Analysis

  • max time kernel
    219s
  • max time network
    214s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250610-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250610-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    04/07/2025, 18:31

General

  • Target

    https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames

Malware Config

Signatures

  • Downloads MZ/PE file 2 IoCs
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 45 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.opera.com/fr/gx?edition=std-2&utm_medium=pa&utm_campaign=PWN_FR_HVR_9853_WEB_519&utm_id=f80f80ee5f4d458aa99e18de64b769da&utm_source=PWNgames
    1⤵
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x368,0x7ffe54b9f208,0x7ffe54b9f214,0x7ffe54b9f220
      2⤵
        PID:1000
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
        2⤵
        • Downloads MZ/PE file
        PID:840
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
        2⤵
          PID:4672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2032,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:880
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
            2⤵
              PID:1412
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
              2⤵
                PID:1924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4276,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:1
                2⤵
                  PID:4556
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:2
                  2⤵
                    PID:2528
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
                    2⤵
                      PID:1564
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4196,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
                      2⤵
                        PID:3924
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5356,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
                        2⤵
                          PID:1684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4640,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
                          2⤵
                            PID:4444
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
                            2⤵
                              PID:2960
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
                              2⤵
                                PID:2012
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
                                2⤵
                                  PID:2364
                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
                                  2⤵
                                    PID:940
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3448,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3720 /prefetch:8
                                    2⤵
                                      PID:652
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:8
                                      2⤵
                                        PID:2688
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6772,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:1
                                        2⤵
                                          PID:1052
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
                                          2⤵
                                            PID:4240
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:8
                                            2⤵
                                              PID:1480
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6240,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
                                              2⤵
                                                PID:3560
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
                                                2⤵
                                                  PID:3156
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7868,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:8
                                                  2⤵
                                                    PID:4552
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7864,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8
                                                    2⤵
                                                      PID:2984
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7784,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
                                                      2⤵
                                                        PID:4504
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
                                                        2⤵
                                                          PID:3784
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
                                                          2⤵
                                                            PID:1100
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=744,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:8
                                                            2⤵
                                                              PID:4348
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8036,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8100 /prefetch:8
                                                              2⤵
                                                                PID:1180
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8044,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:8
                                                                2⤵
                                                                  PID:4572
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4376,i,14545987161151833260,11832837850880792831,262144 --variations-seed-version --mojo-platform-channel-handle=8148 /prefetch:8
                                                                  2⤵
                                                                    PID:4296
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                  1⤵
                                                                    PID:2880
                                                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                    1⤵
                                                                    • Suspicious behavior: AddClipboardFormatListener
                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    • Suspicious use of SendNotifyMessage
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:5868
                                                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                    1⤵
                                                                      PID:4740
                                                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                      1⤵
                                                                        PID:4336
                                                                      • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                        1⤵
                                                                          PID:3672
                                                                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                          1⤵
                                                                            PID:4596
                                                                          • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                            1⤵
                                                                              PID:5664
                                                                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                              1⤵
                                                                                PID:3780
                                                                              • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                1⤵
