Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21/10/2024, 13:44
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 216 OperaGXSetup.exe 5748 setup.exe 5812 setup.exe 5232 setup.exe 5988 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 6124 assistant_installer.exe 2360 assistant_installer.exe -
Loads dropped DLL 3 IoCs
pid Process 5748 setup.exe 5812 setup.exe 5232 setup.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 68321.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3192 msedge.exe 3192 msedge.exe 5016 msedge.exe 5016 msedge.exe 880 identity_helper.exe 880 identity_helper.exe 6104 msedge.exe 6104 msedge.exe 6116 msedge.exe 6116 msedge.exe 6116 msedge.exe 6116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5748 setup.exe 5748 setup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5016 wrote to memory of 3908 5016 msedge.exe 85 PID 5016 wrote to memory of 3908 5016 msedge.exe 85 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3092 5016 msedge.exe 86 PID 5016 wrote to memory of 3192 5016 msedge.exe 87 PID 5016 wrote to memory of 3192 5016 msedge.exe 87 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88 PID 5016 wrote to memory of 3952 5016 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://install1check.com/JXNjsy291OskMZJxnYYsax?a=0&u=152869&t=Luna%20Exploit&tracker=9158882463151130554&m=82&f=82&source=10465381⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8568146f8,0x7ff856814708,0x7ff8568147182⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6160 /prefetch:82⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:82⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:216 -
C:\Users\Admin\AppData\Local\Temp\7zS8D0F6758\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8D0F6758\setup.exe --server-tracking-blob=NGM4MjI5MDRjNjhjNGMxYWQ1MTNmMTIzNGNkMDFkNzExNDdkZTNmOTlmZmIyZTMyNTFiNzE0ODk5NTE4M2YyNTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTNiMWVkNDk3MjgzNDQzMDE5Y2IxZGEyMzFmNWQ0MWI0Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfSFZSX09PTSUyNnV0bV9pZCUzRDNiMWVkNDk3MjgzNDQzMDE5Y2IxZGEyMzFmNWQ0MWI0JTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0zYjFlZDQ5NzI4MzQ0MzAxOWNiMWRhMjMxZjVkNDFiNCZkbF90b2tlbj01MjAzODA4NCIsInRpbWVzdGFtcCI6IjE3Mjk1MTgyNzQuNzg0NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTMxIFNhZmFyaS81MzcuMzYgRWRnLzkyLjAuOTAyLjY3IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0hWUl9PT00iLCJpZCI6IjNiMWVkNDk3MjgzNDQzMDE5Y2IxZGEyMzFmNWQ0MWI0IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjEzYTNlYzFjLWIxNTktNDkzYS05NjNhLWQ4MjM4NzFlMzQzNSJ93⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5748 -
C:\Users\Admin\AppData\Local\Temp\7zS8D0F6758\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8D0F6758\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.106 --initial-client-data=0x330,0x334,0x338,0x304,0x33c,0x74488c0c,0x74488c18,0x74488c244⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5812
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5232
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5988
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6124 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x674f48,0x674f58,0x674f645⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2360
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5272134562667285128,16983926890827791022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3612
