28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974

Analysis

max time kernel
203s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

installer.exe
Size

43KB
MD5

d406ce5200488ab3fb725bbd16324864
SHA1

f7f619307ec9b463abfc7ede001274d12cdc447e
SHA256

28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974
SHA512

461822da36db093cae46ab3b1a5fa34617f9fb37bec97c38c33efd134c61df75fecc3192442005645c30c411d6e0eedff6d130c053d80ad557064df12c89a883
SSDEEP

768:XIeRwUuo7jHzx2ET1RVfyCSUz2rx2ET1RVfyCSUzcA20I2BDWNAMxkEQp:1RTuCxH1RAO2rxH1RAOcAsCWFx6

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

OperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeAssistant_107.0.5045.21_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
2768	OperaSetup.exe
728	OperaSetup.exe
4012	OperaSetup.exe
3876	OperaSetup.exe
1900	OperaSetup.exe
3232	Assistant_107.0.5045.21_Setup.exe_sfx.exe
1768	assistant_installer.exe
1108	assistant_installer.exe

Loads dropped DLL 9 IoCs

Processes:

OperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeassistant_installer.exeassistant_installer.exe

pid	process
2768	OperaSetup.exe
728	OperaSetup.exe
4012	OperaSetup.exe
3876	OperaSetup.exe
1900	OperaSetup.exe
1768	assistant_installer.exe
1768	assistant_installer.exe
1108	assistant_installer.exe
1108	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral1/memory/2768-6-0x0000000000450000-0x0000000000984000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral1/memory/728-15-0x0000000000450000-0x0000000000984000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	upx
behavioral1/memory/4012-23-0x0000000000F70000-0x00000000014A4000-memory.dmp	upx
behavioral1/memory/4012-27-0x0000000000F70000-0x00000000014A4000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral1/memory/1900-35-0x0000000000450000-0x0000000000984000-memory.dmp	upx
behavioral1/memory/2768-53-0x0000000000450000-0x0000000000984000-memory.dmp	upx
behavioral1/memory/728-54-0x0000000000450000-0x0000000000984000-memory.dmp	upx
behavioral1/memory/3876-55-0x0000000000450000-0x0000000000984000-memory.dmp	upx
behavioral1/memory/1900-56-0x0000000000450000-0x0000000000984000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

OperaSetup.exeOperaSetup.exe

description	ioc	process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies registry class 1 IoCs

Processes:

taskmgr.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings taskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	taskmgr.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

OperaSetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

Processes:

taskmgr.exe

pid	process
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

installer.exetaskmgr.exeinstaller.exe

description	pid	process
Token: SeDebugPrivilege	4540	installer.exe
Token: SeDebugPrivilege	4712	taskmgr.exe
Token: SeSystemProfilePrivilege	4712	taskmgr.exe
Token: SeCreateGlobalPrivilege	4712	taskmgr.exe
Token: SeDebugPrivilege	3400	installer.exe
Token: 33	4712	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4712	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe
4712	taskmgr.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

installer.exeOperaSetup.exeOperaSetup.exeassistant_installer.exe

description	pid	process	target process
PID 4540 wrote to memory of 2768	4540	installer.exe	OperaSetup.exe
PID 4540 wrote to memory of 2768	4540	installer.exe	OperaSetup.exe
PID 4540 wrote to memory of 2768	4540	installer.exe	OperaSetup.exe
PID 2768 wrote to memory of 728	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 728	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 728	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 4012	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 4012	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 4012	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 3876	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 3876	2768	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 3876	2768	OperaSetup.exe	OperaSetup.exe
PID 3876 wrote to memory of 1900	3876	OperaSetup.exe	OperaSetup.exe
PID 3876 wrote to memory of 1900	3876	OperaSetup.exe	OperaSetup.exe
PID 3876 wrote to memory of 1900	3876	OperaSetup.exe	OperaSetup.exe
PID 2768 wrote to memory of 3232	2768	OperaSetup.exe	Assistant_107.0.5045.21_Setup.exe_sfx.exe
PID 2768 wrote to memory of 3232	2768	OperaSetup.exe	Assistant_107.0.5045.21_Setup.exe_sfx.exe
PID 2768 wrote to memory of 3232	2768	OperaSetup.exe	Assistant_107.0.5045.21_Setup.exe_sfx.exe
PID 2768 wrote to memory of 1768	2768	OperaSetup.exe	assistant_installer.exe
PID 2768 wrote to memory of 1768	2768	OperaSetup.exe	assistant_installer.exe
PID 2768 wrote to memory of 1768	2768	OperaSetup.exe	assistant_installer.exe
PID 1768 wrote to memory of 1108	1768	assistant_installer.exe	assistant_installer.exe
PID 1768 wrote to memory of 1108	1768	assistant_installer.exe	assistant_installer.exe
PID 1768 wrote to memory of 1108	1768	assistant_installer.exe	assistant_installer.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4540

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" -silent --allusers=0 --otd="utm.medium:apb,utm.source:RSTP,utm.campaign:op266"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6dc71184,0x6dc71190,0x6dc7119c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:728

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4012

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2768 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240225072815" --session-guid=c7548409-1e2f-432f-b8f7-5d036c9f6839 --server-tracking-blob="M2Q0NmJiMmI5ZTcwZDQ3ZWYwYmY2NjE3M2VhYTg3YzY5YzVhMjI0NDY4NzgwNzM4ZmU0ZDkxODAxM2FiNWFiYjp7ImNvdW50cnkiOiJSVSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDg0MjgxODYuNDMwMiIsInVzZXJhZ2VudCI6IldnZXQvMS4xOS41IChsaW51eC1nbnUpIiwidXRtIjp7ImNhbXBhaWduIjoib3AyNjYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJmYWU5YWRmNi1iNWQ2LTQ1N2EtODlmOS0wZjk0YzgwMDE0Y2QifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=A005000000000000
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:3876

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x304,0x308,0x30c,0x2d4,0x310,0x6c5d1184,0x6c5d1190,0x6c5d119c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1900

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe"
3⤵
- Executes dropped EXE
PID:3232

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\assistant_installer.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x5a0ff4,0x5a1000,0x5a100c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2536

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4712

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
Filesize
118KB

MD5
fd8a9e3c7fcff5de9dbdc76f3c20e059

SHA1
634140e1b98592f447af794aa8e09670ef7e81b1

SHA256
5f99c937740adb0f4c52a191bc52ddbbe32bf6f6c12a518d707bbc6ee67677f4

SHA512
f380e546e438024a42fc1f089718a7e2be8dc0dbfdbfae236f7e73663a3aa5dc04c8fdd06a5350e35b97b9d8f9fd26f29f49e599b0eb62edfb56e756274e2eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
Filesize
154KB

MD5
32439c9ae32141093bb2408bbf33ae8b

SHA1
2a0e70c57cb4d5a65a0253d110eddc88207eda3d

SHA256
cf09f4d123e8b5745f21a8f22292dbe9e334c4186c59c415d617d47b9a392d5d

SHA512
c83d532ade89edc14d9cc519f72a525c49f18f65d13c6f387affa841926e4419c86434b71703c3f35b6ee7509efe133b092669f3b66818f31b9af90b8109a53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\additional_file0.tmp
Filesize
2.5MB

MD5
c6beccc9e56ec0691635d94aa596861a

SHA1
15be27128c31b99e64e0897d5b39069ab482128f

SHA256
db4fa8e1e500ac2a83dda54216b39e4a93b8cad393ba60868615243ab70ef8f4

SHA512
b266697c648a5816c36bf49fe799473d0ce5445fc4bf4511ef62334cf29e97194ac708283273268d49d19b5135bc28af9fb966bc58e6d504ea2ddef3d921898a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
Filesize
1.6MB

MD5
a780bd352be731047b82a7830958e7fd

SHA1
68e3f58141be3e214cae27ebff74e67b6ef7ef22

SHA256
29de39d5ddfeb07166723c7b3abc8e81af4066b14673da397e3bb7a870adccaf

SHA512
50d8fb9fc14ed44a6d2f17ebad4b8262713a56dbd3edce9447aa21d552cd43545eb10046c4fa2506291e71d3dbb91123615956cbdca3fdcd0e3ceaba111b7593

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
Filesize
1.8MB

MD5
e656ed663ec4f478e9a91853376c7ae4

SHA1
ba1d9fd6920118778849dfe2744bbe24eb26e121

SHA256
5224e4455e79175e5a6ad3d0f4694ce0c210750ef813f7bbe16e53789ba0f685

SHA512
ba65a8ad89aab290f2b7b0a4574eb599c2c2e1332a16332f405121f735d5bc60bea799a40df80d0a878ec6f045388abd8fdd7185252676262396e4fda5e51cda

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\assistant_installer.exe
Filesize
1.9MB

MD5
e9a2e04c89e66509491e3db8542dd5a3

SHA1
15c8492d99d6a0fb27f011979357efa8f52c6603

SHA256
8e660ec0a8cf83e3ac40effe102fd5d486def54f3914f8233119028e63ff2045

SHA512
38ad7d1e208f2302314345b2566e89adad9295b6f5e4183584efbe7023514234642b83e378ab32277be55d57a89c21d7a52771d6c0fb0a7feff40f4ae6b82b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\dbgcore.DLL
Filesize
166KB