                                                                                  PID:5064
                                                                                • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                  1⤵
                                                                                    PID:2692
                                                                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                    1⤵
                                                                                      PID:904
                                                                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                      1⤵
                                                                                        PID:4056
                                                                                      • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                        1⤵
                                                                                          PID:1872
                                                                                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                          1⤵
                                                                                            PID:3096
                                                                                          • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                            1⤵
                                                                                              PID:4388
                                                                                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                              1⤵
                                                                                                PID:2124
                                                                                              • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                1⤵
                                                                                                  PID:2620
                                                                                                • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                  1⤵
                                                                                                    PID:4732
                                                                                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                    1⤵
                                                                                                      PID:976
                                                                                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                      1⤵
                                                                                                        PID:3056
                                                                                                      • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                        1⤵
                                                                                                          PID:1912
                                                                                                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStart.snd"
                                                                                                          1⤵
                                                                                                            PID:2528
                                                                                                          • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                                                                                            "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                                                                                            1⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:5288
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
                                                                                                              C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --server-tracking-blob=ZWZkZGU2Y2RhNWZiYjZhMmVmNjU0YjA1ZWQyNTYyNjZhNjRhMjZkNGIyYTNkYzA1MGRlMGE1MGRmZjYwOWJhMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInRpbWVzdGFtcCI6IjE3NTE2NTM4ODIuMTMxNSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMzLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0ZSX0hWUl85ODUzX1dFQl81MTkiLCJpZCI6ImY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiNjhhZjExMDMtN2VmNi00YjA3LWIzNjEtMTZjNjE0N2NlNzUwIn0=
                                                                                                              2⤵
                                                                                                              • Downloads MZ/PE file
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • Enumerates connected drives
                                                                                                              • Modifies system certificate store
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:5240
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ffe50dcb388,0x7ffe50dcb394,0x7ffe50dcb3a0
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                PID:5668
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                PID:5368
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5240 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250704183406" --session-guid=01ee60bd-293e-4843-8959-5e0df4974237 --server-tracking-blob=MzllYzQ0YjVmMjYxMjU3Y2U5MDc2ZjU3MTNiNmFmMDZhNWEwMmUwMDBhOWUzOTc1OTVmMjg5OTI4NmFjMGE1OTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9GUl9IVlJfOTg1M19XRUJfNTE5JmVkaXRpb249c3RkLTImdXRtX2lkPWY4MGY4MGVlNWY0ZDQ1OGFhOTllMThkZTY0Yjc2OWRhJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1mODBmODBlZTVmNGQ0NThhYTk5ZTE4ZGU2NGI3NjlkYSZkbF90b2tlbj04NTIxOTI4NCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc1MTY1Mzg4Mi4xMzE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMzMuMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fRlJfSFZSXzk4NTNfV0VCXzUxOSIsImlkIjoiZjgwZjgwZWU1ZjRkNDU4YWE5OWUxOGRlNjRiNzY5ZGEiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9neCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI2OGFmMTEwMy03ZWY2LTRiMDctYjM2MS0xNmM2MTQ3Y2U3NTAifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=D008000000000000
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                • Enumerates connected drives
                                                                                                                PID:4232
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe
                                                                                                                  C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x2a4,0x2a8,0x2ac,0x278,0x2b0,0x7ffe4fceb388,0x7ffe4fceb394,0x7ffe4fceb3a0
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Loads dropped DLL
                                                                                                                  PID:3048
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:6048
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --version
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:1712
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x2f4f48,0x2f4f58,0x2f4f64
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:3800
                                                                                                          • C:\Windows\system32\taskmgr.exe
                                                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                                                            1⤵
                                                                                                            • Checks SCSI registry key(s)
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                            PID:3864