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD5022faa2d478a5f0c6cb19c444f5a1216
SHA17f4017bb2d958b0c141917641d2ac19e9b18f791
SHA25628aca94d02a26403deb7a9a9796915b15b5abdce4f7098a69f9daf1c28c82663
SHA51271c6eab2d3be11c75d94ca597f19a16b4b1e0b88e6d73358040c05ed78dd59a8c66d0c613f05b0f5d35fd77e2d0cc978f632413a7f601747fb0150a53851cef8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize727B
MD5fc83c6cc73ddedbc674fb4748f59603d
SHA19283643d81711cedbc996df68a004665bd415d1d
SHA256d232303b5cf3ed8da81c94acc686530faea26a45530f8df83d59aef2cee118a4
SHA51230b8ceb4539dc470dc4f768b7e4b663b2abb53161a88953b1debc9f807596106d1427692c58ea36850c44476ff5da82e045b6d12de61738c15658c127a8ecfec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize727B
MD56fbe7c309f088bab420346d9309440be
SHA1f8dfc0b81e9d0a9160d9983d985e07fb541e7775
SHA25652aa0011cf44a125f31ea40b06b3d273b809951acdab93ba3864b5288224fcec
SHA51213c0d815a6b14296f1503092fce0e002c0c091c57e29103b969e30ff5a373de04426f9d32f9383f2f46898d18976192c2c11795284604bd56c4297e653337425
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD59cf2599c72ef51f9cd3e48c57cff1d34
SHA1c33e446da183600cb5da05d3ce407c1d6dcddc01
SHA256e0f6652824a7e710a98a867bc09ea2737f2bcb849829bad7a9bb50ad1e7a5eca
SHA512c434f920d0986c0b121e5687bd3d91e8ca59e4556a4f8ad4afcde34faa7b725e4c16a8f52c31d4edd443f46013bd6b3bb26ea7adf8f6837fe4794a487ff36443
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize404B
MD5de973d4f5749ee02176bb9630c069f17
SHA123beb9650d2858ac29bcc1e344b3f4cc89f4eded
SHA25699c708d9093030e97888212f8273a5c4c8114da11eb09d50490d33d8eb0ff8ca
SHA51235db0195829c0a28ba4cffaad38fa29dfda5387c97d03b54895e6b9b3933f3440cde3438ebec58fdae2c1bccdf209a1b107f6847e49707d4ec6484da529921e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize412B
MD5dc92870c867ad615421594c35cebca19
SHA19de217b199c9cc314eeae332205cd7f4331a533c
SHA25629400dfce2976441789ed5d3f57f7ec59b99f9e3c39e6907b2bea621a6faf34a
SHA5128db72c35f3f25607395f8d629989ac0df3f07492b3963b2283f2ede4b7c3963d21720f815c64b3ac70d221e5091b35a2091f482bc1f19c89be809f81807202fe
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
129KB
MD58a8cca11f0ef931a3dbb802565b1ed7a
SHA1c560fbecf74f4f18f77b8b80b3590c2f000d41e0
SHA256adf4d88a345de5ba03bf74fd931a95732359384fe851a90c4fcf84d5da532963
SHA51286fbea249eb8cff3f2c68ec68a60edb823575d800a49df6dfe8082589c8a069551f2d5a2f3c8bba0f8c26bcf63bbedb629958eb099599e20c87f9fd7a4b842f6
-
Filesize
99KB
MD52d9629acd72d8a9aa86d262ff9865232
SHA1f6bc44c0ef5a4ef1c6811886dfad0cc30224572c
SHA256a77da1283cdf4b3d706dfc63e8fe7b6a75102e8bc4f9c035a0c876bf8ee09a12
SHA5128a121fabd571014e891f1f3bf8d2ef7a660590d0c0112d2f64db430c0ad38b0d8fa0a42996e73a4ba6d46485848bc31443d47b247abefb4c67691eb963e8897c
-
Filesize
107KB
MD5b4227161d49ca8a2a64859930512d72e
SHA1e11bc24a2cc36bf4e5d5953f3ddceb153ff17220
SHA256618ada4f200a3d739ef6a94af082df7a190ba32eea3aadeadb4f79f5ff9cf5fa
SHA51240936dc7aed4ab285ff274ed9906e3cf39b14f2fccd614c98423a0a4ed4807fa8a036f91861e9bac1e55714b1eae7c6c073b7f730fbbe114bea2454a95aefc32
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5d7a0dd30607fed640feed41fe5f1a2a5
SHA16428f8524490e30e486cb27b38378549c14bdd54
SHA256fc8416a0ce15389eca0ce848ffba517e77cb5a45bc00d120cd538f576e91b87a
SHA51221ae4a340f8a2ad9d5524c4d9191e7b06386eb094e71601f3c44de5444030c02cfa2740c3d38ba035393ea5507f4eb35809c225302c12ce5a3b0e38554cff60c
