96696d9c34dc08813fb92d636f7d0e31755844f320ececaa0de07a0ccd694a83

Resubmissions

10-05-2024 00:32

240510-avsmcsgc2y 10

Analysis

max time kernel
66s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara V2.0/Solara V2.0.exe
Size

850.2MB
MD5

cdd48589dc494fe2587e9411312ab604
SHA1

692ca2c9e7c3b767ed5d324a1968c98a08a4cd49
SHA256

baa041ba8b10a271b1a7e530acc21e39b7844a8eeaf9bb6c17e551fbda6c0b95
SHA512

8e73eb4c947106884568252d5d8db1e378a9bfce89f9024d86ff1eb0c4ea01a07bae7945a82872c15bf4623f4bd046886cfe0441a2982472dbd0ca886f8dbf99
SSDEEP

3072:dagGCj4S7tx7qy37OEfBcgJQ6usF++FukQRHIAQTAXg8xrP:cgGA5N7HfBPnuS/FaplP

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	bitbucket.org
4	bitbucket.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Solara V2.0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Solara V2.0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Solara V2.0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2992	2988	Solara V2.0.exe	28
PID 2988 wrote to memory of 2992	2988	Solara V2.0.exe	28
PID 2988 wrote to memory of 2992	2988	Solara V2.0.exe	28
PID 2988 wrote to memory of 2992	2988	Solara V2.0.exe	28
PID 1204 wrote to memory of 2516	1204	chrome.exe	32
PID 1204 wrote to memory of 2516	1204	chrome.exe	32
PID 1204 wrote to memory of 2516	1204	chrome.exe	32
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2148	1204	chrome.exe	34
PID 1204 wrote to memory of 2108	1204	chrome.exe	35
PID 1204 wrote to memory of 2108	1204	chrome.exe	35
PID 1204 wrote to memory of 2108	1204	chrome.exe	35
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36
PID 1204 wrote to memory of 844	1204	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Solara V2.0\Solara V2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Solara V2.0\Solara V2.0.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
  2⤵
  PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7919758,0x7fef7919768,0x7fef7919778
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2616 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1444 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4020 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3932 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2360 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4108 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1732 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4424 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4536 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4516 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1300,i,15622505768524435497,3209276612826943058,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
  "C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe"
  2⤵
  PID:1200
- - C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
    C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=95.0.4635.88 --initial-client-data=0x194,0x198,0x19c,0x168,0x1a0,0x74fe5438,0x74fe5448,0x74fe5454
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe" --version
    3⤵
    PID:2680
- - C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
    "C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1200 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240510003618" --session-guid=b417b758-af21-4e82-b740-158a7941f31b --desktopshortcut=1 --wait-for-package --initial-proc-handle=A006000000000000
    3⤵
    PID:1196
  - - C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
      C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=95.0.4635.88 --initial-client-data=0x1a0,0x1a4,0x1a8,0x164,0x1ac,0x73815438,0x73815448,0x73815454
      4⤵
      PID:1740
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_package_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_package_sfx.exe"
    3⤵
    PID:1076
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_installer.exe" --version
    3⤵
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=95.0.4635.88 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xb84be0,0xb84bf0,0xb84bfc
      4⤵
      PID:2572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2932

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1736
- C:\Windows\system32\shutdown.exe
  shutdown -f
  2⤵
  PID:1948

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2140

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:1016

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:1540
- C:\Windows\system32\LogonUI.exe
  "LogonUI.exe" /flags:0x0
  2⤵
  PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06f2f8522edbbe20fd609550ab51f12e

SHA1
e04395bf70f7f888b67a6da299ff95db538e140e

SHA256
9a9b9fcb5f76354c2e33bcf1aa42d1f2e72326ca99677766e02a5eff8fc6848c

SHA512
c5bed171e3bbe0b9d2c977c7525bb2c9852ecaa5d7860c6fe37b4a9b949587f3285d4df7442eadb4bc07b80cfe6ab258bde75190ee202719114ff510311579df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d452a880498ca2c4a26dc4fdd6f12c3

SHA1
e9a79cd3e40bdc7fd9511ce406f173668e7566ed

SHA256
6ee281c14a2b1c299d15a5b228a429f67c0f661170d7529bb8b60638af73f74b

SHA512
d93d0ea93af20cb7996883f16b5bb445a4ee2b9e241a0aefa39963f1b07981b5a823b9f0d5aaddc1af7c9d8de44612f4edc391c0d3cd2a879becbc115e9f3628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c61f5bb7933a614687e595df8eb09fd7

