32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Resubmissions

23/06/2024, 22:53

240623-2t1p5awepf 8

23/06/2024, 22:51

240623-2tb2rswekh 1

Analysis

max time kernel
1799s
max time network
1789s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
23/06/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
3080	OperaGXSetup.exe
72	OperaGXSetup.exe
3964	OperaGXSetup.exe
2288	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
412	assistant_installer.exe
2804	assistant_installer.exe

Loads dropped DLL 3 IoCs

pid	Process
3080	OperaGXSetup.exe
72	OperaGXSetup.exe
3964	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636568279954302"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaGXSetup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA	OperaGXSetup.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3080	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4912	4656	chrome.exe	79
PID 4656 wrote to memory of 4912	4656	chrome.exe	79
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 3032	4656	chrome.exe	81
PID 4656 wrote to memory of 1628	4656	chrome.exe	82
PID 4656 wrote to memory of 1628	4656	chrome.exe	82
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83
PID 4656 wrote to memory of 1140	4656	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92b14ab58,0x7ff92b14ab68,0x7ff92b14ab78
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4224 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3224 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4796 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5056 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5016 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5288 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5468 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5472 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4920 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5048 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4520 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:404
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:3080
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.142 --initial-client-data=0x2d8,0x2dc,0x2e0,0x2d4,0x2e4,0x754e52b8,0x754e52c4,0x754e52d0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:72
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3964
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x250,0x2b0,0x1134f48,0x1134f58,0x1134f64
      4⤵
      Executes dropped EXE
      PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5204 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6624 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4024 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7052 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 --field-trial-handle=2032,i,3716728228470562605,1004710839913019826,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
1d8bd1e3137d4a22533269bf14ed1c15

SHA1
cc937fa2e06ce75f4a23cbaac849b4f4f78610a3

SHA256
688f8dadd4cfaacf05b12d6a931b8c9e365c02a0e24df5f8bcafac8792a21a53

SHA512
4e168afe71f61a8682e0f4afe946fb962288f8206f0a6055bdffb74619889401311ea9a6294099fd5c9fcbb037ae82a271c3b9fd10e02d2bc65189b68c3f36bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
727B

MD5
b45f1f4ddabc491f50e9e2ab2d3e2b43

SHA1
77f87cb1526f56526a8563e5a8f60388683e2ec1

SHA256
219a911aec81ede1df443e783eab4fa54e6747aad2d86cb6e9ffc09c7901b068

SHA512
afeb2c15921edb1cbc38a84bc42217b17b9b5fd50a7f23e3812020113a3d59b48f3f18d8048685237f886524f63bc002cd365ee19cf9894db99ee54f9ddcca3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
5e61e80b5f0cb77c3a35a7b865676368

SHA1
d94254746b80a875d44996854da550e33dc637d7

SHA256
26a0c31c0aeb4cca6f226e3b44f284ccd14da51838423d0d75a09f11c785092e

SHA512
708b4107f13e40db4a2e9f2f2d0a999ccb7f34c97249c26e544cb08e6690e8d9cffb53cf221e54092fc5612f81ef8bd58dadcb3e2ffe1a6eaa551e3e9adf600c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
b17e210e5b9bd72a2758b02cb0c4286e

SHA1
a8058167ee9de3cdaa5689dc3bf3d28321354887

SHA256
481d414ffea9f3fdfdc96fd11cedfaae2215c46498252d3ec5bb5758eb2b26a8

SHA512
ac29672fcd325f01877221578a5ed783accc0ec662b807d8053fad99c8b7bd197b5b0d6286f882cdcee6f9e55dce96c230c0192ff6ac0f1131a09d26743d2a6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
404B

MD5
6d22fc7698773cccefaa6fb49c605f7f

SHA1
8da7508230b2b9e13df75c9268e188132f577a4d

SHA256
d535b5e9cd9d3298ed92776edb6a500984a54845e3378b84673aa73716e8396b

SHA512
da0a6deb0fcd2d265ef3005a9694bcebdaaeb1200a14ae7364b465cbeda83c641062578b30f94fd11fe271c89e1244fba68502f9c6f666d41eb6a0765e2a06ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
6c8f59828cd7210a19eedfa165c5628b

