hxxps://www[.]bloxget[.]com

Analysis

max time kernel
201s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bloxget.com

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

OperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
4592	OperaGXSetup.exe
3152	OperaGXSetup.exe
1664	OperaGXSetup.exe
2852	OperaGXSetup.exe
4912	OperaGXSetup.exe
5008	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3596	assistant_installer.exe
1984	assistant_installer.exe

Loads dropped DLL 5 IoCs

Processes:

OperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exeOperaGXSetup.exe

pid process

4592 OperaGXSetup.exe
3152 OperaGXSetup.exe
1664 OperaGXSetup.exe
2852 OperaGXSetup.exe
4912 OperaGXSetup.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

OperaGXSetup.exeOperaGXSetup.exe

description	ioc	process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588103930528245"	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

OperaGXSetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4020 chrome.exe
4020 chrome.exe
2948 chrome.exe
2948 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

Processes:

chrome.exe

pid	process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OperaGXSetup.exe

pid process

4592 OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4020 wrote to memory of 2780	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2780	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4484	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 1388	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 1388	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 4772	4020	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bloxget.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4a9aab58,0x7ffa4a9aab68,0x7ffa4a9aab78
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:2
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1548 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4700 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5060 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4304 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5280 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2352 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5628 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:1
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4332 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:8
2⤵
PID:2760

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Users\Admin\Downloads\OperaGXSetup.exe
C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.62 --initial-client-data=0x2bc,0x2c0,0x2c4,0x290,0x2c8,0x75084208,0x75084214,0x75084220
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3152

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1664

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4592 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240428204104" --session-guid=40a70e0d-9273-4d70-8964-1188cf188b69 --server-tracking-blob=ZTQyYzA0MzkzNGU2YzJkOTgyMDc2ZjY0YmJiZjBjZmQ4NTAyMGFkNjYxNTczNTdmNzQxOTgxOWI1M2YxNmUwMTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD0wMWRiZmQ5YWI4ZDE0MGIxOGNhODZmNmVkZDhiZjk1YiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX0hWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDAxZGJmZDlhYjhkMTQwYjE4Y2E4NmY2ZWRkOGJmOTViJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0wMWRiZmQ5YWI4ZDE0MGIxOGNhODZmNmVkZDhiZjk1YiZkbF90b2tlbj03ODkxNDMzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNDMzNjg1Ni4xMzkwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0hWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiIwMWRiZmQ5YWI4ZDE0MGIxOGNhODZmNmVkZDhiZjk1YiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI4YzkzZTg5Yy04ZWQ3LTQ1MGEtYjljNS03ODkxZTM0NzNjZWMifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=C809000000000000
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:2852

C:\Users\Admin\Downloads\OperaGXSetup.exe
C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.62 --initial-client-data=0x2b8,0x2c8,0x2cc,0x294,0x2d0,0x72544208,0x72544214,0x72544220
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4912

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
3⤵
- Executes dropped EXE
PID:5008

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\assistant_installer.exe" --version
3⤵
- Executes dropped EXE
PID:3596

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x654f48,0x654f58,0x654f64
4⤵
- Executes dropped EXE
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1004 --field-trial-handle=1840,i,10351514442464217700,14403225021762947302,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\75e38af5-320c-4288-99ba-82848091ab01.tmp
Filesize
7KB

MD5
5e9703756d9bcebd53bc1aefc3655c5a

SHA1
3def9bb6a152692c977f8907acb4cd9ef7f7031a

SHA256
3f57fa23cdf7f246aae54353aa9d58baf359887c672b3d9b5c8b3a0150b200e0

SHA512
1be800967c7e703596fee0faa963471da6f6eb7c94dc538e4924439eec8a65dd9e9aceeebbf147ff6f658c7f05b92972643a9114174b24f6a7a6ab3af20ca008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
240B

MD5
21ab96a977a76a530df1fed9478f84b1

SHA1
847bf4970ba3ffd367a0d941e551a8fcf37e7683

SHA256
e031b199a5c50bf8485e4bb1b09e88362e927a6bff63a37dd919a1f5f08aca54

SHA512
53854f30b39a3ebfc9673f97013243f2d3916e89207cad81b14caa6e905d6dbbd54694c2ebd984eabe7d3be752fbfbb27b1ff749520148bf0c884f353c78a89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e4cc8d66d29b46a2f110adf52c9cb221

SHA1
bb8d56b074a00891c8290a0755eaa40d0a7810bd

SHA256
95fde90125f591c7e7b7974d5e71488dcece09e564aa1c4d0ab179640345ae1c

SHA512
f4db838d36c3dfdbdbcfdc5e796ced51a79f1ae29dfad85092b9e8ca334d77ae35649724a60604d37ce9a170b653033c3e95a9fda1f94236c8e8300429084867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
cf6ac94e11fc084806211e48c5e294ab

