hxxps://anydesk[.]help

Resubmissions

08/05/2024, 09:08

240508-k3wdbsch6y 7

08/05/2024, 09:06

240508-k28l9sfd92 4

Analysis

max time kernel
81s
max time network
75s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anydesk.help

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
4976	installer.exe
884	OperaSetup.exe
2484	OperaSetup.exe
1880	OperaSetup.exe
656	OperaSetup.exe
4932	OperaSetup.exe
4204	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4756	assistant_installer.exe
3120	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
884	OperaSetup.exe
2484	OperaSetup.exe
1880	OperaSetup.exe
656	OperaSetup.exe
4932	OperaSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596329008894764"	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaSetup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\installer.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4452	4508	chrome.exe	80
PID 4508 wrote to memory of 4452	4508	chrome.exe	80
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 1692	4508	chrome.exe	81
PID 4508 wrote to memory of 4640	4508	chrome.exe	82
PID 4508 wrote to memory of 4640	4508	chrome.exe	82
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83
PID 4508 wrote to memory of 3172	4508	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anydesk.help
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff231ecc40,0x7fff231ecc4c,0x7fff231ecc58
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4288,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4592,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4928,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4748,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5544,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5572,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4268,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5252,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5156,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6064,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4892,i,8565093258548421377,17668626591887258460,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3628
- C:\Users\Admin\Downloads\installer.exe
  "C:\Users\Admin\Downloads\installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" -silent --allusers=0 --otd="utm.medium:apb,utm.source:RSTP,utm.campaign:op266"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies system certificate store
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2c8,0x2c4,0x2b8,0x2c0,0x2ec,0x6d3d4208,0x6d3d4214,0x6d3d4220
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=884 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240508090904" --session-guid=18ae50b3-8643-419e-98bf-203c590701d3 --server-tracking-blob="MTM4MDlhYjRjMTRjMDNmYTk1MjdkZTJkMzI3NmU3NmVjN2JmY2M0NWM5ZTgxNzU4MzQwNWJlZmM0MmIwY2M4MDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNjczJnV0bV9pZD1mNDJiNzYwMzNmNTE0MWY0YjQ2MmZjM2I2OGQ2NjA2OSZ1dG1fY29udGVudD0zNjczXyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNTE1OTMzOC4yNTI3IiwidXRtIjp7ImNhbXBhaWduIjoib3AyNjYiLCJjb250ZW50IjoiMzY3M18iLCJpZCI6ImY0MmI3NjAzM2Y1MTQxZjRiNDYyZmMzYjY4ZDY2MDY5IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiYzZlYmNmNjMtOTBmYS00MjAwLWExZmQtMDJiMzgxMjljZmIyIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=CC05000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2f0,0x2ec,0x2f4,0x2ac,0x2f8,0x6bd94208,0x6bd94214,0x6bd94220
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a8,0x2ac,0x2b0,0x284,0x2b4,0xbb4f48,0xbb4f58,0xbb4f64
        5⤵
        Executes dropped EXE
        
        PID:3120

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
adbe96def3b068ddd1b6b7e514d88b00

SHA1
22abb091b7539a61cfe3a61539cfcb8469926206

SHA256
f0d580906bdbd6cf54d65d43c850f0ca8c0c69d801ad12f111499109635a7302

SHA512
5c2e279d7d20938097886dc33068dd521a243dd933171405e8a5292fce9675573621701f171548b11a76e205fe61d52f6ed325b0752e07aa994078b11abb7427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
77a7756774746386ef9ead66068e5e5c

SHA1
55692345ecefd7eefe4b8b78b377c23d27281ad5

SHA256
e2519bf5591b6053295770da0709fd923a5c679c543776bf35a12412d17add91

SHA512
33222b2b55bb28e340545fd123806dc0dc3177d8e5f7e8bf209128a34680c8af6210906f2170433d4b9cd1066b88b74eeec400aab89654024359907c6e0fbbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0edf74a6a79ebe99d78a8862bd5f748c

SHA1
c81bacf73b4cc368bde1f977bfebfe5804552add

SHA256
740c302e4692dcf1893424676a4cbbc5b622dd83d97ae84dd3ac5c2483c69c8f

SHA512
84213bd0e696f5f8d8862eff02af915d4730c9a3944c397b670e05a0fea69dc3090c446d470e119c836e017dfb286465191c0e920bddc97ec79e0d9a2e72acd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4e4544a013699309d6dd5a0717111cc8

SHA1
968022ace1f367ee9b1f9411a465c6f88c6429a7

SHA256
a7d8ab6b36232533cc6fefd0182e473145298b64447f610164788b5fe34f2aee

SHA512
6c343a15aad6c184e7bc5d1de994528ae239e230b8479a32ae1e840c58c5ad66ff02bbd488d31e05b97566dcb6b22fa7bba63c7f3cfb94f8f5de3949165a43b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d394301b358533bc625f171cb4b4177

SHA1
56ae33301cf8d7d9166a0166cf5ae85af137c904

SHA256
4bf75810a075bf97ea3e40121e2e462813278baeffa6e075e499ad9f19ba9aab

SHA512
a66cfdcb89693a55ec8aae0386f14c2ac5ae403cac40283274a16b4ab0802473ff4d4a8a83d63304c4b6336290fccdfb30ba61564c42a704f5a9a358b0f1706b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d4a3273a728cdf2a3a920bb2afbd2d3

SHA1
db214f071d276ae206ee34ab4cfa5b037c14592b

SHA256
f9f1409558517d785f4c4c497c158e46ce4efe95b9743988a1443f22ce57bf29

SHA512
5a040e400a03771489d2ed238f542ac616a075b7f706cdff89e76dcd2c9d4d1ee3bddd89ec24eaab0490e943e4e871e5f85a84b0fe0ae4ca6c35e05c062e74bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a1a18edd58100e00f9b789a909bc17a

SHA1
22822ba7974390e98a6ccaff3d4e38766eadb433

SHA256
a73a32fc912dd145a2927cfcfeab18e2c33822dbece4998e376eb412a1c22eb4

SHA512
e7d9b5197300fe38155e224842172a9083f155b0125a6b45fe28b668686cfdf02e221dae716caabff1f1f3ea471d28c019834772f814ee362473f54d771a22d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a20e04989ab0ecd1cc3d354a452fa23

SHA1
a1cd6e2d061902a41a1651e2133cd52d3fca159e

SHA256
cd2f53ac9891d4004fa46f3afa2b6aa9eca091517b9a943b4563695db59b1b51

SHA512
2bb73f4dc3b22c001c19f2cc0e804289b916c52e4ad3f104ac0ced07b7ce10ae86b9da574e478145e4eba2f33052ac73f101427c0c46256e596dfe5698fd6da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f7a6b665822f7c670413359f46b75be

SHA1
88d719141ab206f693bcdf366707eedc43e3b377

SHA256
e24e184906bdcc1dada5b268337c887f2c812682b75137583ed55ff4934af992

SHA512
239e830dc6554190f02dc45cda0b2ca5a83005c7e18a12f8d6240118c35a135eac979940767a116c56c1b72249c70fe845544cb72ebce2a2258816c647466a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8667e7a787f0a6ad70bf798b3c1c55d

SHA1
32d93d9a54409d4c9b461c4846be48ecbecdf63c

SHA256
137056c72919fa35277186e91f65766fa7fb7a8c9f4848f4c616dd927248bddb

SHA512
39717513c352fffccd4363b561402a4182bb4f0b6682734ccee1185b2897aa5cea2e24c156430d945f8b5ce1ce70b458541ea000e3b6ec0f1969593f3a433607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1544ebc844737824fb316f2ec9a2905f

SHA1
54424af0ee7fc34f5364ed05ce601d096a8174db

SHA256
0cde84367e314b3111e44e0673a4612ac23e3f8385c92456681fd1a0f2037ca8

SHA512
a4fe60e177562f340c25fba102d507600bc3a2d53676df4991958d52b6faba8031ff28726aa7dc5bf6f417cf844f31b5efe3a81dbc45720e91778534f1b68eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
37b53042c9d7fc57b5cd5121c0b61f75

SHA1
3e6f354f6b7399884dc1e28ab9bd4e9bea64e008

SHA256
2a52e83a6094b25b109aa60c486392874be1108abba35a780afaefacd2eceab9

SHA512
7084871c848938a355bff71f52d7f1ec498bf87553fc7116c0eeb2d33393697b9312e54b01a11cd5a6617f80302b2b894c47f80c4ec991446dda890e3f1be334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2754f06080b0f6b9d56065f03219904e

