Analysis

  • max time kernel
    663s
  • max time network
    667s
  • platform
    windows10-1703_x64
  • resource
    win10-20240319-en
  • resource tags

    arch:x64arch:x86image:win10-20240319-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-04-2024 08:55

General

  • Target

    https://oxy.st/d/KAKh

Malware Config

Signatures

  • Detect Umbral payload 3 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Downloads MZ/PE file
  • Drops startup file 3 IoCs
  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 9 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.st/d/KAKh
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaac1c9758,0x7ffaac1c9768,0x7ffaac1c9778
      2⤵
        PID:2056
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:2
        2⤵
          PID:5096
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
          2⤵
            PID:1268
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
            2⤵
              PID:1028
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
              2⤵
                PID:4328
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                2⤵
                  PID:2260
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                  2⤵
                    PID:492
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                    2⤵
                      PID:4444
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4680 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                      2⤵
                        PID:4912
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                        2⤵
                          PID:2392
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                          2⤵
                            PID:4076
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3800 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3560
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                            2⤵
                              PID:4672
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                              2⤵
                                PID:3988
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=164 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                2⤵
                                  PID:1020
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=948 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                  2⤵
                                    PID:3768
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                    2⤵
                                      PID:4724
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=948 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                      2⤵
                                        PID:1576
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                        2⤵
                                          PID:1512
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3608 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                                          2⤵
                                            PID:516
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5588 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                                            2⤵
                                              PID:2320
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2872 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:1
                                              2⤵
                                                PID:4736
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                2⤵
                                                  PID:4116
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2828 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                  2⤵
                                                    PID:1836
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                    2⤵
                                                      PID:2664
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3596 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                      2⤵
                                                        PID:1608
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4776 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                        2⤵
                                                          PID:2380
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1748,i,17834819337609850306,340886058622237552,131072 /prefetch:8
                                                          2⤵
                                                            PID:1824
                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                          1⤵
                                                            PID:3088
                                                          • C:\Users\Admin\Desktop\Emperor.exe
                                                            "C:\Users\Admin\Desktop\Emperor.exe"
                                                            1⤵
                                                            • Modifies registry class
                                                            PID:3948
                                                            • C:\Users\Admin\AppData\Local\Temp\bolls.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\bolls.exe"
                                                              2⤵
                                                              • Drops startup file
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2892
                                                            • C:\Users\Admin\AppData\Local\Temp\Saransk.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\Saransk.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:3228
                                                              • C:\Windows\System32\Wbem\wmic.exe
                                                                "wmic.exe" csproduct get uuid
                                                                3⤵
                                                                  PID:4316
                                                              • C:\Users\Admin\AppData\Local\Temp\xray.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\xray.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1308
                                                            • C:\Users\Admin\Desktop\installer_29374.exe
                                                              "C:\Users\Admin\Desktop\installer_29374.exe"
                                                              1⤵
                                                                PID:4392
                                                                • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
                                                                  "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --silent --allusers=0
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Enumerates connected drives
                                                                  • Modifies system certificate store
                                                                  PID:2492
                                                                  • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.38 --initial-client-data=0x298,0x294,0x2b4,0x288,0x2b8,0x72a9e1d0,0x72a9e1dc,0x72a9e1e8
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2288
                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:1688
                                                                  • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2492 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240411090112" --session-guid=61b5560a-c84c-4bb4-a564-6af982a250e1 --server-tracking-blob="N2VmZjVhOTg1MGFmMDA1YWE5NWRhODg0OWUyMmM0N2NjNjdjYmRjNTRmN2QwMmZmOWM1MmFhNmM3ZTA0ZGQ1Zjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPTEwMDEmdXRtX2NvbnRlbnQ9MjkzNzQiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTI4MjYwNjcuNDE3MiIsInV0bSI6eyJjYW1wYWlnbiI6IjEwMDEiLCJjb250ZW50IjoiMjkzNzQiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjQ0MjQxMzczLWU4ZGMtNDRiYi1iM2M5LWQyZGM1MWRmYThjYiJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=AC04000000000000
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Enumerates connected drives
                                                                    PID:2180
                                                                    • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.38 --initial-client-data=0x2a8,0x2ac,0x2b0,0x27c,0x2b8,0x6fdae1d0,0x6fdae1dc,0x6fdae1e8
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:1320
                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    PID:1240
                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\assistant_installer.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\assistant_installer.exe" --version
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2232
                                                                    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\assistant_installer.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0xd90040,0xd9004c,0xd90058
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:3244
                                                              • C:\Users\Admin\Desktop\installer_29374.exe
                                                                "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                1⤵
                                                                  PID:3036
                                                                • C:\Users\Admin\Desktop\Emperor.exe
                                                                  "C:\Users\Admin\Desktop\Emperor.exe"
                                                                  1⤵
                                                                  • Modifies registry class
                                                                  PID:4024
                                                                  • C:\Users\Admin\AppData\Local\Temp\Saransk.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\Saransk.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    PID:1408
                                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                                      "wmic.exe" csproduct get uuid
                                                                      3⤵
                                                                        PID:832
                                                                    • C:\Users\Admin\AppData\Local\Temp\xray.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\xray.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      PID:2904
                                                                  • C:\Users\Admin\Desktop\installer_29374.exe
                                                                    "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                    1⤵
                                                                      PID:2092
                                                                    • C:\Users\Admin\Desktop\installer_29374.exe
                                                                      "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                      1⤵
                                                                        PID:4776
                                                                      • C:\Users\Admin\Desktop\installer_29374.exe
                                                                        "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                        1⤵
                                                                          PID:4016
                                                                        • C:\Users\Admin\Desktop\installer_29374.exe
                                                                          "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                          1⤵
                                                                            PID:5104
                                                                          • C:\Users\Admin\Desktop\Emperor.exe
                                                                            "C:\Users\Admin\Desktop\Emperor.exe"
                                                                            1⤵
                                                                            • Modifies registry class
                                                                            PID:2908
                                                                            • C:\Users\Admin\AppData\Local\Temp\Saransk.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\Saransk.exe"
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              PID:1796
                                                                              • C:\Windows\System32\Wbem\wmic.exe
                                                                                "wmic.exe" csproduct get uuid
                                                                                3⤵
                                                                                  PID:4628
                                                                              • C:\Users\Admin\AppData\Local\Temp\xray.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\xray.exe"
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                PID:5048
                                                                            • C:\Users\Admin\Desktop\installer_29374.exe
                                                                              "C:\Users\Admin\Desktop\installer_29374.exe"
                                                                              1⤵
                                                                                PID:812

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                55540a230bdab55187a841cfe1aa1545

                                                                                SHA1

                                                                                363e4734f757bdeb89868efe94907774a327695e

                                                                                SHA256

                                                                                d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                                                                                SHA512

                                                                                c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

                                                                                Filesize

                                                                                230B

                                                                                MD5

                                                                                0789f2c442d03c40d65806e3c5a4f5bb

                                                                                SHA1

                                                                                ba4aa2aa47018758648084da81e880df90791d22

                                                                                SHA256

                                                                                e192bac31f2e1148a16eab78a6ca57aedb1785318c4e14ffe67d79c2cd414eb0

                                                                                SHA512

                                                                                6d829d89ae06f13084f6d3f815a7cb4729862c8aee3998ee4bbd262614af6bc62b0c04a1b9abde0a19d6ff9bda9141df44fc4dd94352e4e77c054a90480fc56c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\59d01e55-c8cd-492c-b627-0b66995032c9.tmp

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                7213e0224b61733961392f8af295d735

                                                                                SHA1

                                                                                19433c8d18884be242bb61a63d44bb2c872a0800

                                                                                SHA256

                                                                                c44aafdb081db5bf9a06783a16d1f5e36673e47459172a537d6e63db26a02a61

                                                                                SHA512

                                                                                9a32ee68d0d2bde11f8cee39b242d57f4c68939eabd2a26b8080178fc9f2fe646f1dad0464d0c9329e341abaa21ecf1dfbd9eb32bfc0ce11f17171db0ceec42c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                864B

                                                                                MD5

                                                                                e5968b8acbe132d5610aa8dc4a415ef3

                                                                                SHA1

                                                                                90a12ea376854d18efc91f1c3534aea7be78d72b

                                                                                SHA256

                                                                                74fc913605f9730ffeecb75dc4cf2b74f7a44fecc11d48cc17ccfbe08615f218

                                                                                SHA512

                                                                                43d449cdb99c8c7a45c24be2351f3db80f09e81d09a2f7ee2b49ddd602554428b88702e3103c1a2b84ffb421d40668d662374c9a50defcf277856c87dd0ed726

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                528B

                                                                                MD5

                                                                                9b422b39b4d9d44862521c9563f9ac59

                                                                                SHA1

                                                                                6af1e437f943bf3fb4af8580f7b3ffe25c0b2d14

                                                                                SHA256

                                                                                b7626ab7b07f2e902db4ffe8d9bb021dcf22b815a5a06e43a20b5dd8a7af3380

                                                                                SHA512

                                                                                bde390bc0f0ee1d16a12551df253da28cbcf6b722acdba8bc2144a159e405c0f7991b5393f54f5d45d6242b14eb53648e968de3948bbbdafc9a86b0347dcea6a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                46295cac801e5d4857d09837238a6394

                                                                                SHA1

                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                SHA256

                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                SHA512

                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\MANIFEST-000001

                                                                                Filesize

                                                                                23B

                                                                                MD5

                                                                                3fd11ff447c1ee23538dc4d9724427a3

                                                                                SHA1

                                                                                1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                SHA256

                                                                                720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                SHA512

                                                                                10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                221b6837b7062e4f02076c2091a5e393

                                                                                SHA1

                                                                                489e7d5d7a799bcaf7a75e3e20a796a9b3a852f9

                                                                                SHA256

                                                                                73d7209bac97c640ea181668b5f21c6fcd02e451763a3c946732d8ccb053d2db

                                                                                SHA512

                                                                                53c331b3796f0bda7bd5eae5a6062200f346e0b170f41b6adff71cfa653050fb5c7d05a4c8a60d90d7558372e75de1fe9802f66d00eed14496918dbadc4c6398

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                53a02ae36dc8662117983edf1422d985

                                                                                SHA1

                                                                                680190c73945fe838fa91e31d1155089e8369045

                                                                                SHA256

                                                                                7c1fa12f9dc55237df6acfe13901253e0ed3e27441e99ee461dce56c49609398

                                                                                SHA512

                                                                                22a633b0636bda61acbf1f8f98c5868c70681221bba21c5b12c20ca6e9a5ebd8ae52dd6238dc15fc7f491df8a111c57cef6631ec0f901f31005b097dac9faed7

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                fdacd2032a7ae176c2a74824b038b6f3

                                                                                SHA1

                                                                                84f10594245feb91857eec08b89c11ec90d94dff

                                                                                SHA256

                                                                                2ec43406676a5d6ae686795ac4c0d24f3fe3a377a6466dab16d3af81ff5a2caf

                                                                                SHA512

                                                                                9fe561226a6af8ce44140b95b4a0d8e9727db8ffd88ab2cae759329a1f947d824e43efb963b57e10c073048812a49f2178bce6f6b4e665551a8746530a364dbd

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                5758804f6db3cd9827b7377875c88de0

                                                                                SHA1

                                                                                5623d4d9767d940d735c9651a9668cefbf449336

                                                                                SHA256

                                                                                e5bcdea8a30a604555f8db999f1c8bf35cf0dc616ded6a8c3542d7587f3f6d75

                                                                                SHA512

                                                                                421098f1e66dd847842db019844e8f1ac4c360863863f4db873e43b46c047d48b83b5e0c70d6b5643c9a7636310fe547e313ef4bd683b8bc9acbcb5458f46a02