SHA1
3be8c7d6eddfb861586713df43095a729c6580f3

SHA256
762ef8e4b7808dbf34fcd0855505b4019f675636e5ab36ff9dc663e768b0c3ab

SHA512
c020954b2cc7b67beb01f182898ce63b3d972f89de00db84a95a3419509e44c4645d3b12f9b46c4c91ad8eab11a0305314f622863ce3a8a9609333c371afe8d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff2df57158a277cc494f23938039373f

SHA1
47bb47aa0b6e2d43e9a52bb4fb1047d25ab21109

SHA256
84c79ef60be98dee4e58c840b64f7edb76d9ed6601ec3af0b302d82cae23a437

SHA512
cafbf6cb7654b452df5b8b2332f41eff10e9ad8be7b5ad5fb6d95d61b4042f1d4415c631602b0d5adceae5922f0acd918fdaa8c2c3bbc8a387ffe9d82fb1065c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14a4282220a1e80b1fc51df91b0e78fd

SHA1
0e242675460483409fc20a72897fa020075b567f

SHA256
4e5aa8bf5b34dbad829dd41e86991063a0a484ba8f749ea94b1838feea69395a

SHA512
5eb6318b439d2ad1f8618f0bededeefe29e1c9700feae8d2217bf65038e07bc1c01e36efe4568f0b49ef46539636a9a434be738b099b924c009cbb2efbf25a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e41d42097b3d0d3ceebeeca2890b66ad

SHA1
a8a798e877b6bc8c7518deb6eb54705784154b34

SHA256
7c369c14a7362bf282932d99a24d856ecde1ca1022988c68401a72ae548e3244

SHA512
d3a8d61b8e155919ff5a882b8fd2723fe67be1fa04b54c9a8d6909cbe8e26c8843fd259587ad86383e401baa5f0458cb9ff92a0e1eb543a5de5f1ad29195bc5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1b7afabe7b81c7b77da4a9659d1e631

SHA1
4a0c8fd038708711702f4589148960987903115a

SHA256
ffa619f38b7aaac613242feae04d14ef965f3cc36b5a191fb81a6cf39ecfb8b0

SHA512
879c74ca467285445b711bc8db4598c22b354b6ff23f7a613c6ea1e98deefbaaae17e80c2c481a3ab3a85ebedd951c1a5ecb165233c3051845043ce8f757e1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
62747aed9c4c24a26f02f0d6a9bdb939

SHA1
04d4c304202ced0ca60a2a811b1702486bbeeb78

SHA256
cf2364d27bf6e25b5f9a9df3c05bfd60b177fa6dfcabfa46f29390ab4b130ca6

SHA512
296fe9a5ea1b4bc4cabc606eaad0e0e0b57dfb21bc1ebdf696d12c77fc39a49d9601c1ba32b93f7f7175c83dc6cc6bc45b6ad88a5431c9ac37aca622fe9b34e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e8efb53964bf71da5e7d32f6794251fe

SHA1
29bf05a7d383a6b288983b591dffe4fe71942e1c

SHA256
96ba49506c84bafefb86a99d3fd6733b0192ba8794c3c4c568a731c4469944b5

SHA512
3a13c142721c3ed4473323077477c73d792901973b7d34b8fd4edc5ff8b63175e5dbd948954395cbdc6b4b12b9487054a09b0810d306223840e2e90687ca9523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2cbf79b07dc5eb7c05cc91b6e0411f9

SHA1
51522ff9a9adfe69734751acaeae03ca456558b5

SHA256
d5b5df635c42b5d22ea0acc5ca58853e30849eaf485e0d4717af7fbebfcee0a9

SHA512
168e32e16e06706a5bbc782b3490445bc6171cf0ca64067450807e40683b7e21243a78d4648591f4ab8fb5d6f4f0c6a93634df8e0b05c3b3889ab9c2258c002b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dda6361e4905772a73c93324af74ee35

SHA1
4006070e861df93735b502d3c39329ba410aaac4

SHA256
42cfc014ba371035b36759de411d99c039f442e0337fad6e92fceacc40824042

SHA512
13c25977eeee09b0a365468cab747e925f7f84698da750a3f754c7aa322df89094c7d9069d8f9710c02d2584d1eeb52ad9841f8d03fdc3e733d08928ba26b168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2de0e8bb4ae59b62291546a3232faa3c