SHA1
a65888c184322ad6ef320bec3584e28060689ec5

SHA256
6d5de03e9543213d0915dd539c38557228fc4462b28ef752f3ac9a7dc8047cb2

SHA512
feeb94681014248d6dbf725b5ba0836cda1d61a11689ad230e4498850144b65298b6c9c446ee589e88ba711e1c7450c4c882fac02c575a66268f560e6a1a5dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405080909041\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup\OperaSetup.exe

Filesize
5.7MB

MD5
958bd89f93055db2fe9df5664f9c4326

SHA1
2db93fc9fde7ed19cbae90f58babc6c515a43835

SHA256
ec99962a500964aada34a79a1371d614befe1913f9b998e267448ee3761e24ad

SHA512
1a31c0a8b2a64b3a6cd912fa0bc37671f46dc8e68639bb22ae407b724eba318dc3541c2e6ed5af4922861ea4cda24492671c2c05bd4fd3ad79c5fbd2e442befa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240508090902542884.dll

Filesize
5.2MB

MD5
c44227f38d59c590106f011b17eb90d3

SHA1
b99b310fc2249a7879290ca5d2ad915ef588e76f

SHA256
c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94

SHA512
0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
1d45a29573cd94c8c1a8fcf78c8ad968

SHA1
3c7f7b27421c6f7f774e8297716ebfeaa4c5e5f5

SHA256
f890563994986ed6fb384879c361e8f89d61dc685742a51db40c764dd8c4373c

SHA512
d924ef64e9af8613a490919e863ecfb9ae1513f8e41380b2d87f3f39d9e07c1f573aa34d6f57697b712bd83455d7eca93dfe5a76d1418dbed3fac3d1c99f6370

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
117149156f7e7ffc096f2c0b317cc8d7

SHA1
77f6f2a341cab13ae4a7e5c1a7882c1cb0f75f1c

SHA256
809496a017604939a88fbdd3b210fdc280e956c553c9c43aa27a88429b75fde8

SHA512
3c8acc990fda117efb4787e0576d4ab34d350019a3eef0f86a3df81f1f9bbdfc34091212bedf48e973deb1cc03463c4b7d2d5a048d4b4f19f481d3e47b696678

Download Submit
C:\Users\Admin\Downloads\installer.exe

Filesize
43KB

MD5
d406ce5200488ab3fb725bbd16324864

SHA1
f7f619307ec9b463abfc7ede001274d12cdc447e

SHA256
28050c06cb9377a1f54773370b24723e0d2849b5b71899bed40b9da7837f2974

SHA512
461822da36db093cae46ab3b1a5fa34617f9fb37bec97c38c33efd134c61df75fecc3192442005645c30c411d6e0eedff6d130c053d80ad557064df12c89a883

Download Submit
C:\Users\Admin\Downloads\installer.exe:Zone.Identifier

Filesize
57B

MD5
3738af8a1bf2a0b373b457f85fc34f2a

SHA1
67daa546409ba77a17a126b04ad916dbba813b2b

SHA256
c740bb2bb33cbf2eb52280676b18cdf824c930687808ba893c07144ac5664e50

SHA512
580d523c583e09be67d547ac51418a11d4db7655c51739d84bb0cc5152e65ba42f479b53b56a153753ee07487f31c56cbfdbfa02978c9d1193a073cff41c314f

Download Submit
memory/4976-220-0x0000000074AA0000-0x0000000075251000-memory.dmp

Filesize
7.7MB

Download
memory/4976-219-0x0000000074AA0000-0x0000000075251000-memory.dmp

Filesize
7.7MB

Download
memory/4976-218-0x0000000000E10000-0x0000000000E1E000-memory.dmp

Filesize
56KB

Download
memory/4976-217-0x0000000074AAE000-0x0000000074AAF000-memory.dmp

Filesize
4KB

Download
memory/4976-363-0x0000000074AAE000-0x0000000074AAF000-memory.dmp

Filesize
4KB

Download
memory/4976-364-0x0000000074AA0000-0x0000000075251000-memory.dmp

Filesize
7.7MB

Download