9dc65a16f168682603df569c91eafc899fd0f2b27baad2c781bf5e22e4182f15

Analysis

max time kernel
237s
max time network
240s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4717-launcher-chitov-exloader-dlja-csgo.html
Size

115KB
MD5

ebf90155030d418463b9591e8ad08766
SHA1

6acdb49a4920bfbe7512e5d769fa4fbfca187913
SHA256

9dc65a16f168682603df569c91eafc899fd0f2b27baad2c781bf5e22e4182f15
SHA512

8c4ffb61f9d2a838cfe98cfa12b3439a45e9045f38b912f371eacbabe73d15da2a5c93a3dfacc1882f656a4de5bb1ba4de0c9c6f4b3e1d0102c9a69bd83329fa
SSDEEP

1536:BGlFByY8X4Ck05JlK2CoCxjBqoSU5PcMZs3vkWBu:BGlDygCk05JlK6KwGPcMoBu

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
1504	OperaGXSetup.exe
3896	setup.exe
4804	setup.exe
5028	setup.exe
736	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4496	assistant_installer.exe
1016	assistant_installer.exe
400	setup.exe
704	setup.exe

Loads dropped DLL 5 IoCs

pid	Process
3896	setup.exe
4804	setup.exe
5028	setup.exe
400	setup.exe
704	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{E50C9337-6081-4833-9D3B-18F90DEDC799}	msedge.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 918955.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5052	msedge.exe
5052	msedge.exe
1460	identity_helper.exe
1460	identity_helper.exe
1180	msedge.exe
1180	msedge.exe
4424	msedge.exe
4424	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3896	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4748	5052	msedge.exe	83
PID 5052 wrote to memory of 4748	5052	msedge.exe	83
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 3488	5052	msedge.exe	84
PID 5052 wrote to memory of 5112	5052	msedge.exe	85
PID 5052 wrote to memory of 5112	5052	msedge.exe	85
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86
PID 5052 wrote to memory of 4856	5052	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4717-launcher-chitov-exloader-dlja-csgo.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd8f546f8,0x7ffdd8f54708,0x7ffdd8f54718
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:3284
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe --server-tracking-blob=ZGUyNzU4MzhkNTQyMGNjODIwNGE1MmQ3MWY4NWM2MWUyMzkzZTkxMmY3MzU2NTI2ZDRjOWU2MDA5OTM3M2Y2ZTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1PRlQmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249b2Z0Z3gmdXRtX2NvbnRlbnQ9MTgyMjZfJnV0bV9pZD1rOHc0azh3OGcwMHdzY3NnJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glMkZwYXJ0bmVyJTNGdXRtX3NvdXJjZSUzRE9GVCUyNnV0bV9tZWRpdW0lM0RwYiUyNnV0bV9jYW1wYWlnbiUzRG9mdGd4JTI2dXRtX2lkJTNEazh3NGs4dzhnMDB3c2NzZyUyNnV0bV9jb250ZW50JTNEMTgyMjZfJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGcGFydG5lciZ1dG1faWQ9azh3NGs4dzhnMDB3c2NzZyZkbF90b2tlbj02OTQxODI4OCIsInRpbWVzdGFtcCI6IjE3MjMxMDI0NjguMTEwNCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoib2Z0Z3giLCJjb250ZW50IjoiMTgyMjZfIiwiaWQiOiJrOHc0azh3OGcwMHdzY3NnIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vcGFydG5lciIsIm1lZGl1bSI6InBiIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiYmFjMjgzNTAtYTgwZi00YzM0LTg5ZTMtMWQ0YmU5OWZlNjUyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x330,0x334,0x338,0x304,0x33c,0x74891160,0x7489116c,0x74891178
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:736
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xb54f48,0xb54f58,0xb54f64
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3896 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240808073446" --session-guid=00ab8631-d917-416b-a8f4-6586c7723695 --server-tracking-blob=OTU2OTY0YTFlOTY0ZTI4OTgxYTBlZDU3YzVmMjRiOWFhOGIyODEwMjM2YmQ0N2Y5ZjIzNjUwYjI2YmJjZGQ2MTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1PRlQmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249b2Z0Z3gmdXRtX2NvbnRlbnQ9MTgyMjZfJnV0bV9pZD1rOHc0azh3OGcwMHdzY3NnJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glMkZwYXJ0bmVyJTNGdXRtX3NvdXJjZSUzRE9GVCUyNnV0bV9tZWRpdW0lM0RwYiUyNnV0bV9jYW1wYWlnbiUzRG9mdGd4JTI2dXRtX2lkJTNEazh3NGs4dzhnMDB3c2NzZyUyNnV0bV9jb250ZW50JTNEMTgyMjZfJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGcGFydG5lciZ1dG1faWQ9azh3NGs4dzhnMDB3c2NzZyZkbF90b2tlbj02OTQxODI4OCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMzEwMjQ2OC4xMTA0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZnRneCIsImNvbnRlbnQiOiIxODIyNl8iLCJpZCI6Ims4dzRrOHc4ZzAwd3Njc2ciLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9wYXJ0bmVyIiwibWVkaXVtIjoicGIiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiJiYWMyODM1MC1hODBmLTRjMzQtODllMy0xZDRiZTk5ZmU2NTIifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=0003000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=111.0.5168.99 --initial-client-data=0x32c,0x33c,0x340,0x308,0x344,0x720e1160,0x720e116c,0x720e1178
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16498122029689398842,7686398589172140810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
727B

