Malware Analysis Report

2024-11-30 06:13

Sample ID 240612-q96qjaxemc
Target bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05
SHA256 bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05
Tags
spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05

Threat Level: Likely malicious

The file bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05 was found to be: Likely malicious.

Malicious Activity Summary

spyware stealer upx

Downloads MZ/PE file

UPX packed file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Enumerates connected drives

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:58

Reported

2024-06-12 14:01

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe"

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 1572 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe
PID 1572 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe
PID 1572 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe
PID 1572 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe
PID 1572 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe
PID 1572 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe
PID 5028 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe
PID 5028 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe
PID 5028 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

"C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe"

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=90.0.4480.48 --initial-client-data=0x2d8,0x2dc,0x2e0,0x2b4,0x2e4,0x754a89c8,0x754a89d8,0x754a89e4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0xdf30e8,0xdf30f4,0xdf3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api.com udp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.93:443 features.opera-api.com tcp
NL 82.145.216.24:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 93.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 download3.operacdn.com udp
US 2.16.106.162:443 download3.operacdn.com tcp
US 8.8.8.8:53 162.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/1572-0-0x0000000000400000-0x000000000092E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2406121358529221572.dll

MD5 81fe65af3d3707ef3d58020f87c8ae21
SHA1 d25b438f9c2a4ef5929ca4167e2f6526f9252703
SHA256 c2be617c6c6a77724400992878a95dfdb7dd24571330a167e9c423d33098cb7b
SHA512 2a3cd92b9f5df14834cff9b37e5fa40faf47d8bb4a637fe44d58d69b0fdc218d2ea39e179b711ebad715eb656c8fb7fa2b7b4642c3301e000bf60fc38a6e0969

memory/2504-5-0x0000000000400000-0x000000000092E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

MD5 3a6c337e35fc0876cb5726f2edfb3118
SHA1 34806f53b8e78997b91861efca72d3693181df2b
SHA256 bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05
SHA512 3f7c4c0c047596cdc0a9005796f2edfaee16c61b528b4bc834c7be991a67f04546da610ced7d9092056cd1c0c3b2bd0aa40f537b52d73e476febf16d1a859c2c

memory/4696-19-0x0000000000400000-0x000000000092E000-memory.dmp

memory/1572-21-0x0000000000400000-0x000000000092E000-memory.dmp

memory/2504-36-0x0000000000400000-0x000000000092E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\_sfx.exe

MD5 028fb19ee2cea3e611b4a85ac48fafbc
SHA1 d1a802b5df649282e896289b4ec5df8d512b53dd
SHA256 e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117
SHA512 99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\assistant_installer.exe

MD5 b6789061eb88781add48ec7095ff78e5
SHA1 c2cdf5723a94b3b5a69ad78a5e869347444abe0b
SHA256 c39c7199fa2221783ea61f085f484668e3c452706069b046cb0f4a9d4cb4c0a3
SHA512 7c9a61c7f8d45fb7a2591c0c57c22bca0b527e3b6b4a3bdde5fbdcca25abc1e0c56a244a39d4b65a91316eb8f19fb8232569f5781eedefbc0898646d4df10f9c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\dbghelp.dll

MD5 fa64324149160877768551fd96c360dc
SHA1 dd76ebe617271465ae5820f49152f8a89703ae1a
SHA256 7f4a2cff90524b769781b763077be198d74834c6b576ef9f27132a415cbbaca8
SHA512 72161c1b0449f546e2a3560369f5cebbe71c5f098efb4037a9ec229310082b0fab2de10b8a0f94b0213d5119cd9ff66daeaa73ca2163ba0224b5cd8526f7bbea

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406121358581\assistant\dbgcore.dll

MD5 a4ed3b36776e0155fd24ffa609ffc2f4
SHA1 3d6496f21e0f04b6789365d06e71fe7de284b1c0
SHA256 b69387b9284dc36d377e4066c4cf361dc65efc6c784af0f8666d9684fabd2d29
SHA512 ae5d052fdcc7e7d3e593a1fb2dd5e64fcd75c7381ff4e4c5f4302d8d3c058a48c943c66d04c02d44d45c2bda36b3d3df096dfea26fc35d3c682bdd5221225e76

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 9442bc9d7f6f4357991aec15f8e8f10c
SHA1 46e85e202a349102519e764b87e138c87260442f
SHA256 16a7c050e0806501e8f10f47e7fc4366d5c3e559481fa9ae3e9d1f27d52922f2
SHA512 c6fcaf9b705c3e2b98f7c0044b2f3f3befe2203f29bddb9ffe1d8998c02656db08ec6771a64b093b93bf146738e2562df5acb947de53c4d2a72127468de1e746

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:58

Reported

2024-06-12 14:01

Platform

win7-20240220-en

Max time kernel

141s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe
PID 2860 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

"C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe"

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

C:\Users\Admin\AppData\Local\Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=90.0.4480.48 --initial-client-data=0x188,0x18c,0x190,0x15c,0x194,0x745989c8,0x745989d8,0x745989e4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe" --version

Network

Country Destination Domain Proto
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp

Files

memory/2860-0-0x0000000000400000-0x000000000092E000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_2406121358433772860.dll

MD5 81fe65af3d3707ef3d58020f87c8ae21
SHA1 d25b438f9c2a4ef5929ca4167e2f6526f9252703
SHA256 c2be617c6c6a77724400992878a95dfdb7dd24571330a167e9c423d33098cb7b
SHA512 2a3cd92b9f5df14834cff9b37e5fa40faf47d8bb4a637fe44d58d69b0fdc218d2ea39e179b711ebad715eb656c8fb7fa2b7b4642c3301e000bf60fc38a6e0969

memory/2228-10-0x0000000000400000-0x000000000092E000-memory.dmp

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05.exe

MD5 3a6c337e35fc0876cb5726f2edfb3118
SHA1 34806f53b8e78997b91861efca72d3693181df2b
SHA256 bf19a1b8febfef715831b6c6864854df1673bdf2483f236752fbc99fedd33d05
SHA512 3f7c4c0c047596cdc0a9005796f2edfaee16c61b528b4bc834c7be991a67f04546da610ced7d9092056cd1c0c3b2bd0aa40f537b52d73e476febf16d1a859c2c

memory/2860-15-0x00000000035C0000-0x0000000003AEE000-memory.dmp

memory/2692-17-0x0000000000400000-0x000000000092E000-memory.dmp

memory/2692-22-0x0000000000400000-0x000000000092E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab1BCA.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1CDD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 936a6c190b44ad2332260defe55f2e66
SHA1 097fb9289e19131b742aeabb812a751be905def4
SHA256 18afacb2996826e0181de2d8f0d4114c2fd13053e62ca6fd1c0952dfd48f5b17
SHA512 35e8948408cf4c64fb819691c7b9f308936e1ac776bf09bd2038e592b3a23beabc646cace17d4df4118d5a7c5a4f43ca990a816724d09d27b1115f70306eb99f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80a6e126c8f29f4d7e6c4ac50ac46bb
SHA1 7617b8631e946ac13ae9df4ebb547c57935e841b
SHA256 6fb5201ab18b4cbafcfd5f85cb4fb43ddcd1feb81936c9e87ad841c486fd4662
SHA512 efe6cd0b1c19401686e4e31a89d279a7f5661fb2c4ba140766be0c3908a89bb338b3d62bc1509b4fd25ce67a34ce2850791f30cc4bab0444c38110a2b0e47b9c

memory/2860-538-0x0000000000400000-0x000000000092E000-memory.dmp

memory/2860-800-0x0000000002840000-0x0000000002D6E000-memory.dmp