Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-09-2024 14:23
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 17 IoCs
Processes:
OperaGXSetup.exesetup.exesetup.exesetup.exeOperaGXSetup.exesetup.exesetup.exesetup.exeOperaGXSetup.exesetup.exesetup.exesetup.exesetup.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exepid process 5204 OperaGXSetup.exe 880 setup.exe 5724 setup.exe 2180 setup.exe 5864 OperaGXSetup.exe 2024 setup.exe 5404 setup.exe 3904 setup.exe 2616 OperaGXSetup.exe 5184 setup.exe 5144 setup.exe 2020 setup.exe 3476 setup.exe 5312 setup.exe 5164 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 4260 assistant_installer.exe 4916 assistant_installer.exe -
Loads dropped DLL 11 IoCs
Processes:
setup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exepid process 880 setup.exe 5724 setup.exe 2180 setup.exe 2024 setup.exe 5404 setup.exe 3904 setup.exe 5184 setup.exe 5144 setup.exe 2020 setup.exe 3476 setup.exe 5312 setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 8 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
setup.exesetup.exesetup.exesetup.exedescription ioc process File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 17 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
setup.exesetup.exeassistant_installer.exesetup.exesetup.exeassistant_installer.exesetup.exeOperaGXSetup.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeOperaGXSetup.exesetup.exesetup.exesetup.exeOperaGXSetup.exesetup.exesetup.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{E44E1C84-4D2A-47DA-BE6F-F985AE576E42} msedge.exe -
Processes:
setup.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 setup.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 402980.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 3964 msedge.exe 3964 msedge.exe 1240 msedge.exe 1240 msedge.exe 1736 identity_helper.exe 1736 identity_helper.exe 4648 msedge.exe 4648 msedge.exe 6112 msedge.exe 6112 msedge.exe 5424 msedge.exe 5424 msedge.exe 5424 msedge.exe 5424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
Processes:
msedge.exepid process 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
Processes:
msedge.exepid process 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe 1240 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
setup.exepid process 880 setup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1240 wrote to memory of 1788 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 1788 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 2448 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 3964 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 3964 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe PID 1240 wrote to memory of 4240 1240 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pleasebux.com/1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a47182⤵PID:1788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:4240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:3096
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵PID:4724
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:3036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:3772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:2228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:3704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:4816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵PID:712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:3812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1604 /prefetch:82⤵PID:1396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1312 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4648 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:5416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:5436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵PID:5264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:82⤵PID:5764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵PID:5776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7076 /prefetch:82⤵PID:3584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵PID:5360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:12⤵PID:5908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:5948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6112 -
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5204 -
C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:880 -
C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x30c,0x334,0x338,0x310,0x33c,0x748f1b54,0x748f1b60,0x748f1b6c4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5724 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=880 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240904142433" --session-guid=018d8900-54ea-4fc5-8d4c-be9c8f0884ce --server-tracking-blob=NzgxYjYzYmQ4YzgwMWU4MTNiOTA0MjkzMzdlM2FkMjlhNzYzOWY5MzJiNDBkMjU0YjdiNDIzZDVkNmNkZGY5Zjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjU0NTk4NTcuOTU3MyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1hWUl8xMjk3IiwiY29udGVudCI6IjEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEiLCJpZCI6ImZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU5ZDk0NjdlLTg2YWEtNGVhYy05ZjY5LTQzYzhmOTBlYjJlMiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=74090000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:3476 -
C:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS45440738\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x324,0x328,0x32c,0x2fc,0x330,0x71a01b54,0x71a01b60,0x71a01b6c5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5312 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5164 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4260 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x11b4f48,0x11b4f58,0x11b4f645⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4916 -
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5864 -
C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8E685138\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x31c,0x320,0x324,0x2d0,0x328,0x72671b54,0x72671b60,0x72671b6c4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5404 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3904 -
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2616 -
C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe --server-tracking-blob=NDg0NGE4M2ZiOTA5YTA4ZjE1ZmIwMDQ2ZjU0ZTIwZjhkZTkxMWEzNGJiZWIxM2RmYjc1YmRjZWFmZDhjMjExZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfMTI5NyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzEmdXRtX2lkPWZjYzdmN2ZmOTdlNTQ0OGNhZTkwZTcxNzA1MDUxMDE4Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSXzEyOTclMjZ1dG1fY29udGVudCUzRDEyOTdfNTNkNmUxYTJiYzNlNGJjMTkwMjEzMzNjZTg1MzI5NzElMjZ1dG1faWQlM0RmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCUyNmVkaXRpb24lM0RzdGQtMiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9ZmNjN2Y3ZmY5N2U1NDQ4Y2FlOTBlNzE3MDUwNTEwMTgmZGxfdG9rZW49ODA2ODA4MjkiLCJ0aW1lc3RhbXAiOiIxNzI1NDU5ODU3Ljk1NzMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfMTI5NyIsImNvbnRlbnQiOiIxMjk3XzUzZDZlMWEyYmMzZTRiYzE5MDIxMzMzY2U4NTMyOTcxIiwiaWQiOiJmY2M3ZjdmZjk3ZTU0NDhjYWU5MGU3MTcwNTA1MTAxOCIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJlOWQ5NDY3ZS04NmFhLTRlYWMtOWY2OS00M2M4ZjkwZWIyZTIifQ==3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5184 -
C:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS83A3F148\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x324,0x328,0x32c,0x2fc,0x330,0x71a01b54,0x71a01b60,0x71a01b6c4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5144 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2020 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:3740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:12⤵PID:4328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵PID:5896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:12⤵PID:5920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵PID:1072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11951459807487316933,17992239017586813473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1960
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\29340163-1824-455c-9281-83e330a94ca2.tmp
Filesize1KB
MD5eb260534af7776fd9fba04034b13e4bd
SHA13e3eff66c492f6dd8adbb42489459264411c7f75
SHA256ee675c4cad8f9e477c480d6ab0b282633286addce1ee977fd48733cb3c4926bd
SHA51223a09e3ff8155af630ee037195952d90ff6ff70f7c221d56358c70e5618fceabe7c1b84200d569590c72b15a72a66d9d51ca61db9bce12c785042cb0903d2e4b
-
Filesize
66KB
MD5b29fdf571d2c6921dbe7885e194bd831
SHA1c21f90ad83509f9b2b3dbc3589d6bddee6e05aa6
SHA25681b1b4ca1778ff0a6756c0934fd5ef5f5bd5408b5b0906f2b6c1615349443fc6
SHA512246d94fc9cf0a4df093a2b9ca988126d375a0a80415612b81c92b63e32dc74c46502d0e4430cefda263b25bc30616db70b4408f477d2c3523d4e68670646099f
-
Filesize
126KB
MD563319906ae1745894ea0d74deff3cbf8
SHA14ee2150249334c23d6021386d30a7c441b9ced13
SHA25672bc1227c73b341e574bbd741783539bf4e4a2ee7f9d1e142e2bc6707a7e98cb
SHA5120783803646ffa71994944e8ba9660a08ec3be66c7ad6589fee2e16b79805550db15f45097ff58def28aff96b0e74dd5feec75890ea7177fd7fa1aa80921d5f36
-
Filesize
96KB
MD551eb43e0006dd8bff136d7837755236a
SHA19ebbfb2bc59d92a58410e346827c5b648751685b
SHA256002bd760239c407c22525973a0b8e8152c376c002a36d4345eb31ba5d6733d75
SHA51280ebfc107a595d84ef1a6eff9ebc92706614d6c80ca81f6ae591bde16b7ebbd15f4d12e25a09507c4d61f3fc1530a5423c8cea6b7f5e684a3eb34db27206f992
-
Filesize
103KB
MD53dba85126302ae3c69942e2f2f40743b
SHA162e2b606f7a62e1cc75fa772217173da0c1d0f3f
SHA256c1d03f31611f103e342f9a1a1b5e7ee8dc66b00a5a01126028e62acb9a4a6e4a
SHA5120252aa5469a5fac1626f677d5e02eb7a83ecb97c316b551e403c2c3f7e8c137a32014c1866c537955dfcecd341983cea0aeb52db4756c7f1e547466a8f597de8
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
26KB
MD597a3bed6457d042c94c28ed74ec2d887
SHA102ce7a6171fb1261fde13a8c7cbb58992e9d5299
SHA256ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67
SHA5126c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD516d6c024a60ff1c5b53dd12fa18e49ce
SHA1e4714d8d5a891cb1368f45ddadcd2a6d7f7d438c
SHA2565834964811a799fd4ed499f2b6654f8cfcb2fb2227bd58694aa27c97ae35eb69
SHA51269279496c7add7d1e54d3e05cf202d0e8692a9e8d45b3e456600a1e8648d313a7fddd9ea7aee475f32ba2abf8d7311a00c4ebc5f1cca688d1b89fb052abc4c5a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD548bb8594bc4d944b76492d4d63966e80
