28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974

Analysis

max time kernel
149s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe
Size

43KB
MD5

d406ce5200488ab3fb725bbd16324864
SHA1

f7f619307ec9b463abfc7ede001274d12cdc447e
SHA256

28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974
SHA512

461822da36db093cae46ab3b1a5fa34617f9fb37bec97c38c33efd134c61df75fecc3192442005645c30c411d6e0eedff6d130c053d80ad557064df12c89a883
SSDEEP

768:XIeRwUuo7jHzx2ET1RVfyCSUz2rx2ET1RVfyCSUzcA20I2BDWNAMxkEQp:1RTuCxH1RAO2rxH1RAOcAsCWFx6

Score

9^/10

spyware stealer upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 17 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	UPX
behavioral2/memory/2888-6-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	UPX
behavioral2/memory/5036-13-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	UPX
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	UPX
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	UPX
behavioral2/memory/3212-23-0x0000000000140000-0x0000000000674000-memory.dmp	UPX
behavioral2/memory/3212-27-0x0000000000140000-0x0000000000674000-memory.dmp	UPX
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	UPX
behavioral2/memory/4896-30-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	UPX
behavioral2/memory/3308-36-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
behavioral2/memory/2888-56-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
behavioral2/memory/5036-57-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
behavioral2/memory/4896-58-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX
behavioral2/memory/3308-59-0x0000000000810000-0x0000000000D44000-memory.dmp	UPX

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

OperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeAssistant_108.0.5067.20_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
2888	OperaSetup.exe
5036	OperaSetup.exe
3212	OperaSetup.exe
4896	OperaSetup.exe
3308	OperaSetup.exe
3436	Assistant_108.0.5067.20_Setup.exe_sfx.exe
2132	assistant_installer.exe
1708	assistant_installer.exe

Loads dropped DLL 9 IoCs

Processes:

OperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeOperaSetup.exeassistant_installer.exeassistant_installer.exe

pid	process
2888	OperaSetup.exe
5036	OperaSetup.exe
3212	OperaSetup.exe
4896	OperaSetup.exe
3308	OperaSetup.exe
2132	assistant_installer.exe
2132	assistant_installer.exe
1708	assistant_installer.exe
1708	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral2/memory/2888-6-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral2/memory/5036-13-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	upx
behavioral2/memory/3212-23-0x0000000000140000-0x0000000000674000-memory.dmp	upx
behavioral2/memory/3212-27-0x0000000000140000-0x0000000000674000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral2/memory/4896-30-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe	upx
behavioral2/memory/3308-36-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
behavioral2/memory/2888-56-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
behavioral2/memory/5036-57-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
behavioral2/memory/4896-58-0x0000000000810000-0x0000000000D44000-memory.dmp	upx
behavioral2/memory/3308-59-0x0000000000810000-0x0000000000D44000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

OperaSetup.exeOperaSetup.exe

description	ioc	process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

OperaSetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe

description pid process

Token: SeDebugPrivilege 964 28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe

description	pid	process
Token: SeDebugPrivilege	964	28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exeOperaSetup.exeOperaSetup.exeassistant_installer.exe

description	pid	process	target process
PID 964 wrote to memory of 2888	964	28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe	OperaSetup.exe
PID 964 wrote to memory of 2888	964	28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe	OperaSetup.exe
PID 964 wrote to memory of 2888	964	28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe	OperaSetup.exe
PID 2888 wrote to memory of 5036	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 5036	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 5036	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 3212	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 3212	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 3212	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 4896	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 4896	2888	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 4896	2888	OperaSetup.exe	OperaSetup.exe
PID 4896 wrote to memory of 3308	4896	OperaSetup.exe	OperaSetup.exe
PID 4896 wrote to memory of 3308	4896	OperaSetup.exe	OperaSetup.exe
PID 4896 wrote to memory of 3308	4896	OperaSetup.exe	OperaSetup.exe
PID 2888 wrote to memory of 3436	2888	OperaSetup.exe	Assistant_108.0.5067.20_Setup.exe_sfx.exe
PID 2888 wrote to memory of 3436	2888	OperaSetup.exe	Assistant_108.0.5067.20_Setup.exe_sfx.exe
PID 2888 wrote to memory of 3436	2888	OperaSetup.exe	Assistant_108.0.5067.20_Setup.exe_sfx.exe
PID 2888 wrote to memory of 2132	2888	OperaSetup.exe	assistant_installer.exe
PID 2888 wrote to memory of 2132	2888	OperaSetup.exe	assistant_installer.exe
PID 2888 wrote to memory of 2132	2888	OperaSetup.exe	assistant_installer.exe
PID 2132 wrote to memory of 1708	2132	assistant_installer.exe	assistant_installer.exe
PID 2132 wrote to memory of 1708	2132	assistant_installer.exe	assistant_installer.exe
PID 2132 wrote to memory of 1708	2132	assistant_installer.exe	assistant_installer.exe