                                                                                                          Network

                                                                                                                MITRE ATT&CK Enterprise v16

                                                                                                                Replay Monitor

                                                                                                                Loading Replay Monitor...

                                                                                                                Downloads

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

                                                                                                                  Filesize

                                                                                                                  105KB

                                                                                                                  MD5

                                                                                                                  2ca8d39c3bc99de17bed5a0fe47679b6

                                                                                                                  SHA1

                                                                                                                  a9d29377d4d7f316746f898e3cae2c6fd2d1bdc2

                                                                                                                  SHA256

                                                                                                                  1553a198ae11d60e77f8fff26d5ea7cdc1c266d81b11186fd06e0ed4e975ec90

                                                                                                                  SHA512

                                                                                                                  490d655f3c1f39cc318e83b5a296a043fdbe8718a364b84cb7a8ed9bdccf2f49023e378f1b02ea50f4cd8e5ed7efc50222b5a8393f9842a592ab0de4e69599aa

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                  Filesize

                                                                                                                  280B

                                                                                                                  MD5

                                                                                                                  fcf9727aec0ce7fddb01548ba240c0d1

                                                                                                                  SHA1

                                                                                                                  e38b97b14aebc563cf0478ff505700aa02c0a165

                                                                                                                  SHA256

                                                                                                                  c893e53590a42abb839aba47c36ba866d98f4b37ea9fa591a2fecfb896bda1f4

                                                                                                                  SHA512

                                                                                                                  fc9b869640aa7c5e452af55e6a387653a351d88b9271b2301def6a0b62e3ce9f5f08a615499f96ae7b9ffe791a10427eaad4b717fdda34f85c8823abfcdb5f35

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                  Filesize

                                                                                                                  280B

                                                                                                                  MD5

                                                                                                                  fbf5e7a78ebadaa63c94c01646f506d0

                                                                                                                  SHA1

                                                                                                                  55e94d7c8658a02fd4795958f4a61fc88a21b253

                                                                                                                  SHA256

                                                                                                                  a661a0029f3004f352361e056a93b367fef88d947177dce909097680aaf418a1

                                                                                                                  SHA512

                                                                                                                  cc8234e4f110b4303b1208f8e339b65dec25e9a114dbd366bbb9173d3cfd59c659c32d0186785b82102dad7d8f04729100cdd3125c5221c37a35f1f1c22ba65e

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                  Filesize

                                                                                                                  280B

                                                                                                                  MD5

                                                                                                                  6852ca8c907bc9ccbfae3d317732551a

                                                                                                                  SHA1

                                                                                                                  1635ece55515c9e6f2d771864134fc97e4e4ede0

                                                                                                                  SHA256

                                                                                                                  4987c2468406c4f0642df131db727982d3740b556924d4f0288eb66c45824047

                                                                                                                  SHA512

                                                                                                                  ebcdf581bf55be6a5dfc617acc463938babc740f03cbe522edd50f371a775339d98bc6c21abb32f3335963ccec1808f84bb3fc875dfd2f18a21a09b89572f59d

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  MD5

                                                                                                                  1122270fcd57044f90a9c8d281fbd30d

                                                                                                                  SHA1

                                                                                                                  e23d8d9268ad3ea23b87998473adc43191972bb2

                                                                                                                  SHA256

                                                                                                                  5c91fdfab626eb9f56e59d980229e64a208e2e7d1869dccb985c5d03b6930186

                                                                                                                  SHA512

                                                                                                                  45cf4040bc7df13c9a6ea11c4dd7dc1fb835216579f339b569c049a291d04aecf92d1a681d947fbdae9aa60af5eb752a5c376743a658b88bf5417a3de8c9ffb3

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c803.TMP

                                                                                                                  Filesize

                                                                                                                  3KB

                                                                                                                  MD5

                                                                                                                  db7b40732ce3c83aa31b6e3cad197251

                                                                                                                  SHA1

                                                                                                                  2ade2ef21e42a16b5e75e32e9bdedb4a32153aaf

                                                                                                                  SHA256

                                                                                                                  adaa1c26c5050e6df777b1cde57b18553d398425f5ae611f08855223114c9bfe

                                                                                                                  SHA512

                                                                                                                  05b9690715ce7e98db1e7e20dd652aa47f0f5fde066484e117d5bde094e249d6de7350cac309974aa565a498c1c04b2e734161f8060828800ac0feebbbab5955

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

                                                                                                                  Filesize

                                                                                                                  264KB

                                                                                                                  MD5

                                                                                                                  2961ade833b91dbbccc9785d58a62e64

                                                                                                                  SHA1

                                                                                                                  ad8e5acf8a89180e28efbd9eb7e2293931345265

                                                                                                                  SHA256

                                                                                                                  649597a3cf3f183f4f0e39c501be30b685f0d2995b33937e782c18a350fdd363

                                                                                                                  SHA512

                                                                                                                  97315ee3c4984b2192cd9608aac9a889ee3369b9819a98de484463a390d406ead9317c5649965d8934c1331ea6a1744b3eb36f9150b17467fcc5b912265cb49d

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                                  Filesize