MD5
99faf1bbecb5606762bd70a8fb6af4fe

SHA1
e38602166244ba1d6980a6e95d826c6070815dbd

SHA256
8d65f8eaa5ce12175dcfc58850747bed73474485dae2e8b6c6c9574d222f29cb

SHA512
db5307d8d1383903d5b9ee85ee6de177825f1725528606cbf32c0367011993e3b4446b3c9b20681a2b86a576b6450a4761c1200bdc6ddd3912e3e58815c7a4d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
519f47ca386a53c372d32c745e3ff3d3

SHA1
38299d39d43b29c8145af347e59e11d233ec225c

SHA256
1cc9a63b647ec23c31782940811afce8f2f9c9cf1a54172c63a308b109051e23

SHA512
9755bb085c54b749efd6d235fae12064e585641ff10751af4c26f861b590868480d19e17a4784a7548cf09f72c9e654186f687f1a569cd885f4dc7c48eb424d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
404B

MD5
fe10c6a6b3d0ddb34bef2c67da2bc6d9

SHA1
5f6107f28316d919857435403dbbe9ab7920c473

SHA256
8f33f0313bada7fa3f329b415557ab1c370ac870ce39db7d8cd5a704fa76453d

SHA512
6a6d42df8dab107e02b893b85bdfca84808f8126cb0f11941bb5f5f79cd40318950d90002d6bdd44f16236ad941e77c47de8e00bae23213c97864f78b7edc52d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
85b901768bcb533e6fff3f7ed72f560d

SHA1
42d8823a400e87fc2bcbf104884baa3bbcea2d68

SHA256
09c1419dc4cb778462f8c373351d1cad9c48ba21dcd6f8396366914af69214a2

SHA512
10df48a5cb94c09fcbd1a8c7b3620bfc4ddcaefc5b98f06ef6837e7d70bc8a342b0e7d1f4ccda1badda6686c4fe1f6415efc01f930be5b06b85360c5933b43bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fe022c3-d1e2-40b8-8c55-ee145e558d76.tmp

Filesize
6KB

MD5
e7ed02431a78930e4a1c0b2e044ca6c9

SHA1
a6b988df167327019c5053d63e48cc2d9aee3954

SHA256
88568f9c846d6e45874fd560980d3a104d7605c4c80b379cda0ab83c679c62ab

SHA512
9998aae131bee42e830db097538ed6f934ce118d9f4224ed4bb6b242a2c4a1c7302047ed7ed018e03189cbe93fd1c352125682b2082b3287e520f1a71c9e9dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
92726ff59c683a2ac04b29465f2e565d

SHA1
24059a5ff3b5c8e8a64f7090fda28fe5a50a797b

SHA256
532811fadb7cdee6cbdaff21cb9f96455ffe22da6df7732a37dae4028e67a10b

SHA512
96ac9f709098d72734b23dd9a4e778052918552af60eed1ff6d7956fba9865bd5227c768fc185074ebb3020ad85ba27effe6b8d67cf990f656f8aab70f8980a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
125KB