C:\Users\Admin\AppData\Local\Temp\28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe
"C:\Users\Admin\AppData\Local\Temp\28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:964

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" -silent --allusers=0 --otd="utm.medium:apb,utm.source:RSTP,utm.campaign:op266"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6d981184,0x6d981190,0x6d98119c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5036

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3212

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2888 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240311020451" --session-guid=1d72ed00-2916-483c-a89e-857d0cb4e5bb --server-tracking-blob="M2Q0NmJiMmI5ZTcwZDQ3ZWYwYmY2NjE3M2VhYTg3YzY5YzVhMjI0NDY4NzgwNzM4ZmU0ZDkxODAxM2FiNWFiYjp7ImNvdW50cnkiOiJSVSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDg0MjgxODYuNDMwMiIsInVzZXJhZ2VudCI6IldnZXQvMS4xOS41IChsaW51eC1nbnUpIiwidXRtIjp7ImNhbXBhaWduIjoib3AyNjYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJmYWU5YWRmNi1iNWQ2LTQ1N2EtODlmOS0wZjk0YzgwMDE0Y2QifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=8405000000000000
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:4896

C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6c4c1184,0x6c4c1190,0x6c4c119c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3308

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
3⤵
- Executes dropped EXE
PID:3436

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\assistant_installer.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2132

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0xe00040,0xe0004c,0xe00058
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
Filesize
450KB

MD5
71d930e87b781de48f5d7824532546e8

SHA1
d726c0de3c48f7eef5806bd8b47a0aedb010dc7d

SHA256
8071cbd3eae26a78c7d17cd5d0b0ebbed7eac2911866297b18f96bd60c8dbb46

SHA512
2d8f5bb7dfb0d79479ed28eea35abeab57051173df727f8bba3ce35f39ed257064b0f01eb1cf8b82ebb89679d4b3158dae920aaa4b00161f89680513bbbec28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
Filesize
721KB

MD5
6ef8a763d7f554e19cf5f64991040dcc

SHA1
e7bdee18f46174114321a0fa22165e1268cf6a96

SHA256
9eb147792d2a3bae23e073d474d383aa2cfd6b18780281a2ca001859b064e7da

SHA512
75b9866b37c3befdf92531132493811badc47e7d76d9129a47270fe506767ed9d4cb1fe052682b47dc3038bcf43aed8738e3c4180cacc871a061df0da858b7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\additional_file0.tmp
Filesize
567KB

MD5
3dc087a943b5eea86b7a9ffd7022550b

SHA1
dc1b751a03798cbf87b04ac7ba85c4c6102f9db1

SHA256
9dca424b2b215a684e468aa5e11458b77c21dfe81be1990094945fe2084bd44d

SHA512
042c7b3860ec14fac564bee69880a75eca3eb5510f7bc8b314112ece69f58418047b013b22f2369f7dd73bc9cd0fdd8f1d519dbd2b536d94d3cf757324eedfda

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
Filesize
589KB

MD5
a4d3cd906a6ca0050730c4fe08e30e43

SHA1
dce896c91a0127e91c3dcbc8d2605d6c054164f7

SHA256
9536b90c21e4cf31a9907f466b8c4427422cdefe2524309655738414fd4cf30c

SHA512
eb656c28d87e1e080f671f228bac62b04406e6ad2802375fb4260f89f17065172d423a28d7f1631a061757111b6d0385619ed039896483a89b3b25f4d139f948

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
Filesize
817KB

MD5
b85a285ba44cae44b1a1c671bf97fdc2

SHA1
69f284398389d88fa3b633d6244e3c417b8b35d0

SHA256
e8ac537fc45653a8415e8efe1cae5a4d8cee861ae6386eb413dbc5d597134def

SHA512
ae02eb4aa6d3029cbf2ad9e2d32a0d519d07c4c9bba38297468d48fbb85d52c8cd8443eb58f228d0bf944e250c8b6b8cc589c8d8849e0d3572a472b18b4dcdf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\assistant_installer.exe
Filesize
1.9MB