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                ee36dc4c49ea83decd7c3a0485d2c877

                                                                                SHA1

                                                                                298c7a5bae1bdd914d5bb36d8d0561014cd4dc02

                                                                                SHA256

                                                                                c43f07fd7c57f6eef157c100f57e3a21aa2ecadb8560fa09864b80a9e8fb09bb

                                                                                SHA512

                                                                                4032992c53161baffaa2303c43ea586522893788d8d1a2f06ede044e48d039fcf89f1cf04df2f3f18a787e10dec6f001a4a4fa4ce221d1697b3f802addbf165c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                e1ee9d7401a3b85427ad686eebda5696

                                                                                SHA1

                                                                                7f9d4e69b3596f3e494f6b50ece14655330cdbbd

                                                                                SHA256

                                                                                6aefd82103685bfa18eb56bdd55b67b8f6d20cc69838c051f446fb6793661474

                                                                                SHA512

                                                                                4a9a6f449467666b7c6c3ec56b90dce518fd5fa838cbd3da9ffddb18fb3154e47f05406769f5f76a268a644a617589fdcb25543b513f44bfb05f6f2afd75235e

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                aae40447239e8b3ff6adfc12143a3bda

                                                                                SHA1

                                                                                fe7a4ae7b5afd058de822d310767ba0a91e16bff

                                                                                SHA256

                                                                                5abaac058a520cd33635f5cc55507cac76b08f72197b32a885b198111bbb8dbb

                                                                                SHA512

                                                                                d4000aa88b38c7905fb7cdb8fe1279b5dd5cd8b8bea6c6487bc27139cc6f584bc3fa1276e6ed96319caab5b7741a8599211e4201f4aa4b7d88d3f6058b4603a6

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                a93055955794af67484be40a51c8210b

                                                                                SHA1

                                                                                3b6ca9fcfd88e933389ef9d42c8b7fceffc6ee80

                                                                                SHA256

                                                                                2648cebc6384acae6460efaf8707d36bc2c6eb1268f5cdab337d8a112dae8b28

                                                                                SHA512

                                                                                8f33cd6ad989ccfc3f6a46cb81ab81628c29aeb4de3a0aa1d331f2b16dac1b150cad778b8b4359d4643812051070ae972d1996f2430e96dd4562bbe361e7295c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                c65985764fa9ac910bb031c31d10961d

                                                                                SHA1

                                                                                a7cccfe23810c81a8eb559da5b504077bce990dc

                                                                                SHA256

                                                                                3bd8bea65ba140a9a3181d382fbba4d1ef6557b6831afa6ca31d234431e32cbc

                                                                                SHA512

                                                                                15693dae1591239604a62f8ea487412ad8e0653fdc63af8a5dd99f68de6a38fb8f2f26faaec5328f5c45959549a55584177fa298c3861b6f91e88c7fa996f0c3

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                1e0566c02eeaac58ece439f417787baa

                                                                                SHA1

                                                                                ac0ed45ccd93bf002542feec5008912d44eb8317

                                                                                SHA256

                                                                                adcd158b45ced2400017c48de08dceb2102114458ec105c4ec43744c3168e990

                                                                                SHA512

                                                                                ffe2ff65ad9b0bdf8a0421b046151a9dfc64bba01b8bbb1f0d8516569ef1084b38c307a6907438f0cb5e2a527b9aab54f507c2f5d0320f9aef3915c5530b90b4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                6e52f58a712101de91f634a6fab8b2b7

                                                                                SHA1

                                                                                284f5e56dddfa260570027cb7efc511f8a0e02e4

                                                                                SHA256

                                                                                7aacf55efe7278f95229d75894e50cf9934d168f7fb03c11655721a70de0032a

                                                                                SHA512

                                                                                6ace14b11d8f47bcc409421aa87f0c83c0f8b6cd2d532ff97daf93d0234422b11d214d530128e674caa8ac76760b0b10248739fb6bb7df72c6049756d0f41c25

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                3fd9cb052d9e295d7da3087571d8e9f9

                                                                                SHA1

                                                                                19dac15532b700bb3f6e6307682f4dac0e579da4

                                                                                SHA256

                                                                                6804392597852858cc7425f6df8a462b05674a580d9c0943e9892ebe06815ef0

                                                                                SHA512

                                                                                ca2dfe7cee467b2ae176a2be13c7600fa3919e404de56c3ce1a96dbab1a0ffc5dadfe27027fb121beaf6c9da88578883e14c58f2a72b4525b1905d3819b4484d

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                453c52084cb2c933874beb115cfa3646

                                                                                SHA1

                                                                                a09db1a2e63cfffd39c8620a3bb4e625a865d121

                                                                                SHA256

                                                                                bded838cc47d178afc1ca594d842ce0eb8330b6498c7c067ea44f587f7e976e3

                                                                                SHA512

                                                                                c2d9405cb44ba1541044585b34562b9791c1a9f551780e6eaaf623eae52e41a121ea94f983e442942a685bba91c087cd4c0fa7ce3adb4bd32c26522d77d6349c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                dce5aff2ca45216beb9ac36efa0c56e8

                                                                                SHA1

                                                                                655029ce7f2d7818a11379fe3de07fbd9e2b1725

                                                                                SHA256

                                                                                a00bd94601f537d5d20d174c2b5919abd36fc5c8a705f3d276e87143ee2d0d6e

                                                                                SHA512

                                                                                eb039bfa067a1bce51c21814ee2b4a4957e08b658a0c84dc3510ba68edf99d3bff3f40e3911785d0a70cf261c7afd20817a16e28e14324c6a93ccf4b20010f9e

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                035d2570058b2a545a49490efcd171bd

                                                                                SHA1

                                                                                a66d6d0c29aaf1025411c0860594dbbc4a016972

                                                                                SHA256

                                                                                42a7c23436b31e62c6258ef1a1f1aa3ab99bc09a1fc51dbf81b6125c95971cff

                                                                                SHA512

                                                                                7cc592bfb70997e887e95e0035e8db557b95da707d5a279258cc965f754761b7dd9c00e7e715cda46fa4551efbd4d3c26fe428ce85c1c3a96b9341b098fc85a8

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                Filesize

                                                                                105KB

                                                                                MD5

                                                                                8b58dbe2543c3b5206e60f53ef254288

                                                                                SHA1

                                                                                c5e301b5fb62c4d291c0c14252538eee8d27ae30

                                                                                SHA256

                                                                                6ba09f6449d8444ee116d0ec7b7e975076df268c1761cd64e202077e40f13d90

                                                                                SHA512

                                                                                e58b224f10a1de721e54acaf8650f19c877bd5e09943a2bdd0b1d69bee248ed01071e4b28b1977ec4b9a03b440e9d981bcd2bd7e018fd7950a00667d073b3491

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b1a5a.TMP

                                                                                Filesize

                                                                                98KB

                                                                                MD5

                                                                                9ea6b40978a2699db6d0e58ea473b8ec

                                                                                SHA1

                                                                                50441573a66d6be4a5b83e8ecb4746cbfabda2b7

                                                                                SHA256

                                                                                290b2910f6c245d12114314a262d8dd9b5c790856765c9b8736bbaf5dc62df2e

                                                                                SHA512

                                                                                4749895e9488916f77e42f838eb11ceae3a64c458769d5d2820fc9f9787725c4c01a256cd0d8909ab6e6f0a18cd4f8edc8de1cfcf82ff8679ddfc24667ac9ef4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                8144b28162e5ed1fc1473aba4e764388

                                                                                SHA1

                                                                                1121f274f006343b37a5f34c33077a5b6057d37e

                                                                                SHA256

                                                                                8522a41e48f4cb9840406d978897395d4bb01eb3bdadb15431528c0a1e21f52d

                                                                                SHA512

                                                                                dcc3a917a4db8e4f9240dc2e0a1f110555ef0ff884ba5008c15d666c45011b24bdade32ff4234c692c30bcd7c018daf38c49dc4a7140145255484fb26d701c31

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                99914b932bd37a50b983c5e7c90ae93b

                                                                                SHA1

                                                                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                SHA256

                                                                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                SHA512

                                                                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xray.exe.log

                                                                                Filesize

                                                                                319B

                                                                                MD5

                                                                                63d5e381c73f51d67f146673b579e1e2

                                                                                SHA1

                                                                                f19bdac1f4240ae47c21b67e0cae827696e69352

                                                                                SHA256

                                                                                5b0f01dfcbb68a865042f6456c0861fa616f6b32886cec3acc07df6c22e0fba2

                                                                                SHA512

                                                                                cb6b0c3235a082b605d8d0a9cb567099db8026ddc4266ef3148412e49348135c0cc4b752d9212578914f30ef6b9ce4be21d5ee76fcc3ead5c84dd940f74b9611

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Saransk.exe.log

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                53ea0a2251276ba7ae39b07e6116d841

                                                                                SHA1

                                                                                5f591af152d71b2f04dfc3353a1c96fd4153117d

                                                                                SHA256

                                                                                3f7b0412c182cbdefb3eedafe30233d209d734b1087234ac15409636006b3302

                                                                                SHA512

                                                                                cf63abfe61389f241755eef4b8ed0f41701568b79d1263e885f8989ce3eca6bf9f8d5805b4cc7304aaaa5c7e14122b0d15bd9948e47108107bbb7219fd498306

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe

                                                                                Filesize

                                                                                2.5MB

                                                                                MD5

                                                                                20d293b9bf23403179ca48086ba88867

                                                                                SHA1

                                                                                dedf311108f607a387d486d812514a2defbd1b9e

                                                                                SHA256

                                                                                fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348

                                                                                SHA512

                                                                                5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\assistant_installer.exe

                                                                                Filesize

                                                                                1.9MB

                                                                                MD5

                                                                                b3f05009b53af6435e86cfd939717e82

                                                                                SHA1

                                                                                770877e7c5f03e8d684984fe430bdfcc2cf41b26

                                                                                SHA256

                                                                                3ea8d40fcede1fc03e5603246d75d13e8d44d7229d4c390c39a55534053027f7

                                                                                SHA512

                                                                                d2dee80aaa79b19f1eb1db85079a05f621780e06bfea9e838b62d757ba29399f9090ec7c6ff553377c9b712f3ba8dd812cdff39f3e28829928e86746a8ac6b27

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\dbgcore.DLL

                                                                                Filesize

                                                                                166KB

                                                                                MD5

                                                                                8b6f64e5d3a608b434079e50a1277913

                                                                                SHA1

                                                                                03f431fabf1c99a48b449099455c1575893d9f32

                                                                                SHA256

                                                                                926d444ffca166e006920412677c4ed2ef159cf0efc0578cb45b824f428f5eb2

                                                                                SHA512

                                                                                c9aeac62ece564ac64a894300fb9d41d13f22951ead73421854c23c506760d984dff0af92bef2d80f3a66e782f0075832e9c24a50ae6110d27a25c14e065b41c

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\assistant\dbghelp.dll

                                                                                Filesize

                                                                                1.7MB

                                                                                MD5

                                                                                925ea07f594d3fce3f73ede370d92ef7

                                                                                SHA1

                                                                                f67ea921368c288a9d3728158c3f80213d89d7c2

                                                                                SHA256

                                                                                6d02ebd4ec9a6093f21cd8ccefb9445fa0ab7b1f69ac868a5cfc5d28ed8d2de9

                                                                                SHA512

                                                                                a809851da820d9fdd8fb860a8f549311dcc2579df2c6f6fba74f50d5d8bf94baa834b09fb5476ac248f18d1deb6b47d4fdd6d658889d5d45ca8774a9264483d2

                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404110901121\opera_package

                                                                                Filesize

                                                                                103.9MB

                                                                                MD5

                                                                                f9172d1f7a8316c593bdddc47f403b06

                                                                                SHA1

                                                                                ed1e5a40b040af2c60ed6c2536b3bf7ee55e0e52

                                                                                SHA256

                                                                                473f0d4b886db8cd39b900b92bdc0625a3fcec8addd43f71179696bdf186ec3b

                                                                                SHA512

                                                                                f51ab2bdf29ca6839e4f7cf1fac1bdfc03ba2da4569a8f21e5d2ee13e6519097c3da40bf0b4ca7642286ed033d0126bbd14ef7842eb9f2db1d6e503849521b02

                                                                              • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

                                                                                Filesize

                                                                                5.1MB

                                                                                MD5

                                                                                d4ee2d74f74f6473f55eff3784108643

                                                                                SHA1

                                                                                346ccb5eeada519a938eb4e65069c89e5e76566d

                                                                                SHA256

                                                                                40d2eebdcb1bc0d8b5b08b4f0dfdbd9ac3c1b55b8cf1b36dc52c02190a7f313c

                                                                                SHA512

                                                                                68c8ec27e304e23798fac59c2b394e352168e1151b4f3ed2146cea82d8b47d8c88a3c821bcb7e57d3a4bc188abddcc669b5baa095158abfe0f2c92fb9cd2d44c

                                                                              • C:\Users\Admin\AppData\Local\Temp\Saransk.exe

                                                                                Filesize

                                                                                230KB

                                                                                MD5

                                                                                380e359155e1e7e7fb63b4cc404f7d43

                                                                                SHA1

                                                                                9cf1b689be708ccc1efd3bd8f2c204871d1a9083

                                                                                SHA256

                                                                                87716661c7f573415e59bf07f8b609c7a9783f390116cc2ff5ac5f6d67d96c9f

                                                                                SHA512

                                                                                fb4f902eeb06fabe94e550ef1a3f70ace4bd0ed47ba82efd30626a997043a68d4c661a3aeac457ff4568c0c35a8f9d8888a00096641c32b32d394bc616ac1357

                                                                              • C:\Users\Admin\AppData\Local\Temp\bolls.exe

                                                                                Filesize

                                                                                248KB

                                                                                MD5

                                                                                4e46d93731395a27bbc943d90a5e9c63

                                                                                SHA1

                                                                                d55daa1ff5f52f71dc7947417b496684986bab6d

                                                                                SHA256

                                                                                c785a17d05184a39708dfe95c64ebeac0de7c212d3197febbf84e01902d81c4f

                                                                                SHA512

                                                                                566f3198fcccd40136a07ab450196505def1aeaf0bc70d391ec3f70bd249aeac50e9ca4364780d01a1177d0a861d337fb5f3edc0cb5dfc62bc04057f7a7f50fa

                                                                              • C:\Users\Admin\AppData\Local\Temp\xray.exe

                                                                                Filesize

                                                                                247KB

                                                                                MD5

                                                                                b4d7436a7913a9fd427b851818101ab5

                                                                                SHA1

                                                                                2b854d1d2c783b8e2fe57c219e5443ac36a01334

                                                                                SHA256

                                                                                7e8c6f536c555ec27199870a4ea0042894d5e03608d5a0278ba764e89f8f27a2

                                                                                SHA512

                                                                                f2b6af60faa1b16bcf37aac34df44dbd9b073cc3c31a768bb7f52b5cbe7ed023c746e4cae385968223984a5319ea667e6bee9ab2566b7fd9d424845c0ea136ac

                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                7c9287ee71b0a90bfba5133ce25ddbeb

                                                                                SHA1

                                                                                10e1095201b8c6342a21338b33187f3596f972ca

                                                                                SHA256

                                                                                528ada5283797e5b1a999c706a3f581c38c4ee3b16f550af628848d8ce164583

                                                                                SHA512

                                                                                4f38c3e74ed64e5e97fe0410fade0a84e0157cc729928e3ae8d96ba588d93d95721f7b77e65b25c146a295e9836cbf48e7944836536fd6dfca5fce9a7600eb1d

                                                                              • C:\Users\Admin\Downloads\Emperor.exe

                                                                                Filesize

                                                                                1.1MB

                                                                                MD5

                                                                                d6530ffaaa8a22c180f960c0bb3bdb02

                                                                                SHA1

                                                                                f5c74b1a9a3f97d2f038696e7d2ecd9c553e7a7b

                                                                                SHA256

                                                                                e1bb10eacd76bd622d6ba1e9f8c3abf2a00263046f51d898b357dd4b25c345f5

                                                                                SHA512

                                                                                8a8f4174825554ceb633d52dfd5ef56c5d50f7b8e14f41cb9286c02b73b4b077cba9c01a4fce39dff38d92d076b6a5100ef8aea5e102a6f998167be8d6d22c34

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 449576.crdownload

                                                                                Filesize

                                                                                505KB

                                                                                MD5

                                                                                c2f4144790ed39217b1dc7cc511ef8c7

                                                                                SHA1

                                                                                3c033675a05d6c57e587334b6466964adb69dde5

                                                                                SHA256

                                                                                0ccda2c02458f8251b7b2e825b44f95ac6b2cc8a0ffd53a50432992d6f9de8fb

                                                                                SHA512

                                                                                1927500a11be63a3ddb51db63f3f28f606666c172553645764ff160c626a866b96b68e5c12de85665cc4dfe852ce545077270420baefac4bd0444176e32122d7

                                                                              • \Users\Admin\AppData\Local\Temp\Opera_installer_2404110901095812492.dll

                                                                                Filesize

                                                                                4.6MB

                                                                                MD5

                                                                                2a3159d6fef1100348d64bf9c72d15ee

                                                                                SHA1

                                                                                52a08f06f6baaa12163b92f3c6509e6f1e003130

                                                                                SHA256

                                                                                668bf8a7f3e53953dd6789fc6146a205c6c7330832c5d20b439eedb7c52ed303

                                                                                SHA512

                                                                                251c0d3cdd0597b962d4e32cf588a82454c42067cbe5e35b41b0548eea742ea25815e5d6830b63c1992b5730a4e6d7c005fb0019aa4c389549b06fff9a74b38c

                                                                              • memory/1308-632-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/1308-628-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/1308-622-0x00000000023F0000-0x0000000002400000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/1308-624-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/1408-838-0x0000026878930000-0x0000026878940000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/1408-836-0x00007FFA9A070000-0x00007FFA9AA5C000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/1408-846-0x00007FFA9A070000-0x00007FFA9AA5C000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/1796-921-0x00007FFA9B1F0000-0x00007FFA9BBDC000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/1796-925-0x00000194C9D90000-0x00000194C9DA0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/1796-931-0x00007FFA9B1F0000-0x00007FFA9BBDC000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/2892-626-0x00000000024C0000-0x00000000024D0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/2892-617-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2892-638-0x00000000024C0000-0x00000000024D0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/2892-637-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2892-636-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2892-608-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2904-845-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2904-843-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/2904-844-0x0000000002810000-0x0000000002820000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/2904-847-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/3228-621-0x00007FFA9B1F0000-0x00007FFA9BBDC000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/3228-623-0x000001ED504D0000-0x000001ED504E0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/3228-630-0x00007FFA9B1F0000-0x00007FFA9BBDC000-memory.dmp

                                                                                Filesize

                                                                                9.9MB

                                                                              • memory/3228-595-0x000001ED35EB0000-0x000001ED35EF0000-memory.dmp

                                                                                Filesize

                                                                                256KB

                                                                              • memory/3948-505-0x0000000000400000-0x000000000051A000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                              • memory/5048-928-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/5048-929-0x0000000001530000-0x0000000001540000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/5048-930-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB

                                                                              • memory/5048-932-0x00000000718E0000-0x0000000071E90000-memory.dmp

                                                                                Filesize

                                                                                5.7MB