MD5
c52851a3a5ab9efbd01c57238f4d8ddc

SHA1
5c73fbc91db8316ee5d8eb66747f96932e9e764c

SHA256
c6127beaa9d34a6dcad0ad95500dfbf1c9a3822c4c18d8c544e88a3ac8850e18

SHA512
759a41b4f8a62543195d974f42b27d5f7ab06c2d02ceb4fdd284fa97414d4b4ef33a2a1f5d98a024ba9f170722134942fd4c9963b31138f901669ae239593cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d448dbe1b5f5fddcc50c5535f3421057

SHA1
21c861d539ccb325c24c68814adf56f39232498e

SHA256
eebe638ef37913616297776d952ce33fd2a83aff0c1c0030c427496154c8d6b0

SHA512
f5e795b43e918de719b16063c8f75649e15bb8811d729ba1f1ef09575ba343d22f2e07d612ada355457c00bdbf7d3cec021c5f7b3d17c1b05a5ab5b645be3349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5992e6cd8087772664b2c5dc10a9a1cb

SHA1
c16e978c776aa3958f37b9ee0f9c030257045833

SHA256
0248273f9242da8d6a3c5e03ec1d78340b1874c4bd9485c6ad1845e34369017b

SHA512
31eed2fe06aa37a202d4ec17e42b347f39e74c0ebf6b86eba01d5acb3272aaf364b808e7de5bc7f61d215150eb29717b881310a038b5151a20e6425a51214d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
82b436b342c16ec5eae14aa93938025b

SHA1
88358c03e7777851c5949ef8503273f24e4f7ee0

SHA256
b4417e54219e2af267ad8a147d4ff57d38f9513aea51aa63001d7213f9b31653

SHA512
58a002b39378ebe7b91d245beea79245681b200553a7cceddaed0dd158839ab858102b251f790784b01a1f92a3bb1babd04851982b10329c11e3963dacd13489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a339671917d948ecc2b9343794d71ca1

SHA1
0dda5457dcf03ae0bf8142c1083a41f584386d8f

SHA256
1fb3b488e20b2b13eaf42aa25ea825609754559dbbe2eed0bd924cbb4c5a453b

SHA512
9b9cc6bc93c5e277b36ba897f2e205d9e2ba2dac17fc84f08de734e3b4270bababfb31ffc8b9f71d30c5843668942de9089ed1caf6341236e43c518969a4f28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8375d557dc160f0e021f1e883566d0c5

SHA1
bdd89dfbc940faf32e4a69ae9d0434fdd6865484

SHA256
f404b3835be65a3ccb407d78e8a88608e4c3d32e3896d0c44f8a1e83dca19adb

SHA512
55a485617a17820eb4ec836d28fabc40d45f075f2fc0da232e9080fe7cb929fa9711637b0745bbafb8c8c14c0b5d54f7ac83624f1beca3764739ea7c2194010b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
888d40905f6075c7ab3586574724ad0f

SHA1
f00f0004f2edd3e2c28bd468b7f04b0eb076bd82

SHA256
590b9208fbfe88da109e4de9e40ce9bd5113101333c5530099d79a1ba51ef456

SHA512
ebdac2668b6f0f314831641924890cfe8e9f05c8926879caa52626be14741a275fe414eaf68308d003e874bc4fbc36a21b59d46434fef1412774717d4d203e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ae73055013d94cbe7f752696e7b95d5a

SHA1
d571b6f3233d1f295b56748c8396312e4d6b2079

SHA256
275676b1520f7baee308fa2dcdcb95c417b4dad842381c3c4e0d21a039ebcead

SHA512
2f0b3bad67de8b237fe43a758ba605dd93c93525c1fb30bd3d1c35892705f013446bca0d7a414ce5cf4a6659c317be2bd14ab863d845b75f7d60e146e01f5563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8cba7d4540dff0537d990ff94fc1ff7a

SHA1
fa7035f1bacaaab2b3efefc064d05050c8593379

SHA256
529a3377ba9f2573f9bbda0427e5e0c58b234f8674a6b36a1a14c02f40405eea

SHA512
4d07e11cd388a2c64a7a30c87f80a1ceb600f0445497bf2db83edcfef8a0e734bed6049ffd5e34b9e09bc82003d279601c2e4bc652649c69c2c9f78b2c65e67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
18b3100e4095a7714f43b50d9f81553c

SHA1
741733cc7219a49eceeeed9ff4f8469c906b7a80

SHA256
d2f7a34609b534ed870252ab401093aec753827118bc457ab21a0efeb1f9f088

SHA512
78cdf856cf57dcd940d1e8ed95d1a917c177532fc7e0335b31a9af38a6ad34ad164ea542682c2c40e7fe2299c07048d8d389bf9ac53631de09e6a10fed1e191f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2d76f1ea0448b922a034478f1848db1

SHA1
a248c08ab71afa88fee5cf15eafb2d6b2d27796d

SHA256
10bfe99852dd449a071c72a7c4632794e0f187f8dc778698abcfe727d553dbb7

SHA512
971984038ed07a29f98df1d8419bef809b58aeee35037db8cb416098690176973a493d43d37991efc1d9a172f229f4e62ff1446939c7ae5f096a955fe61ca172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6cdeb1498edce490f08d5cc06fc2b15e

SHA1
92ab7b031129cdd4e591b023c36968073ca8cea3

SHA256
374c0cb977d992573ce86116125f34d4c9336019675d4a342d0929a50780b81c

SHA512
fa0afedef08f8552add0b059b78e6c8a010fa1c156eccaef9e5df4174d2adddd176799a88efa154564597e10f9f53b67760377fb7de07207d652cd405d630ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ce34651e9737e586171430a18cb9c98

SHA1
1ee8eba24b3d957a97edb6b4e68e9da9aa8a5641

SHA256
0187edf22d5200397425e28b1c18f8308fb1b16e000323e1718ee9ba0a955d51

SHA512
cf636588da5fc59bc561a2d29b91cc28c24fb912b9c2267f4a76577e2d7de88d971e2bd59686ea6d12142ba420895c9a81402b9e3a9781ffd3f39c1605f388f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cdd3ae07d75430134100a1985784fdaf

SHA1
66ae3bc634297d77092dec7cd1c9eff8d3531479

SHA256
6bf358df532c1b4f818407284b686d0ec5068168c721e9c9f4474cabdfac6391

SHA512
dccd8b0a88062e1db05797727cd5aae39156a8b2ea58570ee174f55bf30af9ad41dc36e08c1b6da5b4a6cac3eb203ddc012735ccd77d668277dc617cfa87bf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e95dfabc38292e5fd944e5c425d0a9d

SHA1
c2287f76a20b3c0fcae0eb9d3fad25f524c1c98e

SHA256
5bb0512d993a82a2de347277532fe340c615a927d0f2cb08f0d5e3093c27059e

SHA512
fee51e1fb092db77ed1a855d87af825c46e2eb5dce3cab524d2b6eb4c75204efefdbac893dcdbcdcbeeb1f4e66d8e3626146893cd427dc11558c7e52f1a8d559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ecfda7e852dd72361ff60fa6e63bee63

SHA1
f6a9a975fa13969eda99fff2cc8c7472935e344c

SHA256
8d56ac068bb81f4ed3f9c463ee6eee02084223d82f5192e95603184fe8fdd1a6

SHA512
2723257f9291c92638aac584fbebec469032bfb6af29fac02377897a1336a2f834757032a45873397ede8350934670d134ec680a24a167eae33e4d153c78afe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0acaeac8725b636a8f6d1b9a56a8d6a0

SHA1
050b9e15079b5fe05659eac3af2f2f6ea0b44707

SHA256
d3cabc2741d63d56bd00abc57edc03aa682b1426950eac7ef7fd2d110a615d51

SHA512
c96e4b650b1b9a20009a3575ea91684f19f1a07e21649d3f4883d0c0685a6c6f117817a4a36573ba99cc8340c440ac5637c3a5791e49f1e03525b43abbdd63d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
beee40175db4a07401bdc00ed7bd192c

SHA1
9c307624f55cafd4d294af3330a0352fe1c44611

SHA256
2133b2ed208a12aefe7db3b0156237e875f01df97ab9bb40d060413e8d20876c

SHA512
3acff1fece176db22302319dce2f9fbc9ae5d4773d6c4628272b4a0efa4e11716fcfeb2e1a659e0483caea67bb42796aec62f26338e475d51444e43a6cb09329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e8deacbff67b6f9c309d97ae77673a2c

SHA1
5c255f71c7f98457f00be8245e6224b9e1094163

SHA256
630628fe2fcb90395ded162a4db8ac4b18cd4a76307af92d824a84749071a023

SHA512
0e3cc0f283082f43f942eb35259460ccfbb2523253ad8d812b4f3d8ad2d77729212c4e32f4c84b5cb9d3809432fe64b482f4b40753dae45095a37850c2e699ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
001ac6b3db712f8d4759425c060f0edb

SHA1
b0744e645bca4a14b40bab74241e998a09b35edb

SHA256
754178455bbf03104c8d78afc9151792f0256b0fb4319438e63dd936b590583f

SHA512
16791b3c3324c33d144f654bee1fef5f58bbb5ee53c28fc3e749b4f271f2f165b74f69987ba1150a462bcf307ac5d00b4df79b70eadeb081e4533f405d2433d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580eb1.TMP

Filesize
368B

MD5
a9946e73c567409e418395769614e54e

SHA1
4099aca3ca31d178b1bd347bf620ee8bca0cbbc3

SHA256
097adffe4fa7f563f2c72d6279ec598c597c6cbc7f8c05c7c2312416d305fcd4

SHA512
b2967deeca044b1833cfa9c93be02ec28038f217cc0dcc7f8d6d788e2db33b2c1e501e4f9c4d49b7e33710993361ed9fe9718861eeba0fd52238c59efd279ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f769a765138f394530eefeae8b4c5759

SHA1
4eb13587d60a3167d6c4a5d6fbcaf8bfdfb43da9

SHA256
70187938c48dead72547cc73fcad8ac568f3f908d650903c980ed9c5d1281f79

SHA512
9b2de00a6da464cbc9f544c7aff51e372615f8c64c8eff661f1a360e6eed8ee35cf547e114d419cf72b09e2892c4bac600a2704c7bdc2670e58836608657237d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40925087c1c9ee651f4d62038108382e

SHA1
c3be235a715b6235e0f3e8a5406bb6aea835812a

SHA256
1b5694a3b905e07a3f86d53ef5d9c3b6ef9f00e4d437f3be1f8bd51b306259d7

SHA512
80f1231574d6cc905858b08ebf6f01bbb55a09285556f37b68c577e05ea3a1f488c200962aeccabaf4fd7c704b48b37d0d35f07dba1abf808619e253b3780029

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408080734461\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E532F39\setup.exe

Filesize
6.4MB

MD5
241331bede4cd250aeead156de3225c0

SHA1
4e6ebbfda62706203c7f3016d136560854841358

SHA256
b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86

SHA512
9eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408080734448393896.dll

Filesize
5.9MB

MD5
4510a03cd9a85d34ad47ed84097ed4a4

SHA1
a1a761249bbbe8dffcb3fac37ed570c89e130379

SHA256
cafaa2ac106c340ca91acbbd483379cd3c2273d2cb795349db6b07c7272c0433

SHA512
95b4b9de8818e025608f7a77b3281e879bbaed5bbde6cfcbbd4bcb1b6c6cf09706b68061b7264d90c3374c2a0072f91afffc5b617fec12921407c72b63b2be62

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
7377978c63ad74ec67209f6170016632

SHA1
ef3ff7b35055cea7fa872dce689f176c69db9700

SHA256
6683114ac1f06f184c52bdaec84c51164a9890605934636bb52dd10ca70e50b6

SHA512
d10f3e3972a0fda8b730191109a17f17496d1028b8db7aa719787bfbd864e97210fb0234fad17787c07dc302313315a0234f5c190676f8e0e8ea728a85d5e787

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
484cbd98a639b48a47c92fe7736c8201

SHA1
f67a6bffac247ede8ba74fe579921855c165dc08

SHA256
e8c930cb74d8b934461d3f41e84b3765653ca2ad1c1bf0b6c0dbbb3affaf3e0e

SHA512
79155db23f5b5bde6454600576d2d60ac638c90ed7fe2f92069da74fe9725a76a587bd0ecf7af5af550cb06d58d36fcc098070487448355f6727aedcef861dc0

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.1MB

MD5
8228ba7819619bd03e66861eaf498fe8

SHA1
1a09bf773b50afa0bbb999d5f8f1d80545d93bd1

SHA256
10ed666a46496898648146346945c20e09b469e6ce9556c5dd549ed7f0d165d9

SHA512
dcaa8331c413a1ce32f3875cb33ed0907fb540f82fad37e516e87e43c1178b754c8a07b9f69815a1d24316646f5c8794eb781c0b7f768080d6a1c226826ef902

Download Submit