MD5
b3f05009b53af6435e86cfd939717e82

SHA1
770877e7c5f03e8d684984fe430bdfcc2cf41b26

SHA256
3ea8d40fcede1fc03e5603246d75d13e8d44d7229d4c390c39a55534053027f7

SHA512
d2dee80aaa79b19f1eb1db85079a05f621780e06bfea9e838b62d757ba29399f9090ec7c6ff553377c9b712f3ba8dd812cdff39f3e28829928e86746a8ac6b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\dbgcore.dll
Filesize
166KB

MD5
8b6f64e5d3a608b434079e50a1277913

SHA1
03f431fabf1c99a48b449099455c1575893d9f32

SHA256
926d444ffca166e006920412677c4ed2ef159cf0efc0578cb45b824f428f5eb2

SHA512
c9aeac62ece564ac64a894300fb9d41d13f22951ead73421854c23c506760d984dff0af92bef2d80f3a66e782f0075832e9c24a50ae6110d27a25c14e065b41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\assistant\dbghelp.dll
Filesize
1.7MB

MD5
925ea07f594d3fce3f73ede370d92ef7

SHA1
f67ea921368c288a9d3728158c3f80213d89d7c2

SHA256
6d02ebd4ec9a6093f21cd8ccefb9445fa0ab7b1f69ac868a5cfc5d28ed8d2de9

SHA512
a809851da820d9fdd8fb860a8f549311dcc2579df2c6f6fba74f50d5d8bf94baa834b09fb5476ac248f18d1deb6b47d4fdd6d658889d5d45ca8774a9264483d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403110204511\opera_package
Filesize
14.8MB

MD5
8be70e5354fc1804adbab98f69cf8b6c

SHA1
e3b14fceb2ba3503379412b6e46517c713c8bae5

SHA256
f16369bf8d6410398c2c0012cb82518647c2c25731cd21ddf13565c3aae7c370

SHA512
fb161a92ca5501287964b683e8d3278460763eaa5170beec6983bbb7c6f4a3fe383d6616f6268df1e51e4a6b013119113bdeb65bf0416ad8c52d48b43cefb9c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
602KB

MD5
3e310f4f8229b50b3ae5f13526a0bc51

SHA1
c38e0e30d4fe24557611aafaae46d699f2a661b9

SHA256
d48fe83cb6cb0ff66bc3cbdb39396a9c7b37e718d483858ced69fb72e5c654cd

SHA512
3b325504e1be23e759e0ba33e2a36cb3e173ff0892739953c2e19da838ef3555aafab4f2966d74c91f44be3855f9d258704188eaf1e76ec35ca324af738a5665

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
433KB

MD5
4ce2a2d8bbd525283a99daec548400c7

SHA1
6f24f918f89ed8d70b0f1eb9851afca069c2fb21

SHA256
aff18b634e28d1a531f5cb8f536fae59eac0b766dce2887fcba58e39ffa9d18b

SHA512
29307bec4157ea238404584966599ed863b16e0dfb0028af14fb90a83590b85d1c1b584207407694baa22db1695def058081b4896d98cea01e1ac5306d5e0148

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
443KB

MD5
62058ca4d7f9ea8f5f214e879d543174

SHA1
b9297a5052880ff1295166706d27e2c1f30a5466

SHA256
581bbe840be98044f25acc69bad37db2e0902f0c437d34ad77d0acf75a8d1101

SHA512
052c6f4fcedc7fa73eddab8dfc12926bded11068bd251cec7a6a0e5840f85d6070deed95e96f38a9a86edbf28e014b0209618739b94d9e18956a45061c616af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
401KB

MD5
56f31ca15fb53e9c9600579175723941

SHA1
2d6fe1bf549bd043f90b9dfa67f94767c3c00f6f

SHA256
f2b62b4e6237b1bfe7713becbb68cc9483c81ec6858c3f2d68219e0ce632a180

SHA512
944db5449155b3f306a5cc4a15f40d1f06562fbb2e156f6364f5485c82be51a1f45a734b8ba6c5e0fad093c3561a1c64564de397710ed86dc0709df76ddabf40

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
Filesize
1.7MB

MD5
eb22eaccdd06e8e0b42b61cca062b379

SHA1
cd63832c765f8e37367c356d8d83bc893e68ab7f

SHA256
0ff113cb33bd5a72425ffb40ac1411cbb397fc1cc62056039d2abe54fc4d0cab

SHA512
7a66a2ce19dd796b429a83ae7192f1e66c192f013d126c109d68b3f50e6d60ce1b1968b9bf53a4fd1f366301cdd7d35deffd3a5bcb3691c53b7f25478cba83b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204510432888.dll
Filesize
630KB