                                                                                                                  2B

                                                                                                                  MD5

                                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                                  SHA1

                                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                  SHA256

                                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                  SHA512

                                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                                  Filesize

                                                                                                                  108KB

                                                                                                                  MD5

                                                                                                                  06d55006c2dec078a94558b85ae01aef

                                                                                                                  SHA1

                                                                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                                  SHA256

                                                                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                                  SHA512

                                                                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                  Filesize

                                                                                                                  7KB

                                                                                                                  MD5

                                                                                                                  98a58c8962031fddbfa010017ca8ae64

                                                                                                                  SHA1

                                                                                                                  9ea5dc0c19c67e430240aeab11e8d734b45cd486

                                                                                                                  SHA256

                                                                                                                  bb51734159f2eca76e257f54f31396bf469fe9bf6704a90597f8c6fd0650bc51

                                                                                                                  SHA512

                                                                                                                  97e5b2ac35b6044262e58dabe538cfa9fc6e94968a1e51b14f47e0a7ffca702071c1af555fbdd80efdc2714486ff73b626e877867a11f27ea542340a8adf5bd6

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                  Filesize

                                                                                                                  111B

                                                                                                                  MD5

                                                                                                                  285252a2f6327d41eab203dc2f402c67

                                                                                                                  SHA1

                                                                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                  SHA256

                                                                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                  SHA512

                                                                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                  Filesize

                                                                                                                  2B

                                                                                                                  MD5

                                                                                                                  d751713988987e9331980363e24189ce

                                                                                                                  SHA1

                                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                  SHA256

                                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                  SHA512

                                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                  Filesize

                                                                                                                  14KB

                                                                                                                  MD5

                                                                                                                  5a82f96d04a23ac5c0105642e37727ee

                                                                                                                  SHA1

                                                                                                                  bcc246abd7c0d142223e6dd16b339395422772b4

                                                                                                                  SHA256

                                                                                                                  0eadf008b5817cd56c9d74d276e7b54c2d4a74e6885aa8a2dbb08afeb7e73a2e

                                                                                                                  SHA512

                                                                                                                  8fe5fc1c5a4c92062e25179af34aa713f04e8524fe487108c910a784eea42703972255e7231f357b58f44f0ebbc5cdd0a7b0a8a045402f191e0acc3647e19311

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                  Filesize

                                                                                                                  16KB

                                                                                                                  MD5

                                                                                                                  59c45ec74e35c2f29898548c933f3080

                                                                                                                  SHA1

                                                                                                                  5576bcab0ba449536e240d76fdd7d51aee929189

                                                                                                                  SHA256

                                                                                                                  8ce225df6ee70da6d09d3cdb81a362fcbe5db50b1294c87e608d5f896510857f

                                                                                                                  SHA512

                                                                                                                  c7495c0fb0c776fd573bcf884abbf754ce0c7a365c585dee1e6bf73f8473ec3105896f8c4529b1968d6d8f948c899a14a568791ec14d03be728a6117f73f7fec

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                  Filesize

                                                                                                                  14KB

                                                                                                                  MD5

                                                                                                                  24fe5be28af886f6d2f514a53fa390b5

                                                                                                                  SHA1

                                                                                                                  4038a594f5f0ad93b98f4450c143b320cb9710a3

                                                                                                                  SHA256

                                                                                                                  762fd48c5eaa522d519f9355aa5a2d9204884e656487da5d310b9340a2208c8d

                                                                                                                  SHA512

                                                                                                                  1c5ccfc388bc589747034ea57454b7378ea0ca842bbafa14f7d69cae77d4387cc15bccc33226dcc33d0a3e56ff2c9386447e489e9ce3af5105acc24e655aa698

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                  Filesize

                                                                                                                  31KB

                                                                                                                  MD5

                                                                                                                  21fddb328c83f7dedc7ac5c2de3f806b

                                                                                                                  SHA1

                                                                                                                  2709527c199f63b5a490c949a468cdf0c8f4d60e

                                                                                                                  SHA256

                                                                                                                  77413af89a21d36234b1248e28a6e09a98269b188d8ec7477530bc03efe4e308

                                                                                                                  SHA512

                                                                                                                  c8e5662c8411c0fbc595a3951cb2a2139714674de2285bc5c141091ec28458f995a520b0836f1100c03ec09e12ee379d50c0f6476486f2c8ab281b5d97dc2d1b

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                  Filesize

                                                                                                                  72B

                                                                                                                  MD5

                                                                                                                  92136d662357d3eec791fd6bb126633f

                                                                                                                  SHA1

                                                                                                                  08ee5df5bd3301a23d9b602fe590f6e6cd34296a

                                                                                                                  SHA256

                                                                                                                  22d9a5f8d97d54f94f2164595de97fc3936b6c8594f4585984763c2d6d8a9454

                                                                                                                  SHA512

                                                                                                                  915737b715b8833d83af080f0d820648c51900890990a71076ade3fc74874b43668ed864db12665a0699318a2ef5d81669af0c6ea5a6f333b573acc5be3e58db

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b5a4.TMP

                                                                                                                  Filesize

                                                                                                                  48B

                                                                                                                  MD5

                                                                                                                  bba0682be2dc477c243ba22f2244069c

                                                                                                                  SHA1

                                                                                                                  2af8f51f0df24fbe90624c46aedc559574a36758

                                                                                                                  SHA256

                                                                                                                  7ebf3fb538b09987e9a96a60842506b78306c1928bd3c332038cb67a0440c98f

                                                                                                                  SHA512

                                                                                                                  0032b7dd6172fddb6be6c1ad1f18c317e9d02d8586b44a9a57abf0222b10a7e7fbf5175a0a7f9209770f4f11aec7b236851cfe4dcc5a8cac58bdb55472b862be

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  MD5

                                                                                                                  5838f7ad6bf1f8e9da9fb0056530bd2f

                                                                                                                  SHA1

                                                                                                                  54c1bd4c4994c25fcb7426920132ff90b5d6043c

                                                                                                                  SHA256

                                                                                                                  b8c27b2f0b69ca43de7f40b3feb751071d787cd84fedc9da9094318ebb6e1ff6

                                                                                                                  SHA512

                                                                                                                  54e048f3491b3811944b05ada6534c19f821334803d8976906df2bef175b2e112f833ff58b5160b48f02066a4aa7c43da1bcdd574748bbbffed828e0391ba0dc

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce0b5664-2034-47e2-bacf-15e71ce5933e.tmp

                                                                                                                  Filesize

                                                                                                                  69KB

                                                                                                                  MD5

                                                                                                                  164a788f50529fc93a6077e50675c617

                                                                                                                  SHA1

                                                                                                                  c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                  SHA256

                                                                                                                  b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                  SHA512

                                                                                                                  ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  17KB

                                                                                                                  MD5

                                                                                                                  c0f84e40cdaf77baf502f382b580e2f9

                                                                                                                  SHA1

                                                                                                                  4609705be39b32d447aa6dc4bb0b11874c15ba12

                                                                                                                  SHA256

                                                                                                                  66222ba0cd2ea2c93f72201b42609109d17edaa126814606e4e5827dfa9d8f2d

                                                                                                                  SHA512

                                                                                                                  6e70f19e49c1e1cf991b0a3f4a40b7b321b9cdc6377482965faa1a19559d63258769e402792bf0c6742fadf8eca96fb152523e12cc2af0498af12220ce15f78d

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  abc6da64b12bbacdf6f435996e5601a2

                                                                                                                  SHA1

                                                                                                                  aa8df20ba63fff12f65e0c14472603880f5317e9

                                                                                                                  SHA256

                                                                                                                  6d63b8c820d5c9a303de068dac3769ec916dbbfe8b959bf5fffa8d4d4b07a701

                                                                                                                  SHA512

                                                                                                                  cc06943988d3b2b13cd0342f940a18fa0598988b5769bd2bf0132d6733c96a470385df112602fc9b03a86b0cfc238a624016283194a688e72b36cbec6db919af

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  34KB

                                                                                                                  MD5

                                                                                                                  9f59a6c32ed81682b40daf27fbe4afdd

                                                                                                                  SHA1

                                                                                                                  0180a9009987b4884b51c41cf42cab12707b3636

                                                                                                                  SHA256

                                                                                                                  e3fbfff4690645d881c36630e8b48b59b165f2b40138622e76351d7deb596520

                                                                                                                  SHA512

                                                                                                                  768dd95b98aa708b38712bafc129e17803dca13304a9cd0dc9a6c7120a665db21eab62844e36764fbc64cf6b47c7655f2ff64bbaba7f7c3e53b01b8357bbe902

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  7KB

                                                                                                                  MD5

                                                                                                                  033955023524ebb1b3b4090265ac01f2

                                                                                                                  SHA1

                                                                                                                  1f1c4f3c0299fb802ef7dbe53913f518edbec53e

                                                                                                                  SHA256

                                                                                                                  5a6200eec310aea7d91ad94ecf296082d9f691815c5cdce2f0518f6d8c394021

                                                                                                                  SHA512

                                                                                                                  3002efb56fa0332aebfdbd226ebcee2591c891196860aa325416c1835fa91378d8ebd7c391c1606b9ce230289c7039df57675b019a8ce01d6929d5ecb887da28

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  17KB

                                                                                                                  MD5

                                                                                                                  509e1842852c54bbe88f3e85fcb62d3a

                                                                                                                  SHA1

                                                                                                                  fc548f502f57985a61c7486a05951664b7733f60

                                                                                                                  SHA256

                                                                                                                  c9f9c888109c68eb0837eb01d8330a5c3b726b58b19c6bcd2d2de9b083d7457f

                                                                                                                  SHA512

                                                                                                                  39b88182338b030ff48070e3fce46bd9f71eb551229144d6c8addc2d0111c840f2b4e7c4f96c25fa51845fa5ccb1155c86016a23a0e956bb7237661320713e2a

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                  Filesize

                                                                                                                  28KB

                                                                                                                  MD5

                                                                                                                  6c60b0334ef1592f2635cbeb78cae82c

                                                                                                                  SHA1

                                                                                                                  4c3b6f9f341872e305e7858c86eda91d55ba1dff

                                                                                                                  SHA256

                                                                                                                  95831214ee2ccc4fa70efbe31fd9c105f9b2bba57779ec2da3318c6e5bf4c303

                                                                                                                  SHA512

                                                                                                                  f383a64cf9eaa32d792544cbf2f609bccaf8b61e27fd4407a863574e2b322bf284a592e3fe97c418d90ddb27f7edbb9272ae539dec432dfa52ef2d826fd0b0e5

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                  Filesize

                                                                                                                  2KB

                                                                                                                  MD5

                                                                                                                  845749761ce8b166abefc92a9eaf144c

                                                                                                                  SHA1

                                                                                                                  90a8058e04b23cdc3aa097f13306969c3196a5d8

                                                                                                                  SHA256

                                                                                                                  a8af361cd67f08726f0090a045ef6dfdaa40fcd5d76355199fdcfdaf01e586c7

                                                                                                                  SHA512

                                                                                                                  4ee75619ef08a79227bd8aa124990e439b860fdce6dd67cd144f1d1d5669f82e66eec2eb9f604d5525df1621f0b9c184d66e8e71cb0ca9fd7b4620b93669f69c

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\additional_file0.tmp

                                                                                                                  Filesize

                                                                                                                  1.4MB

                                                                                                                  MD5

                                                                                                                  e9a2209b61f4be34f25069a6e54affea

                                                                                                                  SHA1

                                                                                                                  6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                                                                                  SHA256

                                                                                                                  e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                                                                                  SHA512

                                                                                                                  59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507041834061\assistant\assistant_installer.exe

