837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9

Resubmissions

18/03/2024, 15:07

240318-shhkqscb9y 8

18/03/2024, 15:03

240318-se9j2scb51 8

Analysis

max time kernel
355s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gx-browser.js
Size

165KB
MD5

e276a501681746b6a8c8a53352ee754d
SHA1

8d1821e0ec5d967e36cb4969763dd3c63e4cc220
SHA256

837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9
SHA512

50fbbc879c24f13c85134d4713a66072eec6b8c37c60452f505fb624b85e94ef28530a2f1118be31936d503e3ab3af20398cab244ce87a056633c70d13afb393
SSDEEP

1536:WasZT/zlXf87fita72252wj+YSLct/xWpmgLODCcsLUazNcpBzaMB20AWiigzzoq:oL8Ly92YwNJ0PzDreFOHDlNDuG

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

pid	Process
5928	OperaSetup.exe
1120	OperaSetup.exe
5492	OperaSetup.exe
6060	OperaSetup.exe
3104	OperaSetup.exe
5100	OperaSetup.exe
3928	OperaSetup.exe
4168	OperaSetup.exe
6036	Assistant_108.0.5067.20_Setup.exe_sfx.exe
4044	assistant_installer.exe
5964	assistant_installer.exe

Loads dropped DLL 8 IoCs

pid	Process
5928	OperaSetup.exe
1120	OperaSetup.exe
5492	OperaSetup.exe
6060	OperaSetup.exe
3104	OperaSetup.exe
5100	OperaSetup.exe
3928	OperaSetup.exe
4168	OperaSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023334-468.dat	upx
behavioral2/files/0x0008000000023334-487.dat	upx
behavioral2/memory/5928-488-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/memory/1120-496-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/files/0x0008000000023334-500.dat	upx
behavioral2/files/0x0008000000023334-501.dat	upx
behavioral2/memory/6060-511-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/files/0x0007000000023354-535.dat	upx
behavioral2/memory/5100-537-0x0000000000940000-0x0000000000E78000-memory.dmp	upx
behavioral2/memory/3104-530-0x0000000000CE0000-0x0000000001218000-memory.dmp	upx
behavioral2/memory/5100-542-0x0000000000940000-0x0000000000E78000-memory.dmp	upx
behavioral2/memory/3104-543-0x0000000000CE0000-0x0000000001218000-memory.dmp	upx
behavioral2/memory/5928-547-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/memory/1120-557-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/memory/5492-558-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/files/0x0008000000023334-577.dat	upx
behavioral2/files/0x0008000000023334-581.dat	upx
behavioral2/memory/4168-585-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/memory/3928-592-0x0000000000C40000-0x0000000001178000-memory.dmp	upx
behavioral2/memory/4168-593-0x0000000000C40000-0x0000000001178000-memory.dmp	upx