MD5
e68e51c4eb928e22ac149c1045689689

SHA1
72a72e815efe499e402591b4a20d7efec6dbf1f2

SHA256
3274e04babe344810f2dd79d8365bf0302dd6419d6f195612e19dd2202eee266

SHA512
81ced7612e0f9ad8d2652c6e00a48132425097b7b121a5c8fe7497573ffd601b8579e1349dacf2cd319769dd82a954847307fea4af75b45fae1e7130784cfb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\assistant\dbghelp.dll
Filesize
1.7MB

MD5
b13a63492531b3953caff15852f62f71

SHA1
ecc9f2ffc8af588dd368fd5a85fc91075fc025ed

SHA256
a446687416c2a86c1e2a32be043055cffdc4eb0a26397abeea905dee1303591c

SHA512
6bb8a82e2c6f931a80efbb07984425982c6231789b917f4c92a40507fe054eea0f2de5140d8e5493fdb0d2089a5508fc53c41b00f1e415f95a359eaa8d770164

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402250728151\opera_package
Filesize
9.5MB

MD5
5f069308e7306936587a3e0363f4f61f

SHA1
6f97050d38478ed70fadee7e5fbfe36096c5c063

SHA256
bedfac5edf1deac65098ed1666403da96bd3594b0362992def23697a7c641e42

SHA512
eff1e4d4133cc8f8141e1dda1452aa2fa72ac16b2d990a0436730d9ec340934d10bed581e2b244a36fcffdb81eec5b19f70e881d28f50410570c43c1e5c69207

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
756KB

MD5
0f59d331a9fe94b515966da68ec7617e

SHA1
37322cb55625e84caf697424247c6302bf1105fd

SHA256
e047c0c888ddeff131086058e84d28d3e62d488cd932a90ead23143fca320b01

SHA512
fd8f6e1b2fe2e2c7151fff09f1f100f5c05b68f2c41569031fafa1a2f5d67c85aeeb3b744e53df3b6a1b6903f41f43657d72fb2ab7119d953087214f3cdd7987

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
661KB

MD5
c9bd62050df9596d7666a9d9e0e7704d

SHA1
d90bea6abedf24cd19c9ccec8ac014993b171276

SHA256
188f9e72b962c307df3bef0854ed62c8d548a279adb2b25ae184a00bc30f7b17

SHA512
bb406f4d90ed39e0fddbeb6ec7484409def6b419591490acebcf27cf769d71c67a38426615b5f30998c62c8d823f019a41a6cab4bd64c27a4e7121c12a3a31d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
1.4MB

MD5
d31071f79f0292b11cf9b104ba6ffb5b

SHA1
304b2f521f7fd30f99aba3f39654bb3270676210

SHA256
243ae126bc0c33fab6ec0772c1673d4063c80063c87bf0d9e3113b957d14de8f

SHA512
b2e548a759726223a6bb4ce1bf4f701d9cef31c6008f88ce1203b0979ebce4b82895fd056186d3446e3a1345e419577621903588cd64de1502e458cd9fc7bf04

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
1.5MB

MD5
34279295ea427c59fd833e29e70d0479

SHA1
496e6cf6c72b8e3bb7d605db9fe07fb6eec5edb7

SHA256
d13772275a4f0a14c3dfc0f1d9676e54bbb9ef65f09069539040081132977a73

SHA512
880fc354fc9311ed29670fe1f7b059511d35509273316ce38f34365573aba9115f210566ab9d6fb0bfe766ccf5740b0079680b0ef8af8021884a44c6326e615f

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
2.8MB

MD5
7b40e391f1ccfd9c7b7bb1e052e42d4e

SHA1
a87a6c8e2f2600ed6424c0de74fceeb31271913b

SHA256
2d324903b695572256bdc3cb4e569ef0585749ef784f6cd70d0438a8ce14baff

SHA512
4bf664d74569fa4f25e8f4965d1fd195c379caaad0cfb22843898426dde6a7cc9dd3ec6e1b879fee115aecea79d3e6536e8faa2a4f1d6da28ffa438f36367bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402250728149432768.dll
Filesize
1.4MB

MD5
21d2eec6031d50e9d772f9c58d88a439

SHA1
5619fbdd7c4140cac81b31e7879c4db2a32137e5

SHA256
eef8c8fcf47f9220310442ee368d2fcc6c344356d739463a7e7352a55925d671

SHA512
546eb4c3942dec5fd62d1f78dd5f755d4cedc9c9f267890046fbe237aaf2106001be231b18efa0bb66297b147b90674fe68b13d8100ecb6b2fc8a679f76385d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240225072815083728.dll
Filesize
313KB

MD5
9afde83688e99d5f0dca5416ce46b0eb

SHA1
12b14276f920f1f6bfba9fa67c68c4edbcc79764

SHA256
d5815c92ca9829b5735d2676ba442d5c819c5787e298124461d63cfc1b4a9981

SHA512
26646d2581720582ac8c410b0ca79279affeb90112cb8d194863da894ae4ea790caaa80ac151a960b873d6b464ea0bb8a84f07373ae62c8e712a2eed0f102abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402250728152714012.dll
Filesize
78KB

MD5
78200a5be6750594e0a143093595a86c

SHA1
2b924f26ef0377401569c8a60ba82dda860f3097

SHA256
63b24f4015ee501cdb644d98b9e95d79e18a12bd1b2daac030fce3f06ad5b785

SHA512
3c966ef84e6da075034e4be5fe7e1a32c868e426921383ecb85aa9775e43078bebce217110455b0a7b3e79d0e0e4f5664938b04941fcc7ad9d0349ba8e097fe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402250728152714012.dll
Filesize
81KB

MD5
4c95af3a41d0968f93cbde4fb65bc4be

SHA1
e4e5d772d0f861679223aca027a74aaef0911a30

SHA256
ef8dcc6127113329f91333bf6cf78e730099315d307645ba56470d2320b88372

SHA512
bb7d842cda3b808e07275168300a27919f8f914c6484681f1290ce64a88558b75e7410122e94895194c850f899e2d1b658af92fbb6fb5e9b919dc92d19fd3612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402250728157553876.dll
Filesize
1.3MB

MD5
b4707c74889ee3d65757d0b45bf8a351

SHA1
d3cabb84c795b84ab9fc571f170511cddacbce10

SHA256
91d69c9a14c6043c40ddff28724812c6edb374dfefd31191459a1948a221ccfa

SHA512
a907147da5211c0024e929ea65041e8afd9b285baa4be9a02d942c023cbc8fc56125b5c00ee2e8c23b295385e40ab3f6ed92f082747f5b461f815ed29cbbcc84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402250728159421900.dll
Filesize
1.1MB

MD5
5484196d36eba828278d3da9868d20e9

SHA1
85c10eb514b6dafb34db58bfc89789c69fb45939

SHA256
371e63331b4e02acaaca82d75f69fc4629926e1247b74f57cf879e9f0b99bc27

SHA512
74a0597c15121d44336b7b832dd051c73c2c21b749659207666d7e86565fa3760c855d433026ae888e9e00cbc95947976678e7334de64188f0ec03edc63fc674

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
5a4a353b57a5d7808e55c9f514326f86

SHA1
d6d3ed4e7f09fd11946c260ca101970c1f3e6296

SHA256
be74af58c6928cc847caa76d6f6bf8dc1b257e12c501081f77f36befad68e019

SHA512
13c3d91477e31d7f2395d63525ae57a817744db7f7c8851047c3517c74ba0881e60f7127cb7094917d13e6ddff5b470e28a299fffbe6ad7523027ccd1ad0743b

Download Submit
memory/728-54-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/728-15-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/1900-35-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/1900-56-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/2768-53-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/2768-6-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/3400-172-0x0000000075020000-0x00000000757D0000-memory.dmp

Filesize
7.7MB

Download
memory/3400-173-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/3400-182-0x0000000075020000-0x00000000757D0000-memory.dmp

Filesize
7.7MB

Download
memory/3400-187-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/3876-55-0x0000000000450000-0x0000000000984000-memory.dmp

Filesize
5.2MB

Download
memory/4012-23-0x0000000000F70000-0x00000000014A4000-memory.dmp

Filesize
5.2MB

Download
memory/4012-27-0x0000000000F70000-0x00000000014A4000-memory.dmp

Filesize
5.2MB

Download
memory/4540-58-0x0000000004C70000-0x0000000004C80000-memory.dmp

Filesize
64KB

Download
memory/4540-57-0x0000000075020000-0x00000000757D0000-memory.dmp

Filesize
7.7MB

Download
memory/4540-1-0x0000000075020000-0x00000000757D0000-memory.dmp

Filesize
7.7MB

Download
memory/4540-0-0x0000000000250000-0x000000000025E000-memory.dmp

Filesize
56KB

Download
memory/4540-2-0x0000000004C70000-0x0000000004C80000-memory.dmp

Filesize
64KB

Download
memory/4712-159-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-158-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-160-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-161-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-162-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-163-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-157-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-153-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-152-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download
memory/4712-151-0x000001A24E9E0000-0x000001A24E9E1000-memory.dmp

Filesize
4KB

Download