-
Filesize
5KB
MD5819d9ce11e25a1c71d703425428c5a8d
SHA1a23e6ad7adece682e2777c1eb643b7961aa8c4c6
SHA25628064672ef7c902f02a341da280c03cfefbb6a20a4b0c0ae0b4266cd54115fdb
SHA5121bf86edea9ccf4eaef72634c17ac6c74d4d09a7cc074297f2144c167df654fa5bb4240feaee1b5949d3f441327b19844278c9f8be56b5a7e2e90f7ccd5a3e69c
-
Filesize
5KB
MD5edd9f3fd0df98699198e6f54442cfb56
SHA1ebc9ea0659d33845bbd10f778ca0137b5adac39f
SHA256fb74b0c0c5ce63196793f6adffa53633688f26a05afa63b60f06d4c3b038d624
SHA512a3536a1197d8b943c8da3a16eada11c8e149db3cd198adbd519e6e70a5585262935fdf421266c41bd07e6a42b6ed0817e5ded82c5d5e201da46ea7d6b7f7d19b
-
Filesize
5KB
MD5f0d88e9ada6b2ee3ba747edcbd4cbb09
SHA1c568b317ba1b2ff4b5b867d737ebe262f5d8d575
SHA256216fa4adba718ef8e0d914386a6f30f7aef3e5aec456a19d6e037357384a7d7d
SHA51293653387cddfcb373a8af8d67cb625373fa05e481237218673c79f10a83cfccaff93abb4a677027d4fefda6f0d7b261431e88849353779252211153f517f281a
-
Filesize
6KB
MD50df408bf1fbbdb5dc520989c140d4a86
SHA18babed69a566b53f79f970d5b881516de7b6b011
SHA25610b3e57f332eec577d698cbc790a092cf91e66c1db32dba5afb721ca1b77d0ff
SHA512f15963779a93be31ade0392fe2598415f70ca8038dc3bd42cfc1b40201f127c2a6528298aa43c5e22257703c2b9dcf143c816ee219662dc92a9c351d0c2e87fc
-
Filesize
9KB
MD591f71401c8e94601b119fe433e9dff3c
SHA1f7e32b60b6ee012dc5d4a067628e9ad8ff842bd0
SHA256fc5ab1b91b1b26735dbdd406a30076da07fa320d0e1b28d8827f42b20beaa7c3
SHA51213f2d770ab0b8f2ab5476bed0e228273fd344c0a422dff2e6a888f858e322480716d1e2dfa4d352eb2a89858f71ebcb9d928554a253f531ca72d0747e9a9fbca
-
Filesize
7KB
MD5484ab41a152a440d3321a97729802fee
SHA15ee690745b8a321332b2436d2bc2a1f3695fdb7e
SHA256fdb720465e97bbe8a599f6aac30b04259eb923e800db10eea68c0d935dd91f8f
SHA512e2235d1bdb35c79f6911a2563dea1987e5590eaaa25a221c2504b3b727c0bc86c9b0b06716a33b67e1184e1c03f27bd2f6b40dbfde9f058933ad3c4e4237580f
-
Filesize
8KB
MD5aff975c774119caba47205e8e3a162a3
SHA1e127c47f88a658383504fa2f52caaa75e6548a14
SHA256716fd1658af9f920eac6b9213095dcfde72408602475f1af0121e34cc5d869d0
SHA5129914b3d7169474146e34ed6dd5870b992b6d418107ed30cd4fb3c1520190846039df88601656253f3135cd3b397c2a63799bb3319a0db9817c131fef5aa51661
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD517b03a8b817a4ee2192ffece3986cd8a
SHA15da6bfe7530a21ddd6011a88ae7076a461304d18
SHA2564111f3cff467542fdb5d795cdf7598fb9db153ac543ea14b4c89d761acaeaffe
SHA512cf01805175316d0d033f2bd4c593fdb3fa267be8a39122519d2c467318a19ecbc756237bdad04174567e84066b5afbaf315478aae8364beddcb9904a18a8536d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5880e3.TMP
Filesize48B
MD5cc552895ea95cc11d73506e06d1e7c15
SHA1897731f1b7b9fe132e624c102b04f2acc082e9fd
SHA2561bf0300460933096413dacef3cf9b7b3162579f1698005390ae1dec8b8366149
SHA512003bf03a87e8bf90d12c9068ec0349ff901d731b0a1e15112b3ba48c23a694b66f77e5649d166c5b2cefb6cee681942d87a390fd15df1e01f51ea1845fb4dedc
-
Filesize
1KB
MD50c9680b94b1abdf0450654fe337706d2
SHA18dbc61a61645e53f2adb7f4753ab20bdb057dc41
SHA2568fa816c6d01818d1f22c9b3e22315a83c950c4b6baa0222f66129e3faf7652d8
SHA512899b22bbfe1e61e918bd816e58c2604a40949d11118ba26d7f0423940c004632401b12f51e8e5f91db97aa39720572390c079d6ab73dbbef9888d37c16ddee37
-
Filesize
2KB
MD5b97493b6f93ecb20f7a574e4fd6c02d4
SHA12d4f8d0b4f36c276a03a51fc1c41b0feb3299f2a
SHA25680b057d4f50aa2bda1d63262598511927a1d55e3872f0c089ba83036d3f2ce99
SHA51283be564eef68a8b3a0f7c4a63cdbb245b201e6c42160c1d3b0323d1a31d2fe9a795627e3967419b7e07be85733e8de1628d57f52ce32b9293890726f724c03b6
-
Filesize
2KB
MD5a08fef20f5621fc52d5f65307f6bd022
SHA1a0fd381c1d8b7b6ea2596375730df9c12699a4be
SHA2560dd12099bb950b2b01539da06ac837e79c9536918eb74683d68cc257e138a6cc
SHA512adb5b13108058e0c1b9b6e03ce8235fbcddf8cf1f759140cb34dbacbfbcf5967bb97cd5db926158561ca9efb909cf325e3799d00098c8d628f2ddfa365647607
-
Filesize
2KB
MD50d42818acc51e19c4bd8bd2a9851a747
SHA1c865e0ba92153d003556e070deaaa24710ac1bb5
SHA25619859144b1c9f3a7a841532154fd6733ed06822816b7bfe674f880dd76a024c4
SHA5124be5406afbfbdac1c84d5cc0c39e1092804bb6503c9b673ce179acca25313ccff9571ad0b840a5e5e277dc3a130f765ca526f3c69209eca2c5ffddf55df828c0
-
Filesize
1KB
MD5c4aceffbfaa78d6b90b0fd9659d9d4db
SHA1187a81f168fed566ea5236b96500e1de68109a0e
SHA256e68e06c88b89d72b82d9949d7620fc1c48458277adf6db79596833ba81e9812e
SHA51263f3e944f5b94e6039e91285fc208985b07a339622912c886d9682a0388fec7669796b2d4b651b1a43b7adaaa9ad91c7926cd9a654f58f135067f05c675bef60
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56b3cb0cd2c2392de653bed4a647622c0
SHA125398f00dfd1954aa768513f555d123ae9dd1d10
SHA256243dcdd13b9fec7fd7d2868ac14cca726d3e4a609d89a78083709f9a7036b9ec
SHA5124869c7d19474e61a5f559c3ab615ee8e3f0bea34764bb6daaf17ce3ed472ff120b5317e6017b450d644e403d4b08f4416c18c4f63d4b083812b06a7e0f3d7b99
-
Filesize
11KB
MD508e07cf85b70839ca5f3c98399df3a47
SHA17c5a447d22a90c585c038913b102690ee2054480
SHA256c5c9b3873596f1b904bfb606d98d1941a963f390f7d5200a7078074aa4ed4933
SHA51248874ad091300aa072dc033ee4109bf8a271551459c74a44d9c244a707eaef77957b9d525e9345beef560d95476299000d98022349d1519b037a67c8d3f3b727
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410211344521\assistant\assistant_installer.exe
Filesize1.8MB
MD54c8fbed0044da34ad25f781c3d117a66
SHA18dd93340e3d09de993c3bc12db82680a8e69d653
SHA256afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481
-
Filesize
6.5MB
MD569b8dccaa86523ed05aec86791ea468c
SHA1dc901fd4500de4a67f9763609589ba1b00e5ac0d
SHA2564121e26db0d80dc28a96eeb582da7af17e1b6e8e37c47cdda81627821c94c94c
SHA512a5a80f3405650844fefde8f9707a4785f67b8658b54011933d991b5e2c7bd43a21636f2dc410b7aa575695473362b5e10ffbe80b092820635a0f6b9998f45a1c
-
Filesize
6.0MB
MD58e8ba6038570d595f2ffb93f8e1dbe38
SHA169d5a900963baf10920fa6b7096550a7c456b23a
SHA256c4dc15ff2a514e5e2d6abebd4e69d8395ce8eed9e0a3f63837a17ea55864c8eb
SHA512cf587bdfa604a1ad6a2c13fad30e07b5310a35a535e4181ff940c7adc95235c5b330972d16405bfa32407884aac61117e0a41d88813aae520de7e093ee5eed9e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5d03282908487eada836bf5cc6e217413
SHA16d4a5c33f2c35f574d634b56d16efa34fd5cef47
SHA2562458f71cefcf950800ea15df25c99690de6aed8477810d5af5a3323cf6910415
SHA512e9ca168679fb71c314bfa7a1f6033a2af441838168335a93c8757be9c9b2f7da3bc1dd3fb81b1696d0fa867e94c69f43d69ed9d4752ea8b969effa06de389763
-
Filesize
40B
MD5e27d22fee2f33f6d5a273da00843a137
SHA1aee4f0068a4cccf82b9b62c35ecdc4d62a0a0bfd
SHA2563eb9475290803ed0e6c461bb6f8053ce5bac9ece1390bff64a72a1788b24b58d
SHA5129743403b3794d5640059a58815ef7c0bfa302ce8c11a78c32cdcadd96a0ca1643867254a4e99eecb7404b529b4088354922dfa818ac353c51951def197930391
-
Filesize
3.2MB
MD5bcdb505f70b70b840f357ce10892ffc2
SHA1ee8f8116d99f1f6284d2b4ef99b1633c83b586ea
SHA256d37414ab947f73407c3fd5ae1370da9df680673ceba545398452dee38bb6fdd4
SHA512753fb2ec33410c7210e213d28c0992ba27cf4c1128e8b58b2b5938a1bac5b8a5bb1569188338f1b2f3f16d5f9bbf6cdbe7d4e23075c6366b56efb5ba1d0cd85f