SHA1
6a5a0e15b9ac83615e03a9bd875f832b15ba63d8

SHA256
d95d60d64e90086ff50c6ba4bd6e17235f7b7f534c7f4323a342b9835da79fa4

SHA512
863d00c8645b6e33d040ad3f2beb2cd8b196a597aac4e9664ae1df5a61fa750b41b222a2f2921f418faaa9b76f3a6cd5d71f70c4042451ae8b468a7e0f79ad42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
50efcc069245d227b40ec4a707917d24

SHA1
958af9f790912fa531eeee54f9387b81ec426baf

SHA256
ed8403ba2b87af5351bf79e0a86cdae94f64069ecbd35ed319ac88d37bfe460d

SHA512
f6567fea13a6d09f0158079de0ecad7c1afed563fcaadd39c5dede168dcf10feb12428608c6006ab89db9a5c7da25a3a60efb43f24dc7855a2cf50a32614d8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
688B

MD5
5c663a0b1c36f6ec53ca13da1fe20f9b

SHA1
cb56b111c59db062e0fbfd18043f7ce9323313e9

SHA256
7dbfbd24a365b41ebd04ecc13008eeeb27e76366f7078b702d4c3edd2672c1cd

SHA512
28da1bbf95ce91a2128b1dd56284d49ad49da334c4c2d5b139f604938295f087c7f79a1a70784fb0e32a134272dd0ca35f38db239ca38608135f5cee5554d1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
7fa66ccd876d14c7c700d748946ff444

SHA1
351f3e65e0470d2def4a7e7d2de999e884bdfbb7

SHA256
94047517009c21a94938802338fe3fe7637afab0e1f3b2a93888c5b9dcf39e0b

SHA512
56d0169679734d32f7dd9045dca001fac7abe148df625b67221a702dc966825c0447839b2cc945f8d09cdc55c71eb4cd09139ca165bb91c8b5895049610f56de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
522B

MD5
12be0049702850e52d4fd68755773c28

SHA1
ad562e1e242cfb828362dd18c631395363720cea

SHA256
44797fc0fb92603790a1cbfefb870aef2465a656a067c4713adf83efb51f93eb

SHA512
33b1e3359690451ff154550f69e6838743a09461150dae24927f066936007c3d3986438c4a1f8de593e6a15da728655db1e0535dd44f6d430e1fbba91e8048b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1ca3e026a2ee00797db75de16dda3b0b

SHA1
3beec464835df7b44e0622ab7a2ab09d2d2d1b0f

SHA256
b7973c04b5bb34ab007f369092b2fa82da08066202757db79ba43d31a44d4f24

SHA512
5a81d41185b5ed2b1d9685152692baa51841a7ca0b642a3029fcb672e95c6e839f99700a21ed5cb7125748b1ae8092d011d65be2f8da2b533d6fdd8346bc45e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
382e5d8f83d8e58febd41399ec4485c0

SHA1
b9c1aefadb0ab1e8a98e601b8a001605f2109fa9

SHA256
e7890764930fc8434092eb4ea8a45dbd35c66242cb800460e8f97ff50eea1f6b

SHA512
b5402a62143f9a056e859aa1371221e5b7b73294bcdf93897b211a8c3505142ce4d1d18f58e933646c5a5bd1967d82a89dbdfca315ecb94ef164647facb93a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a42fb79873bb9ebe9bd7f119fd549ea4

SHA1
82c5d41db1cc329c0a7d41b4a4c2de5ffa5f0a21

SHA256
9b7030eba39f1b0744e849ba31e3832ab99c6fbd5334f7f990df4ec224f01c34

SHA512
4581437b710f3f3cecebda1da872d8daef077e78f2178f186b1bf1deccc9209c115235e148d0fa0505f2389e502b0ef39939da33939be1440bdadc000844c440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b0c99a8aeb2d39702bfee39f47b2c3be

SHA1
310d080503b87cc912ec78263594d466c4c9c30e

SHA256
f4768d1d2b17c5b74f8a0f07b6dac9fb63907df3e1b4c0ee8c8c235f266bd95b

SHA512
e6c15b71fd4b2b14a5fea09891e5d953699ba8a95bde59fc4d5f2dd5e0823af8ea8183f71e4b594f79315777281a6c2416f657b9239a2797131febe43955e1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
28cc2f3febbcd4139eef290efae8a325

SHA1
b6d4f729a8ccda4e2cc214f0006bd16559d291e2

SHA256
3c0eb1c5c9e314f54d159ba3bbc9c20a942c1fa2f9773ae099e8f883bb6070af

SHA512
60465f89efa0b9a61dd93be4abaaa4514585af25e87be9eceb6ade97e7a6ecf4bb13c7abec0db587b9c3c2b7c8d41d54890f6608aa9ad99424eb4b420c9e202c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
38c17b0ac688c634575d4490803c7131

SHA1
3187c1af451a24e7f0a0b12e299b194006b632d2

SHA256
793a3146c78cf2f9b234b553741fa9201d09cbfcdfc6f157fc021ac530616f61

SHA512
f2525f85352298a2e3617472e6b887946a841ae7d46a0d19aa663502c498f76871003599cb279a9a807c7d4eb5a633efec6c4aae1eb3fd83ecb92b26a057fdae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
8731bfee8e26f9ffe6cbad035355047b

SHA1
eca2ee3067066afc02e0ffd6cf4aa3e4308653f4

SHA256
68e50d8cd5574c1a1088dc041c4476de6cbbbe910bb6b710411b21e3fb42586a

SHA512
ad7133bd5c3ac74385d84d6412c960581e71bb778a61316eb44996a70bcae3e5140f352c2cf6734b2dff314984c7a65d0265635b0a820e310b0cce9b6ce379fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
87ea7eeb714fad81231c0dd5fcb64988

SHA1
0d99d090a70e5b31d0cc2e72202927573d953192

SHA256
615c25ddb3c5760b4b719e2798da22df50e44f11269fae41aa885989d5f9495f

SHA512
bed0fffbe209aa0d6418aca231e694dc6476b7f83841be354b3c6a4ce7d549ee75173822c67e5af11c12e16150104c76451f1c93696879fe3672a17e306b1c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bcb8.TMP
Filesize
88KB

MD5
50ee58e52811f6ffa87fd78a6347aff0

SHA1
233f402bd0a5fee8eb6b47a4d6d48c1686655396

SHA256
8b521789dafbc258e71fcc5c42f68130518e7764dbc032db4ec906f4f5dda3f6

SHA512
bf97297ef96bc9b4a30a14810ecc5c53b3412883ca0858c055c11326261936d42bffe1b4785f44e00eb140a2026cc951b34d2cc13f10485ab66dc3ef177f3f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\additional_file0.tmp
Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\assistant\assistant_installer.exe
Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404282041041\opera_package
Filesize
136.1MB

MD5
6657e5a4abb7716d45335190ad105697

SHA1
eb91bc6cac6baa5c9c0828a7240bde2e6cd39dc1

SHA256
ccdd3f26f1f3c6867a3025699536588959d3655a1a02bcf38c0513e54c2975d2

SHA512
710de1bef7dd97f7d8e08f189be4167ac703916eeac5600eb91f5b43ce2aebe451819a42b22e6cedd473b8eceb13518ed650f4a0319579eba4e4cf8c0e26dfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404282041030564592.dll
Filesize
5.2MB

MD5
d9381da82bb61f1c9a062efc9cd97ad1

SHA1
5735dd07793e53d0a03e71460f28758e4d723044

SHA256
9d3843246ca4774fcefe7c55fa90018c661a0e54c6f92f9d24aebfa07124b519

SHA512
bba0b159e90ea1eec4e2f1798500e6ca482a0b583142b11da530fb86a3fdee2fd9a17b7ba020d3ab2a49cc0a603e29533b811246c345c996ae753b16671dfd91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
Filesize
40B

MD5
864bc4fbd0df1a9b2b02753af6c07df2

SHA1
3980460e762866efd7628732a9991ed9a7a73729

SHA256
b13596df0a066cc1f22a3427d09e247e422176c99e546eb34eead0cf5cbbeaf5

SHA512
e0198ef6d5be63501033e282df430373c1d3f704c7df7d98821563edc60a66d2dc6e3760b2bd734185de7cf3ad1ac56fb3395d800dc3412e908ff628451c024c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
Filesize
40B

MD5
2218f8821b3a3c8623bb0ec9f8b7cc4c

SHA1
63ff714724075914a3b9ebb29bd1011032af2729

SHA256
667ae7973f22e4bc0ac2aae18ac08151991a8accbda970b79c6f4950d3d78d76

SHA512
51121c7f248d8e19dd00c1a750c3daf9fd250821ee4bd8b18be401ddb6bf503685446ebb974556ea0f01e841a16927a7a695f6cf8980b6b0b4475b9479d03cec

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe
Filesize
5.7MB

MD5
f9c4232dd01cb309591524a895e355c4

SHA1
5248b196685b64728d89155a04ade730cf3d7253

SHA256
07427448e2e1d066f3ad3e5661efa4938d2ba03689802c11d39abec5275a45b9

SHA512
b74ba2752516b9b9806cb05eef5c1e366deb4313889bc7209b47153f9448897519c981280fe0f9d490a23520e93f9f4a5f2ebab9e961782a832671b0ed31e459

Download Submit
\??\pipe\crashpad_4020_STQUNJXHGNMZKJWS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit