1139de78debd0f579c819344207cb2e3cab899370b0f4003cbbe8640c569dfc3

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-03-2023 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

2ab1c313bb4630629f25b7b5e2c77564
SHA1

aa55c60e58dbb88e8ddf12595536904757a00d74
SHA256

1139de78debd0f579c819344207cb2e3cab899370b0f4003cbbe8640c569dfc3
SHA512

ad7476d1a1c457a8712aabb602a9168e998940734dbd52fa3fc556e29896f61781cc56acbb2fbb4122acb53a7a3faef3fac1433771fcfae8c4a2294839efed30
SSDEEP

98304:OE5YW5FJdsCsCI+LE0T/zw8SK1rg6g+Xwp0387sYfBoV5ZyQ77:OUY+CCsMQ1+Xv8A5TVP

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

OperaGXSetup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid process

432 OperaGXSetup.exe
1868 _sfx.exe
1616 assistant_installer.exe
968 assistant_installer.exe

pid	process
432	OperaGXSetup.exe
1868	_sfx.exe
1616	assistant_installer.exe
968	assistant_installer.exe

Loads dropped DLL 11 IoCs

Processes:

OperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeassistant_installer.exe

pid	process
1352	OperaGXSetup.exe
1272	OperaGXSetup.exe
1352	OperaGXSetup.exe
432	OperaGXSetup.exe
1352	OperaGXSetup.exe
1352	OperaGXSetup.exe
1352	OperaGXSetup.exe
1304	OperaGXSetup.exe
1248	OperaGXSetup.exe
1352	OperaGXSetup.exe
1616	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	upx
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	upx
behavioral1/memory/1352-69-0x0000000000160000-0x0000000000745000-memory.dmp	upx
behavioral1/memory/1272-73-0x0000000000160000-0x0000000000745000-memory.dmp	upx
behavioral1/memory/432-75-0x0000000000B20000-0x0000000001105000-memory.dmp	upx
behavioral1/memory/432-76-0x0000000000B20000-0x0000000001105000-memory.dmp	upx
behavioral1/memory/1304-325-0x0000000000160000-0x0000000000745000-memory.dmp	upx
behavioral1/memory/1248-327-0x0000000000160000-0x0000000000745000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

OperaGXSetup.exeOperaGXSetup.exe

description ioc process

File opened (read-only) \??\D: OperaGXSetup.exe
File opened (read-only) \??\D: OperaGXSetup.exe

description	ioc	process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

OperaGXSetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1460	AUDIODG.EXE
Token: 33	1460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1460	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

SndVol.exe

pid process

316 SndVol.exe
316 SndVol.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

SndVol.exe

pid process

316 SndVol.exe
316 SndVol.exe
316 SndVol.exe
316 SndVol.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OperaGXSetup.exe

pid process

1352 OperaGXSetup.exe

pid	process
316	SndVol.exe
316	SndVol.exe

pid	process
316	SndVol.exe
316	SndVol.exe
316	SndVol.exe
316	SndVol.exe

Suspicious use of WriteProcessMemory 49 IoCs

Processes:

OperaGXSetup.exeOperaGXSetup.exeassistant_installer.exe

description	pid	process	target process
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1272	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 432	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1868	1352	OperaGXSetup.exe	_sfx.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1304	1352	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1304 wrote to memory of 1248	1304	OperaGXSetup.exe	OperaGXSetup.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1352 wrote to memory of 1616	1352	OperaGXSetup.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe
PID 1616 wrote to memory of 968	1616	assistant_installer.exe	assistant_installer.exe

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1352

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=96.0.4693.104 --initial-client-data=0x194,0x198,0x19c,0x168,0x1a0,0x74bd94b0,0x74bd94c0,0x74bd94cc
2⤵
- Loads dropped DLL
PID:1272

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:432

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\_sfx.exe"
2⤵
- Executes dropped EXE
PID:1868

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1352 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20230328100803" --session-guid=3c75bf43-8ceb-4ca1-acab-b0bbd531b87a --server-tracking-blob=YTJiN2EwZTNkYzViOGE1NmE3Zjc1ODVlNDk2MTA2MTY4NDRmOWRhYjViNjliODg0MWU1ZGI0Njk0N2I1ZWQxNTp7ImNvdW50cnkiOiJNWCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3RyeWFnYWluPXllcyZ1dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249KG5vbmUpJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cuZ29vZ2xlLmNvbSUyRiZ1dG1fc2l0ZT1vcGVyYV9jb20mJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20vZ3gmZGxfdG9rZW49ODM4NDkyOTkiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiI3IiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3OTQ2NjM2Mi4wMDA2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZ29vZ2xlIiwidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjM1ZDRjMDdiLWFmYTctNDM5MC1hOWU0LTI2YzMyMzQ2MzlhYyJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=0807000000000000
2⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:1304

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=96.0.4693.104 --initial-client-data=0x190,0x1a0,0x1a4,0x164,0x1a8,0x735494b0,0x735494c0,0x735494cc
3⤵
- Loads dropped DLL
PID:1248

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe" --version
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1616

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x14c4f48,0x14c4f58,0x14c4f64
3⤵
- Executes dropped EXE
PID:968

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45417631 8486
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:316

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1460

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1600

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
460c2e382826cee90425180aaf4a97ba

SHA1
8e0feadeb3e2751349505708d03c0866fcf8952a

SHA256
b05173487c58570d5f634300e4abfd0c71f9c5e99735600f980445774dae5905

SHA512
9868b7d76ca54f901fe0d022578b860e80918408caadb68044a6418d8a3a2e8b0a4d159dad82a58075a79294ad24ae814f0f1d53e6eb853c00effac166889f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
Filesize
3.4MB

MD5
2ab1c313bb4630629f25b7b5e2c77564

SHA1
aa55c60e58dbb88e8ddf12595536904757a00d74

SHA256
1139de78debd0f579c819344207cb2e3cab899370b0f4003cbbe8640c569dfc3

SHA512
ad7476d1a1c457a8712aabb602a9168e998940734dbd52fa3fc556e29896f61781cc56acbb2fbb4122acb53a7a3faef3fac1433771fcfae8c4a2294839efed30

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\additional_file0.tmp
Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\_sfx.exe
Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\_sfx.exe
Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\opera_package
Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab47CD.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230328100802624432.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar485C.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BC5.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
Filesize
40B

MD5
8393f27b07ad4916323448975c85b00e

SHA1
0bfbd965c7643c47a76d81f72b0133657026fa6e

SHA256
d6dca14c3ec3cb08b94f3fe97b12edb80f1c341b9ed7649417386894442aaf57

SHA512
984d9169309778c7d59b807f0454af6bc7244f61848bd158d4bd52790a79ce3869540f364999546d0360b87feed7d17c3357a91b108258af33cad10a2782e412

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
Filesize
40B

MD5
8393f27b07ad4916323448975c85b00e

SHA1
0bfbd965c7643c47a76d81f72b0133657026fa6e

SHA256
d6dca14c3ec3cb08b94f3fe97b12edb80f1c341b9ed7649417386894442aaf57

SHA512
984d9169309778c7d59b807f0454af6bc7244f61848bd158d4bd52790a79ce3869540f364999546d0360b87feed7d17c3357a91b108258af33cad10a2782e412

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
Filesize
40B

MD5
8393f27b07ad4916323448975c85b00e

SHA1
0bfbd965c7643c47a76d81f72b0133657026fa6e

SHA256
d6dca14c3ec3cb08b94f3fe97b12edb80f1c341b9ed7649417386894442aaf57

SHA512
984d9169309778c7d59b807f0454af6bc7244f61848bd158d4bd52790a79ce3869540f364999546d0360b87feed7d17c3357a91b108258af33cad10a2782e412

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
Filesize
3.4MB

MD5
2ab1c313bb4630629f25b7b5e2c77564

SHA1
aa55c60e58dbb88e8ddf12595536904757a00d74

SHA256
1139de78debd0f579c819344207cb2e3cab899370b0f4003cbbe8640c569dfc3

SHA512
ad7476d1a1c457a8712aabb602a9168e998940734dbd52fa3fc556e29896f61781cc56acbb2fbb4122acb53a7a3faef3fac1433771fcfae8c4a2294839efed30

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\_sfx.exe
Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\opera_package
Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202303281008031\opera_package
Filesize
118.8MB

MD5
b3bf61a5e54320547edf6119298498ae

SHA1
ac6987a5d845c458c2c75ebf927b47c6bc38d507

SHA256
444026187ee7003a9f9ca79977ee544d3bc90633c63da6115ff85a453fc2b2de

SHA512
f77a48779ef2f5bfa9709ef15744e45d8099ed78250f983e673f4dec42cb1da55107812d5c4cc980511bc74599dc311c9546145f3ccf5508504d3d31291e8a53

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303281008014311352.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303281008019821272.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230328100802624432.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303281008395811304.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303281008405011248.dll
Filesize
5.3MB

MD5
4aae95fe44ded1e5e84c3d49ef3bd968

SHA1
689655c184a14e4b751d5a66451ad16e94e7a77c

SHA256
159f49ad7b0768601957bcbcfd3e0116d1e1971a8fae5e37168ec7436f4a5b8a

SHA512
6438f761b7c3f9a9aacf0cfec5fbadb6624f4eb623b3d542eab9a02a93a4279ea4e84504d16a34f024133aefb5da29335ccc0867ce41b06733176425283066da

Download Submit
memory/316-347-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/432-104-0x0000000000B20000-0x0000000001105000-memory.dmp

Filesize
5.9MB

Download
memory/432-76-0x0000000000B20000-0x0000000001105000-memory.dmp

Filesize
5.9MB

Download
memory/432-75-0x0000000000B20000-0x0000000001105000-memory.dmp

Filesize
5.9MB

Download
memory/1248-327-0x0000000000160000-0x0000000000745000-memory.dmp

Filesize
5.9MB

Download
memory/1272-73-0x0000000000160000-0x0000000000745000-memory.dmp

Filesize
5.9MB

Download
memory/1304-325-0x0000000000160000-0x0000000000745000-memory.dmp

Filesize
5.9MB

Download
memory/1304-326-0x0000000002C80000-0x0000000003265000-memory.dmp

Filesize
5.9MB

Download
memory/1352-74-0x0000000003620000-0x0000000003C05000-memory.dmp

Filesize
5.9MB

Download
memory/1352-70-0x0000000002D80000-0x0000000003365000-memory.dmp

Filesize
5.9MB

Download
memory/1352-69-0x0000000000160000-0x0000000000745000-memory.dmp

Filesize
5.9MB

Download
memory/1352-317-0x0000000006840000-0x0000000006E25000-memory.dmp

Filesize
5.9MB

Download
memory/1352-350-0x0000000006840000-0x0000000006E25000-memory.dmp

Filesize
5.9MB

Download
memory/1352-391-0x0000000002D80000-0x0000000002D82000-memory.dmp

Filesize
8KB

Download
memory/1600-396-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download