MD5
1ff0d25ffb2660e9afe7423d56b7125c

SHA1
76dcf10627e579cbd6faddaeba7c9d32b7ce348d

SHA256
dcb82939564ed09c4140e821a93a5681ed529afedaeb19573eba4b7283a89344

SHA512
90c7a4af0345c7fa86f0aedd4378b8f29fb833cb226834e9732dc9359efe6a5c95897e1d207bffd3be992121be807be0e1f998eb79883454409d9763f865ea65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204511845036.dll
Filesize
607KB

MD5
a47520cbf256bf47ff52782d81727c10

SHA1
d7ea6d69396e11a4e91aa3fe2aa121ccd887b4da

SHA256
20443afa94cccd63f09f6e5036d38a6b8499e77478b01e0a39e1eec6c30fc1d4

SHA512
f41753b475fe99dd98d783cb058740076d27db6e4d76ae0dcc1732e5c2cb4ddfbc5381e9874ae1f308e451b78b621bf57ced1789da8f47326b735cbc18c8d691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204513563212.dll
Filesize
484KB

MD5
cc43b0392167f57060d130e473c044ac

SHA1
a50c549f47f08edfac1764608a793e0350988ea9

SHA256
965b58bbd1b7952927d2347170f2fc8cd9808bafeb3a6c039b5727ec63950aea

SHA512
11f9a530ffcef0afaefa9263e26038022877d199e8b9fab88bb193ea79983d19ed7aa0e0fda747a54beec7607b787137850a69f5b821cb918956d95d0f570fe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204513563212.dll
Filesize
218KB

MD5
24dfb013af6a75b75ad609174d88be0b

SHA1
025871130481442ef75c7a33fb8af2285147a47d

SHA256
ef017b2ffd84ec61b527bc8983051e7532ff149e9857c89aefb2a04ecdd0572e

SHA512
c9cda32897dc02ef0ea8f9dca63f903dbbb67db0227dccd4cf968c4f01bd5baf08d0bb920cdd50c4372a2a66c4013c78ef37cb9fd5392cf5c15c47ddb502c325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204516214896.dll
Filesize
499KB

MD5
15aaece4d5ce834288b2de6786e57dc6

SHA1
97660c9ee3d98e2912714815b900c7102e69c128

SHA256
57c0e0a6584fd7229068e098e2ef90118505c1b501d636f19f69c4768593a7a9

SHA512
430e50c689bd4a515074555fb78f0c7195001fcecb4b85d49fa1407c5d9fcb7920014ee528ff7f53550492f1d25fe6e5de11cd0d0be5c192227a58212889b422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403110204517773308.dll
Filesize
401KB

MD5
e9b0429ce1e6c2438b3fbe3f008aa106

SHA1
bf29f8991e8a0bf9bbd770a82d49688b830e8d44

SHA256
bf2fded9fdd27d02ac532bc534315a035d22a6a3565a102605c9449b33cf5286

SHA512
d8ea7e945b42266a311d35a0c7f22cf86616ea64bf26c84332a20a83843dc377d063724c67a2e6cea26f2b068f452b95df100487bfd4c8caf87d2afdd5cf310a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
dd376149dcbb41716b0b75817e024f65

SHA1
3ef21fa75a4cc799c664c6ecd507424aeed96b43

SHA256
8759fa4805650f87bcd79331e5fde1bf45a4ed7da5b74b45c53b35e76739ecbe

SHA512
d6b60d0f0788b7c41cc438c32f6a9833b5cb83b24382eea106f9ed1d135e647afe305bf0e29c1122b2750b14a8a9a2fca4814f765b50e5c50a473f4999feefea

Download Submit
memory/964-1-0x0000000074D30000-0x00000000754E0000-memory.dmp

Filesize
7.7MB

Download
memory/964-0-0x0000000000720000-0x000000000072E000-memory.dmp

Filesize
56KB

Download
memory/964-54-0x0000000074D30000-0x00000000754E0000-memory.dmp

Filesize
7.7MB

Download
memory/964-55-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/964-2-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/2888-56-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/2888-6-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/3212-23-0x0000000000140000-0x0000000000674000-memory.dmp

Filesize
5.2MB

Download
memory/3212-27-0x0000000000140000-0x0000000000674000-memory.dmp

Filesize
5.2MB

Download
memory/3308-59-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/3308-36-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/4896-30-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/4896-58-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/5036-13-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download
memory/5036-57-0x0000000000810000-0x0000000000D44000-memory.dmp

Filesize
5.2MB

Download