SHA1cabd6dce130fbb4083583f267ba71f97f3ede4bc
SHA25676a13825baf103ede3f79aee12d693f5ce0bbb3e9764e1dad7d5ce20d2c3bd86
SHA512172f946dbbf58d0676bdcdc772e543d1d7e099ba629f3cfc97e639f2c19a422791540e313335eaa7c117b8135aa3bbaa683dfb3ded91134bfd147646f2857f89
-
Filesize
5KB
MD5964665b8228d6a1872e685b6c45dff08
SHA1606584c269965d7bb533bce323be6d316717498a
SHA256c424dca933dc65c3354ee5394102eea614f2289370fad4497809e9ec16ed11e3
SHA512c3c66c08541f4bc687e13ace6295d41f5ad4610ab9cd2ff82edbadd16e00a4fae7ed7a6e491df6821131def8025aecd0176542b5dc27df094c247c8c69095833
-
Filesize
6KB
MD5b13bb5d833de9dafb31f13c1431ebf81
SHA124599f97f163684a3dec5c0b87a2dbbbe37ff1a1
SHA256dae7689ca116397d34c25c020f8920411720899dac719e71cb3012b2b1be698f
SHA5122583cf0f292a031e9c481a078ae63fb3bcd6db9f6152b0000b9b7ab8b5425208096387318814e1cf34249a6c729a223e6ae037792902d000f85e56be5495df8c
-
Filesize
5KB
MD50262f1b8875a63310122209127977387
SHA11d3e59832699cc65a9b81c4cd4dcd3e780c85ffc
SHA2568bb236a9c1e36a74735f32996601b95770fa074b586869e9ad7f0f34b8c7eec1
SHA512510d1f686a3cd17e9e30a6f0fa615ee10738b526f93ee4995e17605a73521ac57c20acbc1416291f1611394e91220231c0b78b1d118a7c294f987f7b1578c5a0
-
Filesize
6KB
MD5b250cf482e269ea8fa4833171d7049ed
SHA19c118440ef51c96839eccdae7d4d31e90cb73a03
SHA2569ab9817f45d9872a7c52fa2faeac560cd18f0e96c2394dd24182f48896b32c4f
SHA5121e1dfd67b61d5dc3b560235383cb5faef7cb53ddcf862818b170dca87d523b716fc28a0e911cad2745337d7bc54f25a7a5732b2000deb0a4119bb8a4c5b142c4
-
Filesize
8KB
MD58aebeab327801fb6fccdd3898d94796e
SHA1bc212da08fd3941a8c94f85e70638e6a9c3b8bc0
SHA2569ca66bfb12e185ec67db1be7337181551c4303c5e78774272ba9116cbf45f9c9
SHA512e7a763dc5d1f675b7af8deb8e0e7d4bc000b058572370f24a6ebec85ede3844fb48517db56d09bfa85d6ef24db4473b95d0b8e9ae3f5681b2efacae6da67cef2
-
Filesize
9KB
MD52a84abe5321581e2e2f5e14b88ccf499
SHA1e2ff9a1154bd48bfa108b80017c2cfe2bed35539
SHA25606121e21d9ee5e8b28fc3c515bb5543c2cc19d9f584e171c06590e2b3e18d9ee
SHA512ee8ea95037f5068fb30eb5f93c963759d78535bdc501801c18377b2deb4262c9e654d0eac1018ab13f16397eee5f22d8b000857d2c06f76fb5ee18e8b1c50f87
-
Filesize
7KB
MD522ac1d76811774583dffd91418f0de5b
SHA1186891584c1b9bbc019cbd5334ca4f2a864e1bb0
SHA256ab3d3ae7868d3d6bc30d21bbd7afa583b1cf7723dd81eda6ebeab9c1c1f22b28
SHA51222ee93d2a1cfdb03a920788202cebd2391dbac6bf1eb165556404b8b2fc3e1b859ac61696e430333fcacbd97feaeee214eb646722ab2115564986e8cfbf56858
-
Filesize
10KB
MD569d9397d1315d50c50531a91d644f382
SHA1a4bc7663ce66fe9ca1cabf814ae9c40d34d898b7
SHA25657f0095b0f12ea95b4b787ca6cb3607bcdcfd6d6ce4896e363e5e79dd4cd1862
SHA51265c5f6c8a000e812619e778270f1fecffbf13aac804e9c8dce284bdc8a03a60cd07f2a8010f220bfdb90e4954964560ed6a5b80e33d90045646ec650e37f46c5
-
Filesize
872B
MD5250fdb3564c65b4c2f6a9bb6adf55b83
SHA11fd630cdc982ff6d9a5dde8551bfb2c310141cfd
SHA256dcd840eb9e94bf92ebc537c3f6aa4b637c5a5400d935730aede99ed4580fd80b
SHA512e5d7bb050e648b6567e58891359e076fb0b3be676235b5c4a17e6c5be8e96dfca2f11a85804487d1d9d174300faacd21be663a84105bd7e45b496694d1397720
-
Filesize
1KB
MD5b896c243cd41c2ede6f9f498826812f9
SHA13818c29f4cde793f00b9c8d8ec98b6a90bbb9af7
SHA2567170f16603bc554b8ce26e9ab235832a2f44cb83a75e4f081317a436defc1ec7
SHA5124a27a553b24b744b6b674adcd2766c6ce9378f01e474d97f25d4cd9443472dda0075111b396f20c0550bfd126cd78e3593bb41d71442e21d7bcd273d655bb0fc
-
Filesize
2KB
MD5188b723dbc6474c7fcbb1c69df02a15f
SHA1e91fd755ca1ea1a60948a0317c57fc2183db96c8
SHA256e9e4d849bac613a9fa88859f6e1ae798e55886b3d8ea25471140d83c5e775e06
SHA512217340960a0bc09da267bae71e47d9b5a5c9d5114bbf1410923f0b1c5ac43db85f9cf1b1970b69d9c5ece6ab732f105df564302555ba32c77175cfb8ebf70b0b
-
Filesize
1KB
MD5528938c8cc94e4cca1ac4f81384ae908
SHA16e9e3e9c04c81113f86e7b2a546f4604388c8ed3
SHA25693424b872c97de2a51618bf6f55932460794b1ea22be9330495343a246adf166
SHA51207183b6cfd72736035d148ff941de6423f90c5472785d616bb41080499b17d7edc54f011121aa14f4a8c209f2c2721ef9ed101e36dc9c7824fadf9885c42973b
-
Filesize
204B
MD595a3c125dd905c20f8efc0188046e728
SHA144e4d4a0b335d4f8d2d867d3a5d4dc6fa9f889a3
SHA256d513ae9a71f5b1afecadbac073b31d6f85ebb04dbf5ccf61021dec6b88cf0344
SHA512ed62d97e38c3ea614d4cd5e73982ef0c2f8adbe0a5e6ee1f81c5312a95ff5b013bac7fd889044546bd9ecdd64d9e66582e214b6ccce40258d025be4cb25a8c82
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5482efe17d5887e950485fa5a4c64e699
SHA1490ddf00c9128e78a241d717f27b5999b3973ee0
SHA2562038a1733ea94211dbc3ffdb1a6be5472c507b2e21357e98f49bf8a67a590bf3
SHA5120e8c87ed67e6e7c8314b7ccfa6c6e15a0a0de12c2c31fcaabd141d7f777beb2ac7990efc166d6ac0b3851c59fe7f3d045c2b389143a91a123e4cadb0a0075001
-
Filesize
11KB
MD5ba40e060ff4ebef6ddda79d2fb650f05
SHA1dd87f59e42b07c47f0afa28a5c3d42d971b63ed6
SHA256b07c2ea108b5f76183786333cf0dd2612f3b9d2bfd33af69a48a33db8e714f74
SHA5121d80dc267b373cc1eac4a78450acdcd603851243a209c90d1179925097f0d770e3fd60f3dfc4586f38dd9e2eb4b9f44ccb36a53721df3d7f4cc60f845759347c
-
Filesize
11KB
MD5cb9aaa5e28d1b3c9b56cf09cddc62de8
SHA1f1c3941ab5c0216390e58555c21b4e8f4cca377a
SHA25625a5071025cae2d67f93f38baf1f0922cd48fcf30e4c132aac50647bb1112043
SHA512d822ff4d2c00ff439b568d0290f3d72fdb0b7796845079a94c0ddcd3c5f2f43f9838e18f07031294f4f606658f1221f52bc4fd50ee5545cbfd6e12265c47a876
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409041424331\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
Filesize
6.4MB
MD5defd30ea336650cc29c0c79fad6fa6b5
SHA1935d871ed86456c6dd3c83136dc2d1bda5988ff3
SHA256015a13bd912728e463df6807019b1914dffc3e6735830472e3287150a02e13f4
SHA5128c6ebbf398fb44ff2254db5a7a2ffbc8803120fa93fa6b72c356c6e8eca45935ab973fe3c90d52d5a7691365caf5b41fe2702b6c76a61a0726faccc392c40e54
-
Filesize
5.9MB
MD5640ed3115c855d32ee1731c54702eab7
SHA11ac749b52794cbadfec8d9219530e9a79fc9427c
SHA25629b4cabc7a0e9dffbc2395b976749be0aad88357dd3b1d7e0cfc9b0c645421a3
SHA512bebe55fdbb363b78c4a6371304f65b89e03a03cee5a8ebceee1681261d8df64a0de36888ed763c3a607ae2732ab54e2e41edb624f37a7fdf8755c40e6bb96f53
-
Filesize
4B
MD5d5333984775cfd846cadacaa13565e4e
SHA1b700fc571867a9a3a0c3ca4a657375fbfa3949dd
SHA256e350163b0af5a851b5c3f1193c785f90577300d4d3015aa737d57089da982ca5
SHA5126fa7852f92a337a99cd15c74e0b5f382b50f25add41fe292d94448441ce4c4ad06ee0b9819ffb3299774d3712e0aad8cd7a19e783507e83aa585699eb67e08cb
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
40B
MD5566e590128a748eb3a015c18cd845174
SHA166519acbbac5cf9f642306ab23c3a6670d644bbc
SHA256c83e4106915572cafb85cd3f823ffe750469c78cdd293f33ea34bd183870c94f
SHA512698d87323b1674b3608827d94cf605d6e16527c23fcf6fc9928f181783e3b3d4388a0ee05a00504b465562b8f3385e581a87256bb13ec5ce4e6388e26b992d9c
-
Filesize
3.1MB
MD5eb29c619aa8e37aa85970a3947d0813e
SHA12b8e0d3300c5590ef5a0075f6c6f8a649fc29e24
SHA256d708e619d371dcdb961ebfd045402ce5b46457175db9f428c92b21e5f49447dc
SHA512332fd479b5eb98ba106cece02e30bac3b4ba82392906e4824e6f060fcc0e392be9237c4281796b9afb05adab1fa066c0d49195aa214cc0210e326872c02f14e1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e