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA	OperaSetup.exe
File created	C:\Users\Admin\Downloads\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA	OperaSetup.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	5928	OperaSetup.exe
Token: SeDebugPrivilege	5928	OperaSetup.exe
Token: SeDebugPrivilege	1020	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1120	OperaSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 2028 wrote to memory of 1020	2028	firefox.exe	99
PID 1020 wrote to memory of 3720	1020	firefox.exe	101
PID 1020 wrote to memory of 3720	1020	firefox.exe	101
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 3520	1020	firefox.exe	103
PID 1020 wrote to memory of 2996	1020	firefox.exe	104
PID 1020 wrote to memory of 2996	1020	firefox.exe	104
PID 1020 wrote to memory of 2996	1020	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\gx-browser.js
1⤵
PID:4552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.0.1441583666\1289312892" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fdc7cda-fde7-4c6c-9015-8746459e511f} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1960 24e482f2b58 gpu
    3⤵
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.1.979759592\2114466814" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a98cfcb-858b-4094-955a-c982e7228143} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2360 24e47c33858 socket
    3⤵
    - Checks processor information in registry
    PID:3520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.2.79112659\199031348" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0416b40f-b909-44d5-b5d4-a7510cf43060} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3304 24e4c19cd58 tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.3.1131450942\1285744000" -childID 2 -isForBrowser -prefsHandle 1084 -prefMapHandle 1048 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbca32f0-9ce0-49f4-96f2-3707aac74977} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3480 24e34471358 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.4.1655937348\784862406" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8925d09c-f27b-4969-9c04-278a9dbc9c49} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3772 24e4c797c58 tab
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.5.427925283\615940219" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4776 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c1fd32b-ce7f-4bad-913f-d5753f51d980} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4980 24e4e225758 tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.6.373690361\951523250" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5100 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d0fec1-56e4-4435-9b8b-41c3bfbfffd5} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5184 24e4e263858 tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.7.350628117\1868275497" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a137f8c-6f65-4566-a05e-76a5f7291a6a} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5332 24e4e262958 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.8.1551644363\367670975" -childID 7 -isForBrowser -prefsHandle 3060 -prefMapHandle 3576 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e6db014-54ed-456e-81fe-b59dfd1537a4} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3564 24e4c121e58 tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.9.1338646435\801818280" -childID 8 -isForBrowser -prefsHandle 3584 -prefMapHandle 4368 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83986cc7-2a38-4c55-88dc-10ce02b6d79a} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5024 24e5005a858 tab
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.10.89233703\1989894678" -childID 9 -isForBrowser -prefsHandle 10348 -prefMapHandle 10340 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd68963-428f-4b88-8314-12c73ffb2f03} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 8208 24e5040e858 tab
    3⤵
    PID:5484
- - C:\Users\Admin\Downloads\OperaSetup.exe
    "C:\Users\Admin\Downloads\OperaSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    PID:5928
  - - C:\Users\Admin\Downloads\OperaSetup.exe
      C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.29 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x753721f8,0x75372204,0x75372210
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3104
- - C:\Users\Admin\Downloads\OperaSetup.exe
    "C:\Users\Admin\Downloads\OperaSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies system certificate store
    - NTFS ADS
    - Suspicious use of SetWindowsHookEx
    PID:1120
  - - C:\Users\Admin\Downloads\OperaSetup.exe
      C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.29 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x73e021f8,0x73e02204,0x73e02210
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6060
  - - C:\Users\Admin\Downloads\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\Downloads\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5100
  - - C:\Users\Admin\Downloads\OperaSetup.exe
      "C:\Users\Admin\Downloads\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=1120 --package-dir-prefix="C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_20240318151003" --session-guid=06ffb3ff-97e0-4527-b5f9-c33545c2e4b1 --server-tracking-blob="ZDFjM2MyODlhZDY1YjczZWVhZmFjOGI3M2E4MmZhYWQ3MWI5MTBiMDRiOTYzNzcxZWQ2NDU0ZGJkNGZlZTBiYTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJmRsX3Rva2VuPTI2ODcwODY1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzEwNzc0NTgzLjI5NDYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiJlMzVmODBlYy1kNWY2LTQ3ZjgtOWFhYi1hYzBkZGZiN2M5OGIifQ== " --desktopshortcut=1 --wait-for-package --initial-proc-handle=C408000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      PID:3928
    - - C:\Users\Admin\Downloads\OperaSetup.exe
        
        C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.29 --initial-client-data=0x2e8,0x2ec,0x2fc,0x2c4,0x300,0x724921f8,0x72492204,0x72492210
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4168
  - - C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
      "C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      PID:6036
  - - C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\assistant_installer.exe
      "C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      PID:4044
    - - C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\assistant_installer.exe
        
        "C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x1160040,0x116004c,0x1160058
        5⤵
        Executes dropped EXE
        
        PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4112 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:6108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181509566825928.dll

Filesize
1.8MB

MD5
7b5907268b70ed9467619f0909f0ea91

SHA1
4a92b9ab51172597d754b4949553fbcfdb9580f2

SHA256
293de244bc4de8fd7c4be1b089d24b68272bbf0de6d7eeb99cb8a20ff75ff2d5

SHA512
ae9a80b8e026eeea582ceb8def5b2994db32a13479a06f560ba894bcc94eed4239d31fd3bf4a138c4f715b7b9b4f5f2f018c5b2fca515163d87ef5826d88a0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510000221120.dll

Filesize
1.5MB

MD5
a1edc43b1a815498caa0ea2ec353f96f

SHA1
ac566e998ea0c864b68f9d175925c0990a13661f

SHA256
6da0888ffb91569c0226701c0e1053b12be025434997c76f54e3b8022afbfe52

SHA512
ed5a02fb13156f53477dfd9e08016dd16cb1b094c243a7c3432c2be4fed4f80eed5f1618ee1827d0aa20c53f3e39699940057b892bab1c97200f9db7e01cf083