SHA1
3f20c1f20231b46cd67f8813489222292ed3ce61

SHA256
e85d7fdea5651e38407d398d8fdb67619bd71a8516ce9f889e1dd7da5b188e2e

SHA512
d23dbee9f067649a2fda3903825afbb24e0a6e6897cbd9cfed4f8763caab4b77a60c6d1f2e3a6974db0fd8f5a194dc46da3957ac7783c7a6708704b00011c041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cae44199d96a454d69ffec6e1479da8f

SHA1
96c2edcb8840de6e5ce16a855a67fdab7972103f

SHA256
22f521e87f24682c6a64811c5774c9ce43a4cda65f071bc57f5751243db58df4

SHA512
e01981e987372fb054ff939f8d5a2f9f7583e7a52544c36a8cda7422f7aab25763b1fbc9653f5b04404bf4d0f19f93e255d40a855f0ce188251202cf80bc6a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ffa29bef-f40e-46d3-b3d7-6eb3b17c2794.tmp

Filesize
7KB

MD5
8bf975d6d494f61476f46723b83283b8

SHA1
718c48726b998df348ebaf0a8838d629032ebe76

SHA256
5cfeafd2cdc375e83a08cd88080d473602ee5ee9e1feb2a18a86c4602f7d5df5

SHA512
9435e1cb1ba1e21ffa8141d1b991dfafe41723b6e9c7b1c1b0b8c22d14cdbb91794684e59c84d4b9f323ef3b832c2c45e8b2b1b6e0e71ef4bd4c9f4747ce601b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
70deb349185de130f9cdc52eea365a36

SHA1
d3f2e08fe70a3f6377898b66884587cc35dc6367

SHA256
f48c14d63701e40f58687ebe05e0992768a300a3bd6778dddf5edde02116e70f

SHA512
326658b27780295043f0238a02353a94197c27941fb43ca47f383c8944423a5d2dcebd5bf9335165d10a3857493389d7b09ce12729def1a15bd8ab299af02376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dc01a25a-9f02-4979-ae94-d61cf5071ebf.tmp

Filesize
277KB

MD5
78d2ae166877aba360633c7e781ba72b

SHA1
501bdefae6ba6ace268f9b3c818dba895454c031

SHA256
5a72334539db5a2153762336192ebfb6eb0028722961fcc00586464b8d5ba183

SHA512
29ae8764b4240a5afd60c190a9dcff09f1c41f4d9e770092de63b17436bbda4e5ab5585806ff37aaeaa7a9b7e6cc2a5ce75ee35dd5c9e6ade21be9f9e8843f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
74a317714c63bdeb64d1a7651cf9b6b1

SHA1
46596aec1187d961d158f1947d8b5a7f1cd52beb

SHA256
1de64d436aaec7d286a290a079c6665e0af059dd1f754b7a81e15818bf80c22f

SHA512
38d775d7330e30f71a92f260395977675756e5c924eef562d38299a8a96e67cec0cb2562f10973957f3ece91b29ba9a1897d1d5cc4ef5982e8ac4609f6f2d44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4397.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar43AA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
28a0f104e499054feca46684c6e16a7b

SHA1
aeb5973ada5a58f53333220dde690b3a93dc78aa

SHA256
738fe4b7b8d9056553d2fe37ded6f668912e0f64054cc154a4a832d5bed2eee6

SHA512
cd57e74198a3327bc7fb0889afbe0853bb256e61f92d95dbab6a660379193166df5908bae1941093efa6f3ff8d13cca5b8fcdb6c62702ff766ccc4feda8e246a

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405100036181\assistant\assistant_package_sfx.exe

Filesize
1.7MB

MD5
392537e53fd77d401adac95607669eb9

SHA1
a9e0a8d54fddfae363026ba0d4d465e03631d2b4

SHA256
491c9f355e600d7528d1b6b74ba5f98d4da08a9d641e7760de925759b469d5ca

SHA512
a4d7f40417ec8154f85f5212368049fa2c12a4659176caea93a542b37173da85636819b542482b5970e2d93b10d1d5a1b8fc941243e7ce0c5bd5a9e44af222a4

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2405100036165401200.dll

Filesize
5.3MB

MD5
bd7ed8ac8b62406ed11845b4bd911047

SHA1
70f714e32c2838518d647056e39de16cbbf18f5b

SHA256
1e6447f3549610e2fcecc244aaa3fa5ceb1596b3f3ba5eac15837c639c704b70

SHA512
d2c062ad26774f5c1d173286ed4f276fcc1e27aa5a067d02b63aee1e3fd150a671c91f1e3e9496bd90988e15277998186a3d3b56db4ce361894642679d249b7f

Download Submit