hxxps://minecraft[.]net

Analysis

max time kernel
2699s
max time network
2602s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://minecraft.net

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
676	OperaGXSetup.exe
2996	OperaGXSetup.exe
1544	OperaGXSetup.exe
4280	OperaGXSetup.exe
3764	OperaGXSetup.exe
1536	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
2692	assistant_installer.exe
408	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
676	OperaGXSetup.exe
2996	OperaGXSetup.exe
1544	OperaGXSetup.exe
4280	OperaGXSetup.exe
3764	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000232aa-440.dat	upx
behavioral1/files/0x00070000000232aa-457.dat	upx
behavioral1/memory/676-458-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx
behavioral1/files/0x00070000000232aa-459.dat	upx
behavioral1/files/0x00070000000232aa-464.dat	upx
behavioral1/files/0x00060000000232c6-474.dat	upx
behavioral1/files/0x00060000000232c6-475.dat	upx
behavioral1/memory/1544-477-0x0000000000540000-0x0000000000AEF000-memory.dmp	upx
behavioral1/memory/1544-482-0x0000000000540000-0x0000000000AEF000-memory.dmp	upx
behavioral1/memory/676-515-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx
behavioral1/memory/2996-526-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx
behavioral1/files/0x00070000000232aa-527.dat	upx
behavioral1/memory/4280-528-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx
behavioral1/files/0x00070000000232aa-547.dat	upx
behavioral1/memory/3764-552-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx
behavioral1/memory/4280-560-0x0000000000790000-0x0000000000D3F000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133356442958730285"	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
676	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 3324	5064	chrome.exe	61
PID 5064 wrote to memory of 3324	5064	chrome.exe	61
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 4044	5064	chrome.exe	86
PID 5064 wrote to memory of 3920	5064	chrome.exe	87
PID 5064 wrote to memory of 3920	5064	chrome.exe	87
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88
PID 5064 wrote to memory of 4756	5064	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://minecraft.net
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacdb19758,0x7ffacdb19768,0x7ffacdb19778
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5344 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3108 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5112 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5552 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4692 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5736 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6604 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4712 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:676
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=100.0.4815.82 --initial-client-data=0x310,0x314,0x318,0x2d0,0x31c,0x74dcf208,0x74dcf218,0x74dcf224
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1544
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=676 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20230804173840" --session-guid=cb627300-f960-4889-ae7a-cf70356e2ca5 --server-tracking-blob=YmRjZWQ3Y2MxNzk2ZmFiMTdmMzExYTI0YjY1NjgwMTk2YzJlMGZmMjI1OWQ4NzFjMmY4ZGU5NmRjYmU3MTZhMjp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249T0dYX1VTX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiZ1dG1faWQ9RUFJYUlRb2JDaE1JNU5LeTU4WERnQU1WQWF6VkNoMW5tUXFxRUFBWUFTQUFFZ0xfMmZEX0J3RSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTJGZ3gtYnJvd3NlciUzRnV0bV9pZCUzREVBSWFJUW9iQ2hNSTVOS3k1OFhEZ0FNVkFhelZDaDFubVFxcUVBQVlBU0FBRWdMXzJmRF9Cd0UlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fc291cmNlJTNEZ29vZ2xlJTI2dXRtX2NhbXBhaWduJTNET0dYX1VTX1NlYXJjaF9FTl9UMV9CcmFuZF9WMiUyNmdhZCUzRDElMjZnY2xpZCUzREVBSWFJUW9iQ2hNSTVOS3k1OFhEZ0FNVkFhelZDaDFubVFxcUVBQVlBU0FBRWdMXzJmRF9Cd0UmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneC1icm93c2VyJmRsX3Rva2VuPTI2MjkxMjI1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjkxMTcwNzExLjcxOTYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA2LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPR1hfVVNfU2VhcmNoX0VOX1QxX0JyYW5kX1YyIiwiaWQiOiJFQUlhSVFvYkNoTUk1Tkt5NThYRGdBTVZBYXpWQ2gxbm1RcXFFQUFZQVNBQUVnTF8yZkRfQndFIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3gtYnJvd3NlciIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZSJ9LCJ1dWlkIjoiNmFmOGQ0ZmItMTVlMi00MTFhLWJhMjYtZjRkODU2M2M1NTYzIn0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=9009000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:4280
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=100.0.4815.82 --initial-client-data=0x300,0x304,0x308,0x2dc,0x30c,0x722cf208,0x722cf218,0x722cf224
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x1014f48,0x1014f58,0x1014f64
      4⤵
      Executes dropped EXE
      PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1864,i,13697261211141819107,15106876209969704421,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
848576f2abb524cb5a4b2f315c521727

SHA1
5cc9a1854a35e17c07caa76053998e1e686d26a2

SHA256
7e81376f5097d665cccbd623cd89db8cfdafa080138281b89d7401fb64fa9806

SHA512
f551eb1b2f8ea99a0b9abc1f3937a488ee3064d808be6a3608dbcb71717b1cde6b116974815ce00bf3db4c8ac7a074f9f8542912c2fcd9d1ba2cbd474ab8dda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2761fe1d331b2816a81b07a58813bd3b

SHA1
8d2c19dd83fac574ffea51b09eb1fcdd44a453ba

SHA256
f6c0d207f7a4cd115991455182402fa6af70252aeb8a70a7d50185f190e9aa4e

SHA512
2b1ead558c0f532d0ec2efeb76bedac9c171aff0f091f9209cdabda80cea3c4df80f05778340909bf12cd9f6d818f964b4566b2a8c102435fb899f827f43e31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
4bc896a3589af0a4ee0c96c348c0478b

SHA1
d0817d30185020e640df6f3e3f00983cf07359bf

SHA256
b51d96e17fd68d2358806f63441854a557209c9be93539072e2ad859ff8ec4f4

SHA512
672a492aba9fe431fbee7d5d24d07f4ef43e5f3d11532ca1bfd64ef38fc14a77bbdbf1d638711672df3860abd1c9340fb54e18a03fe05cf5303e115054474b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
fe009a8236da2cb3b506776dd75fb759

SHA1
e3ec8af94c78fd33f320b7fa958bc1fedeca984d

SHA256
52e21137e90cf88b2ca7d226344a1b3ed1426ddfc6473cd83f00520a0ded837f

SHA512
762b1e9ac1985c035ae429f3e3f2bacb087f6fbefa677d0bd7026469a5ef39454185a74db448c33ba95483b96880e1c62cd0b4fdd798650b4ba877f1dd671d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9e06d7ad9f437a644d97316d8c7167b0

SHA1
009766e6e1bd6130f2bb5d579b9cbac3cf7cc116

SHA256
ab6e525095b8103262863e9c57a8c8e5f67dd7ddd7bb70d2272f2a19bd5615c9

SHA512
1125840966dd3411a514e752617ecd17ac51f07ed28c0faa6b8b502f262d1468e4f0121283158104d78ad523eda35129a4bf7463581f3ac463eade5bcb1c1b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
fee5cdea90c7a2c117148251586e22a0

SHA1
24c42c3c141ec6ecc6cc853b05dce742dabd80a3

SHA256
8f970588d22fc94e3ee675471b881a85ca8e3068af0a7a96e6491d4c3587ee49

SHA512
00fd378c39300bbb699beed6eaf1c0bbc097305d5e41b00323acb61ff0c17176a5262a7d079b9d5859dc94f23f29cd33dfc9667d05a5479bc24e79c9fe09d0ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0634a4da25232ad107c06c25c80f2309

SHA1
809e8c7fba0428e98103e5b08b9a9192537ea443

SHA256
73b62a97ffefb4f41cf16dd10f8ae855671c8560c8dd3c4e4407b1de260946e5

SHA512
854741f1269587d8b43bc1b00f40d1bff10e18690d651cbaca52d4a764b657435c2a0770827a369fd9b98535ef8b98cbf6cfbff8cd6f8db983ffbf142c9f9f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
64993c404eebd7549c46343de8d13650

SHA1
54fab409bb5325eb15ec05cfc014513c043d20d4

SHA256
5c98ca3772c2bafc503a8be168a319aae69d979f9a47e274d034a14341af2c40

SHA512
c68660ee902110598fe2db563d39b8e9bf960430480b996e1770cbf0104853efae414f4facdbf66a425529f3db152429822089fd26d28b15352cddf3c60599bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
41c1b69158653222c59139af822c015b

SHA1
cfa5e5cbe965463d459ecbbd4833e86ed7fdd2e2

SHA256
a321f27a0d900c54dd80096bd7813fa567f1481e93597d4a9ff0eb49cc1542cb

SHA512
88676a6b27ca0e137de6ad4dd0336b102a36d44a98d0eca85af715996ab3821c63acdfb97d12b9092d8a75b7402c482bfce58aa0ffa78506d83857c8ac32d69c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1c0006bbdc7f7d38023a497fc9d25994

SHA1
de476f002e55d60782c211e4fb5d852895c46c9c

SHA256
9c72bc07b975d4ca06254af4e65b0ddf96d8a25ebbe9fc05c4dcdcf6431cc6c3

SHA512
43da1d7ae21d0ac126a51c6ff22de7524212881a2a0be9c5014781692eda2bccc083b9587c79efe25a90d56acce189babbf6cf6a96c0ab9679486eb932e18d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0d98527eb5b997bc1d6f126e05624e72

SHA1
1d96ffaa406ef06d161ad76ca035302addaef8a3

SHA256
7f56904c94d5979c261b4b24ffa4673489d3eddaa57e7bccfa62df93ace9117c

SHA512
211a07968cd283d9d3e792577e98535ed7a7dd8e531221e8aae8951b332e973441fc24fdb388f9917c0b4fc9fcf555a24b6427152432678cc645ba4451e595af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a6f97cfd5fcd88c020c5b7b4c99b43f0

SHA1
864c680a79271dcb45ff51a2226d903c143cf270

SHA256
6c8f4184cd8ee71483384d2dfcc46dcefdc47ab411e20e28401e0c4c4cc8d19e

SHA512
ee3b9a231dd235e0d8e4d443f3d2afe5810b3f38e8f820e8935321cdf1daddb80823f2409c4a3cf0b5a5ae041d4607b41af9ebe48b488c2532d816b3ccde0758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5559301ff7333c3bcd0c4871a2f84e2e

SHA1
43c0564fb8e75ddff2f9753f02e7c8ea4384361b

SHA256
baf49c261df2ac6b0dacdbb19ca4e82a62ed020ff58c8faaf3719234bc82a428

SHA512
9c68a5b2f0fef7f545530d4b154ffd83e0cb0612be91c391f83749c8c7a3461875c826a461be7a687acbc1528be66289b1d54b5641843137a3fbc59b206d097a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
ccff911231e508a9de6d5df82f96b983

SHA1
b086f61522acac2eac410fbbc9ccaace5038f457

SHA256
487b480257d90d861846e2f685aeef62f9f99d904a0ea35ac8217b37b45fe8f1

SHA512
1d6b9889ac03afc1452305c2551eddcd89a03341ac81012a04edcb3d5309cc423b2aac1d2fcfcaa2a9a610849c13d4b90572ac68c42b30183a32d5316cc7d9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581279.TMP

Filesize
101KB

MD5
8fa2f137da1074bcc2facef83145c12d

SHA1
e9186b864a86b3d540325281d225343e6e1ce86c

SHA256
6f5b76c45e2519a9fca979021adfb5eb29aae9a8f8f560daa8a567b7c9c78e4c

SHA512
7db07a6e4bbe23b1963d8348cde531ca815ff6545fc798cc53d3ab701018505f7a10e901dc7c53e4f8b5e26d7091007590acc9896b8ca37cda771158ae9ce5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202308041738401\opera_package

Filesize
123.9MB

MD5
53ede30db059f300d8e7288dbea25a5e

SHA1
a75074bf89e17e9548b852025ad5b2b0c73d55d3

SHA256
ffd9e91e4b31d5fcb2204f0bf7a9d9e72f65fde39ebf89b24f3c56f134ab5430

SHA512
775d8171e6d1b9fb8ae5206c18c93afa3970c343725eb5653d1ee3055c8634a0c679ce27b37c5e5cfe556701dc21e67f0e93ad2267ed0871834f27d26c2c2e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230804173837634676.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2308041738384822996.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2308041738384822996.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2308041738397271544.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2308041738558544280.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2308041738560403764.dll

Filesize
5.0MB

MD5
4c985f2f12f13eb2c6c437f779112672

SHA1
e82a60389f89e1b6ed9352f97d28d0fbb4e49472

SHA256
aec6e57f79d454100f0e35865bc118129bfb40ddd2333d1402aa8ab278107182

SHA512
3a0a0422248349d0b73df1631bc5f6b3545c2e13cdf29e297401c29a5cbb885b9325ca300d678986362ef3d44a5a179ed166601f5486091aa5e98b08c3bd9862

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8e2cff3304a3555a18672dc753d17e9a

SHA1
fcd8edb456c8c3c6560f232a2cdf77b66ce41689

SHA256
d63b3efa758a9c07f6c3f63845a7fe4ad9223d0667b119565007f98a7a0dbdfe

SHA512
36cb0f1f802316372caf8653a42d16ce3dbd3ae147fa6cb6254679af9c53b143eed3dcf5e89107a374c0e5931c55613ded7f56c776053e1ffdc1364a5ca2b0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8e2cff3304a3555a18672dc753d17e9a

SHA1
fcd8edb456c8c3c6560f232a2cdf77b66ce41689

SHA256
d63b3efa758a9c07f6c3f63845a7fe4ad9223d0667b119565007f98a7a0dbdfe

SHA512
36cb0f1f802316372caf8653a42d16ce3dbd3ae147fa6cb6254679af9c53b143eed3dcf5e89107a374c0e5931c55613ded7f56c776053e1ffdc1364a5ca2b0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8e2cff3304a3555a18672dc753d17e9a

SHA1
fcd8edb456c8c3c6560f232a2cdf77b66ce41689

SHA256
d63b3efa758a9c07f6c3f63845a7fe4ad9223d0667b119565007f98a7a0dbdfe

SHA512
36cb0f1f802316372caf8653a42d16ce3dbd3ae147fa6cb6254679af9c53b143eed3dcf5e89107a374c0e5931c55613ded7f56c776053e1ffdc1364a5ca2b0fd

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.3MB

MD5
2add49fa5e424ccf366b9225b01a1ac0

SHA1
fe51c62a20c5abd0f28d85e20a054c4bec0d2939

SHA256
52c86483a83f72df83ecead56656245ce6c5aeaa0232fc624f3cb07359b08dae

SHA512
760ddf6e9a8576b2dfb3f246897e22e29afe0e88171b31b7d0e32047d9ed5b596391c35334da10e57b69ed84625836ddd6460aab2e3319a9e9ddac2670277948

Download Submit
memory/676-458-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download
memory/676-515-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download
memory/1544-482-0x0000000000540000-0x0000000000AEF000-memory.dmp

Filesize
5.7MB

Download
memory/1544-477-0x0000000000540000-0x0000000000AEF000-memory.dmp

Filesize
5.7MB

Download
memory/2996-526-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download
memory/3764-552-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download
memory/4280-528-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download
memory/4280-560-0x0000000000790000-0x0000000000D3F000-memory.dmp

Filesize
5.7MB

Download