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510000221120.dll

Filesize
1.4MB

MD5
04ca3d241b2fe84c46227c2a61f217d5

SHA1
368a36e5b9209bbe6db043ff5a18cf58b74f78e0

SHA256
9513c90c43fe16a7c1ff4090e3ea4fc5052e8836d198d5997e49ac4fce4214be

SHA512
a9c7d04a68b215c190f790aa004a411d79648b657354feede073cfb39775cdb07318d4aa9f86ab00b4d976f70a5bb86b9054e381a985e78af1b91b8989c5f0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510005566060.dll

Filesize
3.8MB

MD5
2289d9fa2033bd67cfb2c2edc056b912

SHA1
dcdda064dbbf68d445914d7bb63cff90322f6628

SHA256
eb11c4d3beee91ce072d5e5576ddd37d1aa9eac999a4b681c620c38f7b1571de

SHA512
e0095b8fb876130e70ba2a3aee4453a927304cda091c9a183d9fc688efbac269cf312b88995585ff5e780c38202b1f50b3c1acb8974e05e3e20a44bc7fa47af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510006465492.dll

Filesize
3.7MB

MD5
e852935c859c31d64c6a5fa45b96e3ed

SHA1
71ec38959a6e5a5fe78296ba7477fa8d1a37ef44

SHA256
ce0621eff804fa01af7132d7a1f039c5cf89ae398b761dcfa53c5351c44df815

SHA512
d22b1c03ce6134db23807f2407fb6725accede529f24997f4950c27b45814fa4fd9fc195b821080c2a48ca3c5cabe803f892727acf5ff82480e5e2af592c7721

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510026583104.dll

Filesize
106KB

MD5
35d24b15c716c6c591b7fc4877e61069

SHA1
d48d8ed15f93c7e274a1dc6c6e10c455e07aa576

SHA256
9200250fa42f125ef6e9e8995e1d1ccda37c2572a7315893476a51b5f3b7cb10

SHA512
e905024cb593667b7175115a5e0a2a387cc6705b84b01f0300ea5f2cf42f7d1bfc4664bf41e4e044f3ba0700b7478f15fd9ebe95a88af92c2ccfeba85ee5ed93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510028475100.dll

Filesize
2.2MB

MD5
3f4fda301cd37deced201d4a0f10f725

SHA1
7c3b7b6fee3d72c3ee032ebd81328b84486528dd

SHA256
88a7b1165c670d13ee298d2334b3a62d635cc3f1817929025853228b89b13ee8

SHA512
8f2f799860ea646460431afd8d855681a1a20832e09f17a524a9c92703f30901c74dde5764d95b1993bf8cf717341ee25b08eca0fa0cfb4fd7f6d0179d36859c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510255033928.dll

Filesize
874KB

MD5
8715cc4f54a8de946a8d52c92bd5bb02

SHA1
118933610f2925ded15821c6ddcea2a7d9ddc384

SHA256
9449c253a324f0777b19322f788f36dd59f5fcf2be5fb6ac8e20db43f737ffda

SHA512
34b4da23cf8e216f7c95ea0cd4f952a6fa49147929e9aea4219c084186224f77e038da5cd58c5c97805c0e34adcd179eba50cc07ec915cb00f70732984ce0a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403181510257194168.dll

Filesize
704KB

MD5
632473e3ce451abcd9f9d4ce16f0dc51

SHA1
a3281933118a217754b3f8d56df88c1040f35faa

SHA256
5f2a91c4a2ba8b327920541c3166ee9d4c37da898d142f4aa958a9e60b3a68cf

SHA512
f569d0082ff5f26ecc3729668630e386b6d58137f1244b16e0c788828597ec63ba3cd94bd1c8fff7638f1703be045123a82dd6748a4ed32237434db704948120

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

Filesize
4B

MD5
cd0510df5909b616ab3cbbd78ac668ce

SHA1
707a962813d3b201cc1d4edc9e0956a2270bd94c

SHA256
9c5adc554ba55258732022facaed85950badab6ed3222576f32cf2666df9f04d

SHA512
aa001a7c10cef263fed5ce5e07f03594f075eaa02b2b4c436c0fe36fdda1ca176c6f896041d9644297e0718400baf9a2f0184375a46d77824ee9414bb6377775

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
9203fae6825a326c0f5b8d76a564aa4c

SHA1
d0c445c54b674285e3951a0b21fcc4ecb3edee18

SHA256
718978a154e1d36aeb2a67e86147db7c6b2e09f21c43b80994b02b1cc8488690

SHA512
e03939bbc178651f1f1e4201fa7651b9fed20abdc10b81565e8692d0e4c56734b9071bc36df0f4291bdcf9fbdc9f3a9d055e3fc190ec8e4a2b35e92fd03b0a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
857a20c453841cae13d144e9389d2c47

SHA1
33b726f6e648947b8c5ca1883ac03a6a7d5cbd33

SHA256
a04cbc9dc209d39ba96ee0546ea902fad17096ac08408b5102c5b5744131644e

SHA512
410b3683221b7695f87f3abc74ecd6ae1fa22089c1f511a82504c9fe5b6eaa66d81dba8fac548a9a822713b647cf0a1c4c549e078d2247e2c95a0acc73eaeab0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\424a8f96-5f85-4b54-b840-f06abbc34e45

Filesize
746B

MD5
bacba538f984f1eb05cb364c7724d807

SHA1
0de686ae6ebcc0ea8d986359bb7398682ad0a618

SHA256
cc7ab3b9c0ef38717f291247bc6e5e1ef60f2de75ecefa1b65b7f491a8aa1afc

SHA512
ec6c11484843af4bfdf360af8719ac7202ddfc6dbc4b34ff497f4a70d5ccfeb2b2ffe01fe4615565b2f2b20c487e0406fc848bb215c3098cc14f14f9bc54674c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\5a8dba11-95e8-4c4a-bb63-c5ab959acb88

Filesize
12KB

MD5
cf419ac5e5a4c2a43ea20ea7b8257e50

SHA1
7e3e654c3fb09e747b57109f87dfa491f9b8f6fc

SHA256
db0eb566f0c20b16fb372e29272a9233767f3665c5e049571173d40d137732d4

SHA512
dfbcbbd1556d2894814a6159f1a0a300856eeef865c8d2536125243b210d2fdd543c223ffa9a9d2cfef62d63db648bf985f0a9e6d4357ea74720792d8200511d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
7ac81b54838ceb54c857f68dd66303b9

SHA1
ce8903326a49d0b5044c6219aea9bb90e68583ed

SHA256
255efbad51c480b395af4a12bc4236ba0980ba897c25691970a52bf14bf65862

SHA512
83e411a070d18aeb762803e737313ca516103b4b5b50ad9f5f6868859b7609e8d0683a194b88b97480acbcaada47862b2f228271ec6c2d2ab0597cecc3a664b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
560a40850b42019263cafd1914f9f6b9

SHA1
db8d9abb5f83aebd46c91d6679f174783d2f0934

SHA256
2db98519eb9441e816e3f8bc5c7a487df6b771d6529485016a82e86f298bee30

SHA512
a6acd1f013ca292b5df3b218bd7c547b7d1f0202f0c42c00deb914f739a99095c86f53076f65217ef26622633b9b751ce6115304ec5a1875747f27ddec20dd01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
73df44450e8f8bfd28df95ff751fa7a9

SHA1
f66c7a9031556f5289e3b6b0422ce3efe51e3a43

SHA256
e8f2bb4eda4d83a356d9563ddbf8ab6efba3ddcf99698c2856613671372cf134

SHA512
44459494d5ac44569b13070c184687f52c3a788c8dad1a0ac909b6ed520a4690d358f27740ec7e606269236b94f368096bbe667495dee3610e0cd8e7d5aea585

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4a2441f9bb7b14835d38deac06b1e215

SHA1
d1a3b05459635b82ea2fa142a07ee1fd3858cd4e

SHA256
0520f63d511ba60ab9816eb9671153078e4c812e46eb7517570a42b09848e36d

SHA512
eb49b2ce34472a15af50fa124d0af821c062a089687164088e633d3778633f3a2f5176a18b8aab5aee1d231edd11ec129a5a200d07cd3c42fd70cd420d809a89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
26a87091a7d5740648399c131beb247d

SHA1
7cd890b88130320688ab59fa5c5cf7257fac1e6e

SHA256
be1dad3d4dad199c7bf4dfc3712b14f33f363e8cd621a42ea318e9b332fd3408

SHA512
581b92ad2e65a18be7b12ce32f87a75af9573afe304bee9b4398c279dfce767385c201ba1546382a00805edef7ff8cdc979ba0883ae41c3835081cd7a0c06c84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
908be76d3e5d58dc1be34e20da708096

SHA1
0bef5cfdbfedade1d8e70782005466f3535cdd4d

SHA256
90110b16ee149c15aad06c0814db268466c8447ab13275f5a9289bc3723ea181

SHA512
c995a6ceca716b4db88ae7e7edea70a30c44a24c7bfe341102618ae02a5de693309a3981bd94a3870ead1ab5032f0bdee17bfd460cf1c0a296fcb5657931e99e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f3fdd1f4b957b55b0a36c563c4645152

SHA1
5276ff182727c134f0168251aae6acaf3db14046

SHA256
190874dfe01a2625ff85032f3734e50963b46c5769474c63e66ab05b9e5527a3

SHA512
795b96bb1853ef3c0ad55cc296124c5e364beb75d5f54d96473bc024134afe0b06b5f8d4b44e1688722fdf4d45e0fac8254c62055c1d26b8d8e83c3a1c2aabae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
efba5a121c46585a21fb6c049debe0c8

SHA1
831f751d568f1c181ce53700fc2f71cf2628f120

SHA256
a42bc9fa51d5f9f956aef944c0ac5d8a1d9e5df88a2abc785ed871f41fde9a46

SHA512
a4333fe20056f0ebfaa2ac4532d2b98d36b12abf79f453a1fcc5087732d15c2dde7481f725c5b77edc3741a685256244b0d6004f48cb9eab857ecc66d798f866

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3ab0b1111cc227e2887c18af794eb3df

SHA1
21fbcb9b04d79e38eda0875b8f31b3f3284765cf

SHA256
c656cb7713d2dded02469e258fdd6b380ad1e6f8dbc1b655244a75ed3e402aca

SHA512
7dffe77fa827f6b3cc4b2da40322e886de79ec127f2df30f94d7e3eb6d83f861911cccc36103f890a2899c3c7dac67af135ae00c69c0066cee10369803dca7a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
a2fecba1f9359f1176a4dabd0323e42e

SHA1
7011eefdad27ab393915e9257c25eb4b8d180ce8

SHA256
2ba6f5a027637878702b0bc2e99c4305acbd532d680431c5d197dfef74bff0ed

SHA512
e90c859f759a73059814c11485808571869c58113ec0237451a76a2d2a38cac1b8e34dbfd00d66faff6188a9c403cdf525369ec77ce2270631d89544a5c58b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
167180157003ee5d2c17587d46e21537

SHA1
12814bda053f047b773636b6def69ea0c76bae27

SHA256
c5cfe341db1de186a5ad66112a7de326a14129853e91a3d402c4936b818c43e4

SHA512
4d0156bc04451a14661c4b7757848dd01fd79661739b2281dfbc7da0571c4d8e4c6c4999138774772f2b542bc0419239f97450bee6f94675a4a24158db7b2f77

Download Submit
C:\Users\Admin\Downloads\.opera\Opera Installer Temp\OperaSetup.exe

Filesize
64KB

MD5
10a688312ab39b7d8710ee17e8b038f7

SHA1
397b6deead63fd865ce0166be433ad1a104fabcf

SHA256
77d29a7daaad3aeccd8be31c8ea995e57cb13acb050f071b81a89601e269342d

SHA512
b09aedcda74e989519f5d47c99912c85c68d2dd1f373affde8051a2ad085eab5be4e5dde96050eb5747b9b6aad5b850060bb05688a651d8be3f31d534225f2aa

Download Submit
C:\Users\Admin\Downloads\.opera\Opera Installer Temp\OperaSetup.exe:Zone.Identifier

Filesize
268B

MD5
eb038f7aed54a88695e4bf704aa0109d

SHA1
ffcf6c7b236a3856668c808f3e28e87711ce840a

SHA256
a27e0249e786c66d71eb89a7fde25d70e775aeb8dc6287665ce6d00f1d3b917c

SHA512
51ca2bcf5a45feca155765a14fa62b25e8d1e36eba136dc9a32cde0c608ce2d71fe694fe186da6074281f438a6049e6bae5e41c4c0c9dc0f04394d20edb1fd3c

Download Submit
C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\additional_file0.tmp

Filesize
2.5MB

MD5
20d293b9bf23403179ca48086ba88867

SHA1
dedf311108f607a387d486d812514a2defbd1b9e

SHA256
fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348

SHA512
5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6

Download Submit
C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
b3f05009b53af6435e86cfd939717e82

SHA1
770877e7c5f03e8d684984fe430bdfcc2cf41b26

SHA256
3ea8d40fcede1fc03e5603246d75d13e8d44d7229d4c390c39a55534053027f7

SHA512
d2dee80aaa79b19f1eb1db85079a05f621780e06bfea9e838b62d757ba29399f9090ec7c6ff553377c9b712f3ba8dd812cdff39f3e28829928e86746a8ac6b27

Download Submit
C:\Users\Admin\Downloads\.opera\Opera Installer Temp\opera_package_202403181510031\opera_package

Filesize
2.3MB

MD5
d2c2b3a4d9c8e6edc12ba2541196ab3a

SHA1
5996e6e47081428677aae09ad8d2131f0aadb774

SHA256
34f4dafb76ad4d84ca011af3a0ad34bc3b5f326ceebd2610e93f2416789cb521

SHA512
7b6c908a50c3d8b25eaed6dfd5e09f8a4de030584a6ed83a2fc7d6ef7e363e0159232a8b35005a62b9bc8f47ec630316313aad710e19181ecbe1815d3798aae6

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.8MB

MD5
87b62719e198a93f3656a8f65e625adf

SHA1
24118df7469297a93baded938cb95cfd9f7f01b9

SHA256
f315753d1e39f59841e051b1990a572087d806b323ed90663348f05c91404af6

SHA512
4ae4f489d9ae8c38cb745eebbb9a51fb85aaeb7c35ffc73e731a9ee0e0febfc1efc78ce3504081678f550a4e9b1186a9849c6579bf18b42da871a4faebd67f37

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
448KB

MD5
5b4e72bb5347563af6e3765d55175248

SHA1
c4f86e044810b379526dbc363cfc0b31e7a294a1

SHA256
22c5dedc57a248533eff1ce6e56c8ecbe11a5a8b86099eb9c22efda93ea76570

SHA512
b06e153c734cb90531607964a11fce8510b4eb78bf2a515a5c099517e74970a549471c76eae5af9cec81c27912dc0d70713a28961603fae7a0c09b1b37b19c62

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
473KB

MD5
503ce9c628c108c4d76007654cef9904

SHA1
c865590814e57a09b461a747d2bb2eb7f6063bf9

SHA256
9510556452bfb4a8e515dce90d646a27485dfc5e863f784ec277f5290c0681e3

SHA512
c538c84182347755f19e003e52188ff69cceb1f828c8279c3f806d6e095632ed6d8a9f3143b08408e933e0ea595d9e5da703cd0521889bc18acc20552d1c235e

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
1.1MB

MD5
001ac1e03887a0065f966527d7228459

SHA1
9530e6e48d3a5e19b0d9a1b7eb5195eb138cc8d8

SHA256
c7d13c8d5db23718fcd6331cf1fa1bc9fc9fcac914bb60e5479f4c0ec6cfbae4

SHA512
5e1784048ce96448c2d268c57b1090768a2262b51a84f7698a6ae5d1341bdb204e829c39b8e9259f719f3cc8fa9be09d94af49bb4c6afb06567497ddc8259f62

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
512KB

MD5
6739240124e7acef865134262bf58017

SHA1
0d34eb8146ab5311d52dfac49c1fdffa55d79f15

SHA256
858c062609cc9cecebe950353d1b0e03b90c2913ed070c09d4e45b73d84bfdeb

SHA512
8d7df1eb2daae202d89cc2d7ff79e1bd1aec9b88b7e7d6bdbb583434026c56852a131cca9dd644f85514bd433841f93465456929ed38072fc0d1f4f4506e14f9

Download Submit
C:\Users\Admin\Downloads\OperaSetup.uohabL_f.exe.part

Filesize
793KB

MD5
6a93847fc8ad46ff027e3d1c5ed4d1f2

SHA1
0e7e2e127594b7c811c62cb4b186f8b55d8b3c46

SHA256
39a0c7e6ba7b5cb0c0c01d863ea906918d4907d3f63ffefbad45f2b81aa84de9

SHA512
bdd955a2ad713e77dca8d1e0ef55745062d1ecd1973583fec450833bd816b3b5126d762ddc03fd5205581cf79c00c914750ee542d88a6fda9b6a6877ccdbf86f

Download Submit
memory/1120-496-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/1120-557-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/3104-530-0x0000000000CE0000-0x0000000001218000-memory.dmp

Filesize
5.2MB

Download
memory/3104-543-0x0000000000CE0000-0x0000000001218000-memory.dmp

Filesize
5.2MB

Download
memory/3928-592-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/4168-585-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/4168-593-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/5100-542-0x0000000000940000-0x0000000000E78000-memory.dmp

Filesize
5.2MB

Download
memory/5100-537-0x0000000000940000-0x0000000000E78000-memory.dmp

Filesize
5.2MB

Download
memory/5492-558-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/5928-547-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/5928-488-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download
memory/6060-511-0x0000000000C40000-0x0000000001178000-memory.dmp

Filesize
5.2MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads