Malware Analysis Report

2025-03-15 04:35

Sample ID 241027-11lzwavajj
Target OperaGXSetup.exe
SHA256 65dbe0108727614fc1b82475e8fa0c171added385b1ec831e9cdc0c4af9d741a
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

65dbe0108727614fc1b82475e8fa0c171added385b1ec831e9cdc0c4af9d741a

Threat Level: Shows suspicious behavior

The file OperaGXSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Enumerates connected drives

System Location Discovery: System Language Discovery

Unsigned PE

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 22:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 22:07

Reported

2024-10-27 22:11

Platform

win11-20241007-en

Max time kernel

218s

Max time network

205s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4980 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 4980 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 4980 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 928 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 928 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 928 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 240 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 240 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 240 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe
PID 928 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 928 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 928 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 928 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe
PID 928 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe
PID 928 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe
PID 1844 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe
PID 1844 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe
PID 1844 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe

"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe --server-tracking-blob=MjAxZjA1YjliYzBhMTE2Nzg3Y2MwYmJkNGQxMWYxZDcxNTFhYTlmMmNkNWQ0NDFmMTI3YWZjNjkyZWM4NDQ5YTp7ImNvdW50cnkiOiJQUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT15dCZ1dG1fbWVkaXVtPXl0X2luZmx1ZW5jZXJzJnV0bV9jYW1wYWlnbj1jNTlfeXRfZ3hfdXNfUEFDS0dPRDUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRnBhY2tnb2QlM0Z1dG1fc291cmNlJTNEeXQlMjZ1dG1fbWVkaXVtJTNEeXRfaW5mbHVlbmNlcnMlMjZ1dG1fY2FtcGFpZ24lM0RjNTlfeXRfZ3hfdXNfUEFDS0dPRDUlMjZzaG9ydGxpbmslM0R1NDA0aTlkdyUyNmMlM0RQQUNLR09ENSUyNnBpZCUzRHl0JTI2YWZfeHAlM0RjdXN0b20lMjZzb3VyY2VfY2FsbGVyJTNEdWkmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZwYWNrZ29kJmRsX3Rva2VuPTU2OTk5NDA0IiwidGltZXN0YW1wIjoiMTcyNTEwMTI0NC4yMzE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOC4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMjguMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjNTlfeXRfZ3hfdXNfUEFDS0dPRDUiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9wYWNrZ29kIiwibWVkaXVtIjoieXRfaW5mbHVlbmNlcnMiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoieXQifSwidXVpZCI6ImNlNDM1MTgzLTgzOGYtNGFiZi1iZDU1LTY5NzFkMmMxMzI5NiJ9

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x34c,0x350,0x354,0x328,0x358,0x74c11b54,0x74c11b60,0x74c11b6c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=928 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027220728" --session-guid=c7182d7e-c0c2-4b52-98ea-66d6cff426eb --server-tracking-blob=NGQ1MzJjNDE3ODA4Njk0OTJmZWEwMjQ2YzAxYmY5ZjJkN2YzODUwOGRjNDgzMzIzZWVhNjdiN2FlODNmOWE0NDp7ImNvdW50cnkiOiJQUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT15dCZ1dG1fbWVkaXVtPXl0X2luZmx1ZW5jZXJzJnV0bV9jYW1wYWlnbj1jNTlfeXRfZ3hfdXNfUEFDS0dPRDUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRnBhY2tnb2QlM0Z1dG1fc291cmNlJTNEeXQlMjZ1dG1fbWVkaXVtJTNEeXRfaW5mbHVlbmNlcnMlMjZ1dG1fY2FtcGFpZ24lM0RjNTlfeXRfZ3hfdXNfUEFDS0dPRDUlMjZzaG9ydGxpbmslM0R1NDA0aTlkdyUyNmMlM0RQQUNLR09ENSUyNnBpZCUzRHl0JTI2YWZfeHAlM0RjdXN0b20lMjZzb3VyY2VfY2FsbGVyJTNEdWkmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZwYWNrZ29kJmRsX3Rva2VuPTU2OTk5NDA0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzI1MTAxMjQ0LjIzMTUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI4LjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEyOC4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6ImM1OV95dF9neF91c19QQUNLR09ENSIsImxhc3RwYWdlIjoib3BlcmEuY29tL3BhY2tnb2QiLCJtZWRpdW0iOiJ5dF9pbmZsdWVuY2VycyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJ5dCJ9LCJ1dWlkIjoiY2U0MzUxODMtODM4Zi00YWJmLWJkNTUtNjk3MWQyYzEzMjk2In0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=F408000000000000

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x72641b54,0x72641b60,0x72641b6c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xd94f48,0xd94f58,0xd94f64

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

Network

Country Destination Domain Proto
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
NL 185.26.182.106:443 features.opera-api2.com tcp
US 104.18.25.17:443 api.config.opr.gg tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
NL 185.26.182.117:443 download.opera.com tcp
GB 2.18.27.87:443 download3.operacdn.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 104.18.10.89:443 download5.operacdn.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS4731AF87\setup.exe

MD5 b4da1657d31832c9965d54c5037a3402
SHA1 c312863d621b0b5ec9ec930b1db73de3c95f7141
SHA256 563fcd4ca2678ddb6c1366c92aa4daa410d7eba73d68d9336fb967f732770c8d
SHA512 643d2ec57767443e0efcc580a0e5abe062375f34b936daa22aa24e20d837b84854de18f636dc0ca5d100b4309a456746d733a65f8d1ccb173fe590ab5bf99007

C:\Users\Admin\AppData\Local\Temp\Opera_installer_241027220726335928.dll

MD5 e730bd98eb4754f9c0abd490461fbf1d
SHA1 783ea46e2b4d9e48feda3f9839bfbff40d8cf3ae
SHA256 0129372834853db0b565c20cceb3781a021fd7893d44d045f2ae671477a6a92a
SHA512 579cd23108d9cec9ff29447f89b770ee9308b261968242bf8046a3e4ca01704a2cd40072b6814b18d5e0eaa413033eb369c7a65146b3126be14899b73f634167

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 069c37bf9e39b121efb7a28ece933aee
SHA1 eaef2e55b66e543a14a6780c23bb83fe60f2f04d
SHA256 485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8
SHA512 f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 22cb74efa152554eb18951106f0b7063
SHA1 a138b8d929f4ef09d641419dfe0f5ce65b51fb10
SHA256 8bc85cf575c8d70eaadf5627c282f4f0414c7d8391f2df3dd7e8f60a2cbfc7aa
SHA512 1de9df60bfb1381bb57429e765fdedf67880153ce8d1aa759d96e68b9b729666599ec5afc04d16f78f1e1858e2fdefae17d29fea9a6d13d6d299385ac71d2a6b

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410272207281\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 42018fcfbfd75e28aa27d120ce3b9e11
SHA1 31db939b08703b8d5dac8a548c19dc93cf3bad62
SHA256 d9f645bf3ef19d29e11723e5a553cdb9a2740c4f3c585745f24c919fb12c42b4
SHA512 4eb57370d6d585bfe43505e74c0ffb89f350f208d94fb2a40e831d48408d481625bfe2eb2f9e21dce55510db9b56d887a7c6d8ac032ffef66f428d79fb6f1249

memory/2400-130-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-129-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-128-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-140-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-139-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-138-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-137-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-136-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-135-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp

memory/2400-134-0x0000024E6AE60000-0x0000024E6AE61000-memory.dmp