46aaee3d118e64680e5c7d397fa73ddf5d040442b590bf6763a64b1ceeb0f111

General

Target

OperaSetup.exe
Size

5.2MB
MD5

09576f9fb6596bca04d7c8c7b1cad18d
SHA1

aaead49acbb6bdd85fc785d9b587df064d6c5360
SHA256

46aaee3d118e64680e5c7d397fa73ddf5d040442b590bf6763a64b1ceeb0f111
SHA512

4bdad289ad237759ab0e093bab085736eddc132070bdb2517233150f41cdb31eae254d0b4411113e3c900fd5a0d2efd6219f1ed4ef5468889da7a7445ff5b887
SSDEEP

98304:D7xBo56666666666666666666666666666666x666666666666666fwwwwwwwwwA:BcPdCvTxfJfXzp3OVGpWNuNb8eLgUXJ8

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2096	OperaSetup.exe
4780	Assistant_110.0.5130.23_Setup.exe_sfx.exe
4264	assistant_installer.exe
1192	assistant_installer.exe

Loads dropped DLL 9 IoCs

pid	Process
1284	OperaSetup.exe
5052	OperaSetup.exe
2096	OperaSetup.exe
4724	OperaSetup.exe
3208	OperaSetup.exe
4264	assistant_installer.exe
4264	assistant_installer.exe
1192	assistant_installer.exe
1192	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1284	OperaSetup.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 5052	1284	OperaSetup.exe	86
PID 1284 wrote to memory of 5052	1284	OperaSetup.exe	86
PID 1284 wrote to memory of 5052	1284	OperaSetup.exe	86
PID 1284 wrote to memory of 2096	1284	OperaSetup.exe	87
PID 1284 wrote to memory of 2096	1284	OperaSetup.exe	87
PID 1284 wrote to memory of 2096	1284	OperaSetup.exe	87
PID 1284 wrote to memory of 4724	1284	OperaSetup.exe	97
PID 1284 wrote to memory of 4724	1284	OperaSetup.exe	97
PID 1284 wrote to memory of 4724	1284	OperaSetup.exe	97
PID 4724 wrote to memory of 3208	4724	OperaSetup.exe	98
PID 4724 wrote to memory of 3208	4724	OperaSetup.exe	98
PID 4724 wrote to memory of 3208	4724	OperaSetup.exe	98
PID 1284 wrote to memory of 4780	1284	OperaSetup.exe	104
PID 1284 wrote to memory of 4780	1284	OperaSetup.exe	104
PID 1284 wrote to memory of 4780	1284	OperaSetup.exe	104
PID 1284 wrote to memory of 4264	1284	OperaSetup.exe	105
PID 1284 wrote to memory of 4264	1284	OperaSetup.exe	105
PID 1284 wrote to memory of 4264	1284	OperaSetup.exe	105
PID 4264 wrote to memory of 1192	4264	assistant_installer.exe	106
PID 4264 wrote to memory of 1192	4264	assistant_installer.exe	106
PID 4264 wrote to memory of 1192	4264	assistant_installer.exe	106

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x27c,0x2a4,0x2a8,0x2a0,0x2b0,0x7552b288,0x7552b294,0x7552b2a0
  2⤵
  - Loads dropped DLL
  PID:5052
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2096
- C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=1284 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240522052520" --session-guid=f44e6b95-422e-4351-82cb-86ccc35a1c06 --server-tracking-blob="NjQzNDkwYzFiYzQ0ZmM2YzA0ZTJiZjhmNmU4ZGQ2Mjg1ZTk5NjM0OGNjYjBjZDA1OTdlODIzMTk2NjE2ZmRiNzp7ImNvdW50cnkiOiJGUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy4wMW5ldC5jb20vdGVsZWNoYXJnZXIvcGlsb3Rlcy9zb3VyaXMvbG9naXRlY2gtdW5pZnlpbmcuaHRtbCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWtlbGVvcHMmdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPTAxbmV0X2RpIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzE1NzYwNTcyLjIzMzAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI0LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiIwMW5ldF9kaSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6ImtlbGVvcHMifSwidXVpZCI6Ijc1MGMyNThmLTYyZTUtNDk0MS05ZDU1LWUyMjAxY2FkZTg0YSJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=1009000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
    C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2a0,0x2ac,0x2b0,0x278,0x2b4,0x72a4b288,0x72a4b294,0x72a4b2a0
    3⤵
    - Loads dropped DLL
    PID:3208
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x2730e8,0x2730f4,0x273100
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

Filesize
5.2MB

MD5
09576f9fb6596bca04d7c8c7b1cad18d

SHA1
aaead49acbb6bdd85fc785d9b587df064d6c5360

SHA256
46aaee3d118e64680e5c7d397fa73ddf5d040442b590bf6763a64b1ceeb0f111

SHA512
4bdad289ad237759ab0e093bab085736eddc132070bdb2517233150f41cdb31eae254d0b4411113e3c900fd5a0d2efd6219f1ed4ef5468889da7a7445ff5b887

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\additional_file0.tmp

Filesize
2.5MB

MD5
028fb19ee2cea3e611b4a85ac48fafbc

SHA1
d1a802b5df649282e896289b4ec5df8d512b53dd

SHA256
e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117

SHA512
99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
b6789061eb88781add48ec7095ff78e5

SHA1
c2cdf5723a94b3b5a69ad78a5e869347444abe0b

SHA256
c39c7199fa2221783ea61f085f484668e3c452706069b046cb0f4a9d4cb4c0a3

SHA512
7c9a61c7f8d45fb7a2591c0c57c22bca0b527e3b6b4a3bdde5fbdcca25abc1e0c56a244a39d4b65a91316eb8f19fb8232569f5781eedefbc0898646d4df10f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\dbgcore.dll

Filesize
166KB

MD5
a4ed3b36776e0155fd24ffa609ffc2f4

SHA1
3d6496f21e0f04b6789365d06e71fe7de284b1c0

SHA256
b69387b9284dc36d377e4066c4cf361dc65efc6c784af0f8666d9684fabd2d29

SHA512
ae5d052fdcc7e7d3e593a1fb2dd5e64fcd75c7381ff4e4c5f4302d8d3c058a48c943c66d04c02d44d45c2bda36b3d3df096dfea26fc35d3c682bdd5221225e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405220525201\assistant\dbghelp.dll

Filesize
1.7MB

MD5
fa64324149160877768551fd96c360dc

SHA1
dd76ebe617271465ae5820f49152f8a89703ae1a

SHA256
7f4a2cff90524b769781b763077be198d74834c6b576ef9f27132a415cbbaca8

SHA512
72161c1b0449f546e2a3560369f5cebbe71c5f098efb4037a9ec229310082b0fab2de10b8a0f94b0213d5119cd9ff66daeaa73ca2163ba0224b5cd8526f7bbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405220525193311284.dll

Filesize
4.7MB

MD5
74ceaf1146735fe0e297fa37ecd98349

SHA1
d77927d0b1bc98c4a1d1839591b1d3d5da2e3f50

SHA256
b4bf308a845e7b2b6cf1743a7c67440c8690a73631977d75197ae4616996c694

SHA512
f7717dbf780b5badacb27d83fc0e55b14477fe2179f11396780b053ba928b1875d77c83c470d5940ade9ce53082989cc581d411e9b441b52fe0b1f9396115251

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
a8459f3c0b631ecdfad7a5903715c2af

SHA1
56b0d7cef31bf6a34a5d305939c830a76607daca

SHA256
402317cd57bb40c70091a51b9b0f411fd9d8bc3f362d5caa5aa67fd57cd4ac4b

SHA512
a4a47bf5a7abcedf717ae7fe7674aa88837a5561733c081247aae2bbeec65a9dbcfcf37eee896e20cf50674a08b29c2235f947be352903f9e1353efecf96c811

Download Submit

Resubmissions

Analysis

Sharing