  "C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241121092123" --session-guid=f82e94d8-94cb-4aad-8896-8c649e408965 --server-tracking-blob=MWY0ZjA2N2JjNjVjNTRlMGZlYmU0YjExMjhlYTA1NDIzMjczMWUzNzQ3MmQ2Mjc3NTkzZjM2OTQ5MTAxYmI4OTp7InByb2R1Y3QiOnsibmFtZSI6Ik9wZXJhIEdYIn0sInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fX0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C08000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:724
- - C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe
    C:\Users\Admin\AppData\Local\Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.86 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x7295626c,0x72956278,0x72956284
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff709346f8,0x7fff70934708,0x7fff70934718
    3⤵
    PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
    3⤵
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
    3⤵
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
    3⤵
    PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    PID:2904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
    3⤵
    PID:816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
    3⤵
    PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2316383275384655942,14729253185535025618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
9b6f0b77bff65f9551073227eff69131

SHA1
905e40f06524616c3237537d36f3812cb6be9048

SHA256
43657d6e16eac641699dc97adc7c36cbe4feb08ee9985662991f518683ea1009

SHA512
9e1cc0720f6e81d6da1203db29d8c767b027050f97484336f5fd0f3a01ec34b383fb0ccc2e35ddafb293e6fd4c3eb861b32241b962eab4226045ca94c26c3d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
2aaf11132879d8c2b42f57465f854abf

SHA1
cba36bc4067f4c8a6cc14b50a24b51142432c5e1

SHA256
18bbafb9e2a6ad48027495efa487c47c179933cc2cd92c923c191207bd101172

SHA512
1d370c979d7513aac4abb79ecd2650da180e07335547b997c0a26a3f4a8bfa9851710f82c7e1b3b16baaa01433422151d0af940e4ae0e08ff65e888c5ef5cc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
b8846f96648fafc9db6a9057473f2a08

SHA1
d215548a3eb9c6bc1465779219af0fdbe3ff4388

SHA256
44b6733fe3b468dc1ac7090b220de4d815f6f05c94948a68820ffd2a65337aee

SHA512
7dd8b32ed8fb9c4c8686e85fbd120cfa37052ee121e8866fc54a717fac52bd7a182183d259884508b29822f9b4060c3120929ae7588e527ad578e27f83e9e673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
b8c9b1141c3277e48c713854f7bddfbc

SHA1
e35231dd1cba780857b7711f00543c55a5e9cd6b

SHA256
1833a05b9d1f4096ebdaa7bfbb6b4d5ace219b1b21d42aa1ece4a35df581cd84

SHA512
2413034eedf286fca2823a8a336b472465a7da23d969fcfa1e53a9cf115bfa3ca84f4c64c8886f0cd3c44e371d95dbc42e86fb3c6f10011028f02a7204462d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
49f3de933c5c17a2be90c507ec9cdc35

SHA1
10bac702273f3bfab614b07a6f7e6b5048738cb1

SHA256
dacebe1e433d7392574cab4d29031b8698d909f7595b5255728017e9eb831a3c

SHA512
78043a0699dd5f0d4e475daeaca24c4eb11bf5dc4b770bb2548704ea5fb083359aae31299cf029420eb1360f295632378fe44f12adbf0422be83d6714084325e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
13c71c8027b5c0d22fd516fd9a7f2e7f

SHA1
fc856af99f5a2ab9c3d7a1a33a90ac0124f6b586

SHA256
918e3bdce998057bd4d2680493929b886e623fb9689a2a03a35742b7590c3310

SHA512
3dff9430f785acbde87cc0d4187832a1f7916666b69e6b52d8be4c951ecc577fe153c19d7827c903f9e0f2500c136d4b5ad05f489e953871b3b4cb0584b0f698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7467ff3089ddefa7beb9492b896386c5

SHA1
2cf9df4c540473780efbfe86f37c951df9ace596

SHA256
3e53ada938d9f3f8a06c94ff39d9fddad1e8cf70c6dfd3688f7e811261924617

SHA512
0f3a9b7a20825619ffbf9117f4a034886daf647d5d3337d33bc4dfec017432930946f68a47595eb40c584356e11cba95be36e3b91674cdffab7c9fc9d9a461dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e393a4804b3e1df7a92de5d17fc615d4

SHA1
3f2dbb178a8a2556dfd9486d530014b9647605a6

SHA256
b4c76e627b33bf48c4f69bdbfe622289775eec58dbf86d23eecd6a760ac97f52

SHA512
cee87e931a08a8eac888b9608f9324afc46b33cbd677774b2eb4468269288ac3cc905087d507e6243b4bf21f49c6d22b1db9f58a67fbfe39a0b2c72f73fe7b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
599b4e8c29d77b6daa24da63617809d0

SHA1
bc7cca770acb1231c8377f6f6e184ad4b3cda8a0

SHA256
22abded4743814da22a930149ce1b1d4e6f4620a3daf4070ca0424cd6223a6b4

SHA512
10d65c74b5e974af9ae52cd6f0f9eb51ab9009abb6c00c1061f03e310bc4d721ddf2e4c2079026af9dd779e7d13fa5327070902f0cff9d053b46ee1d1827b93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581807.TMP

Filesize
48B

MD5
1fd4ad433ed00b369b658550568cad1b

SHA1
24175738d4d47497e5ea94423693aa419d9133c1

SHA256
3abbfafac8586a44d880dea9d3cfe1acdb58f9deae765b62193613cf338cb7a6

SHA512
7f844531cc3eff5d3df611f91380d0f0ac4afa1953489872162dabae40d206b911671fa9f94dadbdc9140242a4467795ec3126656d014303562e213b5cf378b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
31e1c2a8c19815f977c64b7d4ff43fa6

SHA1
f42a71abe7a9b1a3bd104e1b4b3daf9b848ae4bc

SHA256
9e54c7374a0435309722243fde7e96be9389fb0eeeaa7479ab713aeea7c9ec03

SHA512
a76f5adc2fab0e4eed4319a5c37c235dc4f0a588cb98f704710790a50815022e84eec5566a60e333962e2ac94225a2be0f2e112d3ba15180e5c5c291b1fd348a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
115dec6527a2293e43d4b20a35f501c2

SHA1
09e5397e97d36abcaec921de2f7d8f08745c9333

SHA256
14c350fa2bd21330bb5d02d5e0d6d0886561b70e9e26e7c8685aeaed68e59fed

SHA512
54eafefdbe28338d2ef8201e644c9ab05b2e2fbb186edec93576fbf353b65c6ea23e2df01a84495639b23ef85210f7209bdb4fdc2dba7123137060f51cda7945

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf.exe

Filesize
3.4MB

MD5
4549445a51481f7585aea2867711c7da

SHA1
644adbb7671866f24589da05285df8182b768121

SHA256
bae82162306a46262950a431a0c2308866e7f317f72cd5ed657478739db9bfcf

SHA512
727396f8421a83faf5959b6045abe303f7e2a3f6340b303740b570957b061ccdba705912f05940b5966517a7cfefb799596fa935eaaf97fca1c73bdda0e9456b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411210921224553260.dll

Filesize
5.2MB

MD5
7c4c89e7a2b29a8fc7c24fd158761f5f

SHA1
f05bddcb3df1811d104939192510d7afce5bf9b1

SHA256
b2b0b0372fea8c706860f531099234dd2e90a5648adba0e540cb1eeba6ea0d99

SHA512
135bea3366b56f78d78d71969f8ae09fca130339e8989480c29b9970e35c9ed81bccb0a26e68fa572d254d2434f10c28e200baf2044248378724fd471483cd0c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3dc2adcf920a0d14f639c138708b8610

SHA1
ba2edf4097de4639e5cbfc62c6c2b2bd9ef9f1a2

SHA256
04e6766c4590a938193c298d92d810c27fdca52326e594cc602b2d2469d5356d

SHA512
637ce1e19dcfe1cf49b933715ac707f6ebcba9c6df80572ea53238f071bedc1961fd6ad0326cb01a8a2e1aea16020ce6fc83d8b2d00dc85b1057bb94f6e99c28

Download Submit
\??\pipe\LOCAL\crashpad_1732_QCDPKZFRVIPBNVHS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/724-50-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/2932-17-0x0000000000660000-0x0000000000C20000-memory.dmp

Filesize
5.8MB

Download
memory/2932-18-0x0000000000660000-0x0000000000C20000-memory.dmp

Filesize
5.8MB

Download
memory/3260-45-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/3260-0-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/3260-64-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/4252-40-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/4252-76-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/4828-46-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download
memory/4828-7-0x0000000000510000-0x0000000000AD0000-memory.dmp

Filesize
5.8MB

Download