SHA1
e660bf496b5b53d5da3c5e3a39ccf989c33d3672

SHA256
4fa15dc2bcfa9508ecc88ab0db462e9f156b91f11e21a8a6d21ffd96e5d98bee

SHA512
e0fd5ce0423410b71b3009ba2c5bf434c953c8ff4099cbb219d50b1689bab50c89a57a9c6ac010e880553863d245c4c56b742aab37a39869ae5137a33d76e17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5034ce56b83b003277b13f18fe1a1f7a

SHA1
3733a321da119ea37f81cdea95aaf875dee7747e

SHA256
bef7f899019489d962a1c6f14220027623db8c1b881575e3fa53abcf16e660cb

SHA512
5250afa71e8881db43235f0599bd4d68f1f91ea21b9445a82b1f524e24c7fc066e010774823a2c90926f5ee524cb5b2c8b7e68cb001472e231f2ff378fbff1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
89893206d3b50a7aa8e8b64d514daa64

SHA1
e8e15665813a798bc581ba8780eb93c359a2180d

SHA256
437b57ca77cea95ce0ef5ae47828b77f259e1ea463a63b7ec210099bdfe2669e

SHA512
af8b08d65d6ad1e7d553d7251e73b814fed1b905cf54a063a2865e0fc07680f2bb75bfd9f3f0da5d3ae3192823c7a122001e8c3492e2b563d615eaad762428a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8d2680387b8dbc3e35123e004bba5359

SHA1
2efa680f99908c22d7ff3ca8b76891b4acdf1eff

SHA256
8c977030c7dbe2d2e804d17e063df1245911490d5371f178fcfc05f9a750b8fe

SHA512
cac41502c259155069e26c489f5c6db3a8f95801437599124d687c78f7c9ba0cea9781e70e27a0b5df666a9b09a2db9b89ed502a0c91a93b0a16f2d9b9921634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3416e67f500cc182ca7b7839eb0c82c5

SHA1
e310de9ed7a1b285120140101a2aab5910e4186e

SHA256
653b2d1c86e26f804a523f620b5ddff665fbd29cfde65adc7c7e06c3f1e8e92f

SHA512
b1c3449811311a608239b69927a88284b56ef89edd334ed856f0f3bd15ada063f101c1b0a171883e7e92916302c9e517e3112626dc0f2e795c7e5cecd76dcf6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d5aa090c5945e692459281be7c02c8b6

SHA1
cac014f4e70bb02fef29756616bea4dfc312e25c

SHA256
e2b7a2a80e1cc6ebbc064ab1022b3ac4622fe3590aadb7904b97fad4b1fc4425

SHA512
3e26469839ea0b38ad8af01ba8d0bc309508a3ed30d277b9c22447e1f107dff254f601a23d36d61c7bc81e2aae7ec019617a8b073f33373e201dfe3c9ef38fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b28254746d26ce8ea002e45df252c344

SHA1
663499e8a52a076fbbca8765e14fb3fada66cbb4

SHA256
912d2abbb28cd0b1128d349e938d942f1203481ba22d7ed0c1cdc84727023de6

SHA512
c2cdd811e67b7eade33d9ee24917e700f27b6bf9d8ac9102aca41d190b5abdac4ea521a074fb6fdd08539fe75c676ca1ebd83c09a8e7d67f855f85e44140608b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b69ee1eae0b1adc8e0da10f2592bbe7

SHA1
4b95e1fab4cd099c52494554455ccb9e06483902

SHA256
84a929ffe065a82c18288a82aee25d7099d97e1d42e796c342dd31020bcfc29e

SHA512
7fceb5294a7e9a22e5b75c8747d89ba1856d4cffb5c77903f0e916a2484f5942e5f8e8117cb8730b8f51dc533d1d8908c5a88ecb85cd75432f381b64db8de5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ef5530411dcd3be6d253c05582c9790a

SHA1
de9417d6189eb8ae6b6ab57b0509f97c60b35ddc

SHA256
a37bde83c4e784e6d4fa10d135b6d5332fc1ea486c27bf01877f91c370a3dc1f

SHA512
6e686ac105ec6f7ad2809200d2cab6abe7fe4912cde1d1be75c10a1a25a910560037dcbede08d374ecdf0d68a239b95dd7c0b77fa61d365988ced3003bc946ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9a0be61447d8dcdcdd9fa193dd23525c

SHA1
7054ac6109ffd145cef190aa8cc50f77267effc2

SHA256
6039b015d9e64c41ed0a9228e6a91409b69379a1800ba7312777ee707869a77d

SHA512
eba487684c8bde926e31d554b53afa71bb25bab2cdd16c63a138b312c379a400541096dcb5ea8b16e9ca6352ecfa7e38ad03dcff2bd1e90a8662f6f5183fa06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
56ee605beb2eccede798ed06aa8349b3

SHA1
d0c69c01abd3e18e8cddfb5c40c1a5598e5f9f9f

SHA256
ea2dd70bbd55f6642479046d83aad115f5c6f75d52f9381a468d3772d396cd83

SHA512
068f77e23a909072113f00e4f339cf2fc8a4a36dfc7f731d88668c44250d213fdf4a72ca99d42427b7c3ffdb191cae57af1a4d1413ffe2caa0dd6d262538a74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
25b37405c18d6cb49888e3389819f46d

SHA1
5c6aee5dbd1ef6d315b591055a63cd22fedd6b48

SHA256
fd5c0339018ce292ba67436d9f8f892fc4ea23c548833102e2b4f9db69a1baaf

SHA512
6886a39c6bbfe246be4652da975bd19ba14916399975ce218860c32089a5bc1ef075114650c7f1f0de89fe0ed73095a9c71ce090920cdb06ad6a857c51848353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
738c3934bf819db9300d240b8bc744cd

SHA1
fa90462ba2c95c61d67e73112dd6c98cc6ce7b80

SHA256
e5e757ce1ff88b9f2ddb747997872d0534b32f702ead8436dbf129cd7f258169

SHA512
39177ffdc64e6b3f5852b283821940c3ddc6ed08b68671bedcb0e7ed6e6be1a422e58c253dff2382352d2efe625a3888319ad899a1d13844f70b7e7a38d031d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a290b1bf68dfaf8749c8ebbd43e73c62

SHA1
95cd166d6cc82b27e1d78f326ba694c78dab0f4c

SHA256
34cf1990870d2ed411f67722b8a3750d606a48887f28f0366aad429b0f10d093

SHA512
2734a2fd80fa827f6d22b828ce1e322d36c73e3571850a506ec1033a24fef015fbc1291b2772dd687ef4a30c46644fef649aeda9e98b5c877a8a793e2ddd0382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
24cb5739576281c7270739c5fb810614

SHA1
ea1c67889b8675894d78b5adaf3f618850d0ca86

SHA256
040acc2cd62d68c641fdf9aaae298832f77da38c0d21e4d3ad7e14322d4d1b2f

SHA512
04d83dc5eba0c293e8f1da6f22693ddc052b7eea40bdf1523d070d33915469b24a16849ed32b05b6d8cbe25c045edf1278e296fc8192276731bcefdc5670dc25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae634b89d8da828ce2af36147adb7515

SHA1
d8b8cd11d517a7a8d9cf8c5883784ecfd0501f9f

SHA256
ba75a440589fdc71b6a43e687b66af1e4e28d8a7ce86b3a101fa0719fc6ecbf3

SHA512
b8438e91f413c1e305bc28302f5b26e3d1204c1abbe1340ee491813be8c39a2bb6bbc88e0f4c19c92f6ebba792f6bf498ae0426f179f6336cff6a5cf618660b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
4ec85d79292dc6ad918d949f4f21e367

SHA1
52d8bf9014bfad7fed06149736e64651f88e331a

SHA256
21ed3bd2bc1dfcc5985acd258c3528b12ca8ca48ad60b906d7462b7e365e1de2

SHA512
6f407a9fcc5ea50e44a97ecbe0cfb59bd3e85af1b2812127f10df69e51485931d052b319bac5a58b15231b6d86850a78832b3fc0c914f5f7077bcd7cee0d0aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
0283ee76967613470d514d6c3dc23018

SHA1
c597b8a605782978b98ac312441a15ca30905085

SHA256
5277e04abdd5731bc793b6aad6634ae892577b8a0c53bae84c90b94e58342cc5

SHA512
8fe0ee2be0cdf8f98177dbf98180a48cceba2af514d5611212b718b1d02a7a7a683e43e1a0e10205d7b5a64712c0e58fa26101edda9ba57992752d971ef9f791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
520c3cf057b7cf03ab8588687ad75c6c

SHA1
5f3abbd74faf309f510de132fec30df3e83aae94

SHA256
5f1f58db3a81f9cf03225d02b7331803fd2e5e461c1e49c1ed0a489e89e23c68

SHA512
10f9beb4f3dda44ccdbb8c1d7e465c0c821d1886ea671bf0c5289021e0b6572695f8c6e225c515d7438bfefdd85f2ab952bda6972c0512ed331a656b686586de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
cc7d7f7910d247d888c63af2bcbfef44

SHA1
6e91c43a4de9ff2e0fc3c178e96bfe0f46e76022

SHA256
123ccffe348d687b1dfe9381a9943b49bbd37be70880d45a763eeba37f011895

SHA512
a958678bb38c8c2df1c9202dd22472d1ed7513d149962e3df07db4ce57cf9e9cdb3ddb5dca20a72e5450f74a58dd790fb2a565fd1a66565b980d8e2cfab2b975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
76b82c79317dd68b4293a165cfe31c9a

SHA1
cb868b6f3d1828ab371d5a1e9a706052d99402c2

SHA256
82690affb50bd1df34413c3b8bd78d48f0ed2e5b898b0585fe26db6f6a4f7187

SHA512
a1805eee5d755f173e2ad2267d5ac07be3b073342a2589b2a4d162e723234ee08013abaeb03d1bc448c2231f7eda1b03a89dc5a6029859860982c33925605074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
30fbbc0342113e0c39d62fa703eb9e5d

SHA1
f22afb5ef91864e2921f63fc52ffae2e9721c215

SHA256
0a63c9cc8517a913de34643a5ed2ed1686f478c8332706d7afedc15f045afbb8

SHA512
31a8a6497377e3e2a7a614d94eeba0c31b080baa9dad569661c1f6f229a725237c4c87c25bf17fdf4320341af738657e81603bbbcfb2b922ed2178ca6c5c63db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
821c53edf568900637d1e70c202a8b7f

SHA1
28b70c06288164cbe1989b940e8cb47a1992eed5

SHA256
b354bf07478e9f54bee81768f42a10d42494def6072fc529b0c4d301f0145c82

SHA512
bf918a8612dfd039287281ca72073c637db30993b06d9b0af60b3e41f20a19ee137c5ca2219495973b6e4cec0ed66fb9c742793569fc208fd309a4d34a8e0b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ec15.TMP

Filesize
83KB

MD5
2f302277279cfb8c0ae622ca72d2f7bd

SHA1
fd0aae21ba8a2dafffe2193d62935e31f939a0ac

SHA256
8bd6b83c057d8a8ec35a4dd7c2e73a9dff748e7df57154bc9430371414c272b3

SHA512
a0ff5a44608976bd97eee4f2ae076024777367646bdb96d64b8bdc56a518eecb8adbf8827a6adb398b75df58aae834c029556fbdcffa4ee0b56933b1c25022bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202406232255051\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2406232255036863080.dll

Filesize
5.8MB

MD5
1a4fdbb85e2b99ec1f3ca6e4716ddf62

SHA1
fb4698270b8664980407b932d76a99907ce1033a

SHA256
e9ead6307f9461d7cadf9a37cae959082e08d9d8d98374e4f7ea15ddd5d53b2a

SHA512
a7da63f9d7f95c0984f120f12df31a7051624fc0825a658cc54676b2835ecffc8f549e37d777158925901b520642d0adf1c3e3046302e24a70514266acf04cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
ffa68494c509b9d86cf1c85d6c34d72c

SHA1
b92430875dec9ad4877afb86af9ff3a0430155ae

SHA256
934f4ff22af65018f97645dc12aeec9c755f38e0a53b7f89a103dd76d1916786

SHA512
3bcbe180428d1c3d4683be5a9a2b82988419e6bebb8df058a7f349a8b79194cb4b91b6f769ece35260dd19a75e81cb2ab7f827a623ec66f4cdde685994a67177

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
6.3MB

MD5
4033d7bb37dca7b4886f755f572ceb3a

SHA1
70d09a7e0df5841ae809d35a2184f510fc1602fe

SHA256
09ee121b27db55d9551a167c40254870fec6e6e00a7883451a272759647d3b42

SHA512
384e34d52ed578af396abca30b5250189aeed4b9abd5a1cf98884f327c050d929594de3c1f7eaee0932fe8c1d2f95d7ade4ff347688905326784ef1d45dfc55e

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit