489dcdec7adfb3514d19eb5a10feb4f7aad62194db4eb4310d137d91aeadcd95

General

Target

OperaGXSetupVirus.exe
Size

5.7MB
MD5

20b86d966c26d9c1014772f98db85cdf
SHA1

3c698d2892a9dc2bc946aa1bd88b838885a444a0
SHA256

489dcdec7adfb3514d19eb5a10feb4f7aad62194db4eb4310d137d91aeadcd95
SHA512

85f844c39d8df4a1c8c195572b9e7edc223411004475bf760f8042f87d283d079370241e4bb99655e3f1a298646fa6c45d126d41f613764cd96c8800c48a0184
SSDEEP

98304:40NFj6666666666666666666666666666666x666666666666666fwwwwwwwwwwS:finH+ee2CrXTAim9xb0lkyS6XD6FDtPR

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1424	OperaGXSetupVirus.exe
2944	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
2324	assistant_installer.exe
3596	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
3368	OperaGXSetupVirus.exe
744	OperaGXSetupVirus.exe
1424	OperaGXSetupVirus.exe
4892	OperaGXSetupVirus.exe
2516	OperaGXSetupVirus.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetupVirus.exe
File opened (read-only)	\??\F:	OperaGXSetupVirus.exe
File opened (read-only)	\??\D:	OperaGXSetupVirus.exe
File opened (read-only)	\??\F:	OperaGXSetupVirus.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetupVirus.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetupVirus.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetupVirus.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3368	OperaGXSetupVirus.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 744	3368	OperaGXSetupVirus.exe	83
PID 3368 wrote to memory of 744	3368	OperaGXSetupVirus.exe	83
PID 3368 wrote to memory of 744	3368	OperaGXSetupVirus.exe	83
PID 3368 wrote to memory of 1424	3368	OperaGXSetupVirus.exe	84
PID 3368 wrote to memory of 1424	3368	OperaGXSetupVirus.exe	84
PID 3368 wrote to memory of 1424	3368	OperaGXSetupVirus.exe	84
PID 3368 wrote to memory of 2944	3368	OperaGXSetupVirus.exe	96
PID 3368 wrote to memory of 2944	3368	OperaGXSetupVirus.exe	96
PID 3368 wrote to memory of 2944	3368	OperaGXSetupVirus.exe	96
PID 3368 wrote to memory of 2324	3368	OperaGXSetupVirus.exe	97
PID 3368 wrote to memory of 2324	3368	OperaGXSetupVirus.exe	97
PID 3368 wrote to memory of 2324	3368	OperaGXSetupVirus.exe	97
PID 2324 wrote to memory of 3596	2324	assistant_installer.exe	98
PID 2324 wrote to memory of 3596	2324	assistant_installer.exe	98
PID 2324 wrote to memory of 3596	2324	assistant_installer.exe	98
PID 3368 wrote to memory of 4892	3368	OperaGXSetupVirus.exe	100
PID 3368 wrote to memory of 4892	3368	OperaGXSetupVirus.exe	100
PID 3368 wrote to memory of 4892	3368	OperaGXSetupVirus.exe	100
PID 4892 wrote to memory of 2516	4892	OperaGXSetupVirus.exe	101
PID 4892 wrote to memory of 2516	4892	OperaGXSetupVirus.exe	101
PID 4892 wrote to memory of 2516	4892	OperaGXSetupVirus.exe	101

C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x74f94208,0x74f94214,0x74f94220
  2⤵
  - Loads dropped DLL
  PID:744
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetupVirus.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetupVirus.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1424
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x10f4f48,0x10f4f58,0x10f4f64
    3⤵
    - Executes dropped EXE
    PID:3596
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe
  "C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3368 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240505110934" --session-guid=37374b6e-4ee8-4241-bcbf-145f35c15597 --server-tracking-blob=MDRmZjRjYTNjZGQ2NDg5MTYyYjBiMDM5NDU2ZWQyY2VkZTYwOWViYjY0YTZkZjg5ZGY1M2Q0OGJiYTJkMDY4NDp7ImNvdW50cnkiOiJERSIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9ERV9IVlJfV0VCXzM1NDYmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0zNTQ2XzkwNDZjMDUwLTcxZTYtNGU5Mi1iNjc2LTE1NDcxZTk1YzA5ZCZ1dG1faWQ9Y2U4ODhmMWMxNjM1NDE1Yjk1ZWJjMTlmNWZjOGU4MWYmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCUzRnV0bV9jb250ZW50JTNEMzU0Nl85MDQ2YzA1MC03MWU2LTRlOTItYjY3Ni0xNTQ3MWU5NWMwOWQlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fREVfSFZSX1dFQl8zNTQ2JTI2dXRtX2lkJTNEY2U4ODhmMWMxNjM1NDE1Yjk1ZWJjMTlmNWZjOGU4MWYlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCZ1dG1faWQ9Y2U4ODhmMWMxNjM1NDE1Yjk1ZWJjMTlmNWZjOGU4MWYmZGxfdG9rZW49NjM1NjEzODYiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTQ4MzY2MDMuNTQxOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjQuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9ERV9IVlJfV0VCXzM1NDYiLCJjb250ZW50IjoiMzU0Nl85MDQ2YzA1MC03MWU2LTRlOTItYjY3Ni0xNTQ3MWU5NWMwOWQiLCJpZCI6ImNlODg4ZjFjMTYzNTQxNWI5NWViYzE5ZjVmYzhlODFmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ2V0L29wZXJhLWd4IiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImIyM2E3ODNkLTc1MzgtNDVjOS05NGZjLWU0OWQxM2ZiNTdiOSJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=700A000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of WriteProcessMemory
  PID:4892
- - C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe
    C:\Users\Admin\AppData\Local\Temp\OperaGXSetupVirus.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2ac,0x2b0,0x2b4,0x27c,0x2b8,0x72374208,0x72374214,0x72374220
    3⤵
    - Loads dropped DLL
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetupVirus.exe

Filesize
5.7MB

MD5
20b86d966c26d9c1014772f98db85cdf

SHA1
3c698d2892a9dc2bc946aa1bd88b838885a444a0

SHA256
489dcdec7adfb3514d19eb5a10feb4f7aad62194db4eb4310d137d91aeadcd95

SHA512
85f844c39d8df4a1c8c195572b9e7edc223411004475bf760f8042f87d283d079370241e4bb99655e3f1a298646fa6c45d126d41f613764cd96c8800c48a0184

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051109341\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405051109343863368.dll

Filesize
5.2MB

MD5
c44227f38d59c590106f011b17eb90d3

SHA1
b99b310fc2249a7879290ca5d2ad915ef588e76f

SHA256
c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94

SHA512
0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
b5ad9e59eaff0853270c847d500635c7

SHA1
bf5df4ecdfdb20bcbfeb0bda979b8f8f16ccb193

SHA256
123471348a32b70ef0225fdab6e709d6a936bb80b4053fd4652d08d93d98280d

SHA512
22e57a6b81e1f2a132728dd369908688a6eed648d55a81f9defbc97c3e6cd728747b69f21833d29f03c5253ab5f2018a91e20e2f57d9ec41e2b499c62680b6a2

Download Submit

Resubmissions

Analysis

Sharing