                                                                                                                  Filesize

                                                                                                                  1.8MB

                                                                                                                  MD5

                                                                                                                  4c8fbed0044da34ad25f781c3d117a66

                                                                                                                  SHA1

                                                                                                                  8dd93340e3d09de993c3bc12db82680a8e69d653

                                                                                                                  SHA256

                                                                                                                  afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

                                                                                                                  SHA512

                                                                                                                  a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\7zS8A4F0BB9\setup.exe

                                                                                                                  Filesize

                                                                                                                  8.9MB

                                                                                                                  MD5

                                                                                                                  c8422594c563a030ee1ee2e9db2ffc09

                                                                                                                  SHA1

                                                                                                                  eed83fbe6967ce8a770eef10e46caa725ead3f62

                                                                                                                  SHA256

                                                                                                                  0a9e3d689bde8ecf85337192425bef699be7cfb736a52148a6fb027162ee319c

                                                                                                                  SHA512

                                                                                                                  0b459ed0f2017e2199c89c0998f1b25bd2177f4b69afee52ab35129b117a8bc9ac760828ba473a469f62b2c524f2fc05ac81395fa82bb81325ec60bb8a6ce889

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2507041834043765240.dll

                                                                                                                  Filesize

                                                                                                                  8.3MB

                                                                                                                  MD5

                                                                                                                  818f0a0b987eb15b4046df8d80eabfbc

                                                                                                                  SHA1

                                                                                                                  0ef6702c8b2e20a06cafabade808496e145522d8

                                                                                                                  SHA256

                                                                                                                  44383f5919d1de84da01ab5a780c6a7381c41636ea8f17496566c85d4b20d9b3

                                                                                                                  SHA512

                                                                                                                  914345c82ee805aac1ec6229aff65980c739c49ac5ac899e138dfddcad3e58981fdb5ae1ac6016b9a590e2fcfed76f79d976cfca92061aa9af377df0580a804f

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\b3a554cf-6164-4f74-846a-ce4ad5cd6b7d.tmp

                                                                                                                  Filesize

                                                                                                                  1B

                                                                                                                  MD5

                                                                                                                  5058f1af8388633f609cadb75a75dc9d

                                                                                                                  SHA1

                                                                                                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                  SHA256

                                                                                                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                  SHA512

                                                                                                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir1144_238367307\CRX_INSTALL\content.js

                                                                                                                  Filesize

                                                                                                                  9KB

                                                                                                                  MD5

                                                                                                                  3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                  SHA1

                                                                                                                  3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                  SHA256

                                                                                                                  0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                  SHA512

                                                                                                                  315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                  Filesize

                                                                                                                  40B

                                                                                                                  MD5

                                                                                                                  58baa6642abac54c88b4253105778625

                                                                                                                  SHA1

                                                                                                                  2591aa4bb72125cda8e2098c1ca3c65b5573e201

                                                                                                                  SHA256

                                                                                                                  abf7a4c2354234e69176d26e1c68905016a47b129313cbf6d625d5c028e2b424

                                                                                                                  SHA512

                                                                                                                  307d5195c317d637b205b5801188603b8bcae454c51ac705e8ca5265742c58c81d32b776ec3d2e75b22358f6d6cc6d96e1d65bd61e35f4b2ffd78f28eea257fb

                                                                                                                • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                  Filesize

                                                                                                                  77B

                                                                                                                  MD5

                                                                                                                  0be1d7ab6531c54c33b6f2e947e19362

                                                                                                                  SHA1

                                                                                                                  6f8847bb62d76961a8fc86d602bb9915e75dfadc

                                                                                                                  SHA256

                                                                                                                  8652ef28481c8f02b08f11af0b6652e021fbfeaa40361cfef1dcddf38e0848c2

                                                                                                                  SHA512

                                                                                                                  4d39c9dfa622b330ce1d7ede0609e3e0dc05b1eb273033e6d333d3828e5fcbb320a3ad3184d32255fa0c59cfdd6e964b07f3ffe538dc247471cadcff9cf515f8

                                                                                                                • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya5868

                                                                                                                  Filesize

                                                                                                                  76B

                                                                                                                  MD5

                                                                                                                  9d2da8306f03c18abbe49c3db69b580e

                                                                                                                  SHA1

                                                                                                                  6bac7eac33f175235e89af9710ffb7bec21fbcd5

                                                                                                                  SHA256

                                                                                                                  efe26fab3cbeeb26b55e050f695afc248bf7f12e66f1d4fa05ab0b8fbea9d605

                                                                                                                  SHA512

                                                                                                                  860507b75332742f1dd4f0ec124fbea7a5c7796726d462ee71db30cc2c8cafaeecc59dc160819b93b1fc994e3a67fc77add5a67cfef003fc1e39813dd28a7642

                                                                                                                • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

                                                                                                                  Filesize

                                                                                                                  18B

                                                                                                                  MD5

                                                                                                                  2b7556d2b7863d0e28d1437ebe6b2d61

                                                                                                                  SHA1

                                                                                                                  38ee23dc272a28b6d22bea86f64c267259704590

                                                                                                                  SHA256

                                                                                                                  84137681655b3ac11a3ea20d43f7abc1347fdb60cbd1fe386b1e5e50b124dc94

                                                                                                                  SHA512

                                                                                                                  c1772a15a5e9738fb17843933cb3cb040b0a5d76e0836d6dca86989063de2db73a0c8e6dd10e2b5c6ab74ea17dac6357aceaf8d279fe486baef3414223f14f54

                                                                                                                • C:\Users\Admin\Downloads\OperaGXSetup.exe

                                                                                                                  Filesize

                                                                                                                  4.2MB

                                                                                                                  MD5

                                                                                                                  7a3271f838b4dc7a907a7cf0e858841f

                                                                                                                  SHA1

                                                                                                                  e4cdefd663806d21de427ea626986fece43eb0d7

                                                                                                                  SHA256

                                                                                                                  56c4c29e9fca22d3b375534660fb58f61f8e6a046028e4fdcbddec63ba18a405

                                                                                                                  SHA512

                                                                                                                  9d3937854414e3a084048f082425779274060710e4b57651ac9276a8d9cd1cadc580560ee1eb50912f4f7f4c996757692ea1c35badd44bd9e30805bfa7cdfcf7

                                                                                                                • memory/904-950-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/904-947-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/904-952-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/904-949-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/904-951-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/904-948-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/1872-969-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/1872-967-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/1872-965-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/1872-966-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/1872-970-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/1872-968-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/2692-939-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/2692-937-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/2692-940-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/2692-936-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/2692-938-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/2692-930-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/3096-974-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/3096-971-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/3096-972-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/3096-973-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/3672-900-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/3672-905-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/3672-902-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/3672-904-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/3672-901-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/3672-903-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/3780-927-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/3780-925-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/3780-923-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/3780-924-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/3780-926-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/3780-928-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/4336-896-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/4336-890-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/4336-888-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/4336-895-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/4336-889-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/4336-894-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/4596-910-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/4596-911-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/4596-908-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/4596-907-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/4596-906-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/4596-909-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/4740-898-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/4740-893-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/4740-897-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/4740-899-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/4740-891-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/4740-892-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/5064-944-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/5064-941-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/5064-942-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/5064-943-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/5064-946-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                • memory/5064-945-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/5664-916-0x00007FFE63990000-0x00007FFE639A7000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  92KB

                                                                                                                • memory/5664-915-0x00007FFE63B60000-0x00007FFE63B78000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                • memory/5664-914-0x00007FFE54540000-0x00007FFE547F6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  2.7MB

                                                                                                                • memory/5664-913-0x00007FFE63070000-0x00007FFE630A4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                • memory/5664-912-0x00007FF7E47E0000-0x00007FF7E48D8000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  992KB

                                                                                                                • memory/5664-917-0x00007FFE63850000-0x00007FFE63861000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB